Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible virus/trojan with pop up window (referred by Win 7 forum)


  • This topic is locked This topic is locked
7 replies to this topic

#1 DanT

DanT

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arkansas, USA
  • Local time:10:26 PM

Posted 16 May 2016 - 04:32 AM

I am referred here by the Win 7 due to a problem with what appeared to be an intermittent process affecting foreground activities.

 

http://www.bleepingcomputer.com/forums/t/613360/intermittent-process-affecting-foreground-activity/?p=3995645

 

The original problem was an intermittent window that would pop up for a very short period of time (1/10th second) and when this happened, any foreground activity could be affected.  For example when entering text into a form or document, the inset point would jump back to the beginning of a line,  Or when dragging an object with the cursor, the object would be moved to the top right corner of the window.  This problem has been occurring for at least the last three months, though it could be more.

 

After days of running various diagnostic and cleaning software, the Win 7 forum suggested that I create a topic here.

 

FRST64.exe results:

 

****************************  Please note that Microsoft Security Essentials identifies FRST64.exe as malware and immediately deletes it.

 

FRST.txt
__________________________________________________________________
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-05-2016
Ran by Dan (administrator) on DAN-PC (15-05-2016 15:55:17)
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(ASCOMP Software GmbH) C:\Program Files (x86)\ASCOMP Software\BackUp Maker\bkmaker.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LaCrosse Technology) C:\Program Files (x86)\HeavyWeatherWV5\HeavyWeatherService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(South Wind Technologies) C:\Program Files (x86)\Earth Alerts\EarthAlerts.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
() C:\ProgramData\BOINC\projects\universeathome.pl_universe\universe-BHspin_9_windows_x86_64.exe
() C:\Users\Dan\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.74\opera.exe
(Farbar) C:\Users\Dan\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1432144 2006-10-16] (CANON INC.)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69416 2015-12-17] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8746792 2015-12-17] (Space Sciences Laboratory)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKU\S-1-5-21-862630213-549735516-2894384127-1000\...\Run: [EarthAlerts] => C:\Program Files (x86)\Earth Alerts\EarthAlerts.exe [3477504 2015-06-19] (South Wind Technologies)
HKU\S-1-5-21-862630213-549735516-2894384127-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [10571776 2016-01-27] (SecureMix LLC)
HKU\S-1-5-21-862630213-549735516-2894384127-1000\...\MountPoints2: {1e5a6277-8abf-11e4-9db2-806e6f6e6963} - F:\StartLearning.exe
HKU\S-1-5-21-862630213-549735516-2894384127-1000\...\MountPoints2: {1e5a628f-8abf-11e4-9db2-806e6f6e6963} - J:\HPLauncher.exe
HKU\S-1-5-21-862630213-549735516-2894384127-1000\...\MountPoints2: {e1466e49-e7cf-11e5-ab34-001fc66f035e} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-862630213-549735516-2894384127-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\boinc.scr [1159464 2015-12-17] (Space Sciences Laboratory)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll [2015-01-13] (SmartSoft Ltd.)
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl [2013-08-29] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-02-02]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk [2016-01-03]
ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Dan\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-05-15]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2014-06-06] (National Instruments Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2014-06-06] (National Instruments Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{087BDA6F-3B4A-414C-9A34-7007880AA9C3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BD1569DB-5B42-439B-8565-075D45DB897F}: [NameServer] 8.26.56.26,8.20.247.20
Tcpip\..\Interfaces\{CBE98043-CB97-4C3E-9C24-C2A4F30AF9B2}: [NameServer] 8.26.56.26,8.20.247.20
Tcpip\..\Interfaces\{CBE98043-CB97-4C3E-9C24-C2A4F30AF9B2}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-862630213-549735516-2894384127-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://pcpitstop.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-22] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-02-02] (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-22] (Oracle Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-04-08] (Intel Security)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-02-02] (LastPass)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-02-02] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-02-02] (LastPass)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-04-08] (Intel Security)
IE Session Restore: HKU\S-1-5-21-862630213-549735516-2894384127-1000 -> is enabled.
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://pcpitstop.com/nirvana/controls/pcmatic.cab
DPF: HKLM-x32 {9732FB42-C321-11D1-836F-00A0C993F125} hxxp://pcpitstop.com/mhLbl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} hxxp://utilities.pcpitstop.com/PCMagnum/controls/PCPitstop2.dll
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7oaydouw.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-19] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-22] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-02-02] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-19] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2015-02-02] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-10-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-10-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win32.dll [2014-05-13] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2013win32.dll [2014-08-28] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2014win32.dll [2015-01-25] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-02-26] (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7oaydouw.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-10]
FF Extension: LastPass - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7oaydouw.default\extensions\support@lastpass.com [2016-03-09]
FF Extension: RightToClick - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7oaydouw.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2016-04-05]
FF Extension: YouTube™ Flash® Player - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7oaydouw.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2016-01-27]
FF Extension: Free Memory - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7oaydouw.default\Extensions\jid1-n85lxPv1NAWVTQ@jetpack.xpi [2016-04-28]
FF Extension: AdBlock for Firefox - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7oaydouw.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2014-12-29] [not signed]
FF Extension: Tab Groups - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7oaydouw.default\Extensions\tabgroups@quicksaver.xpi [2016-01-14]
FF Extension: Video WithOut Flash - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7oaydouw.default\Extensions\vwof@drev.com.xpi [2015-10-03]
FF Extension: FireFTP - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7oaydouw.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-12-05]
FF Extension: web_clipper - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7oaydouw.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2016-04-27]
FF Extension: Google Translator for Firefox - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\uytozb8v.dev-edition-default\Extensions\translator@zoli.bod.xpi [2015-11-16]
FF Extension: FireFTP - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\uytozb8v.dev-edition-default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-11-16]
 
Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S4 Apache2.4; c:\Apache24\bin\httpd.exe [29184 2015-07-28] (Apache Software Foundation) [File not signed]
S4 BackupService; C:\Users\Dan\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
S4 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2291192 2016-02-28] (Comodo)
S4 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
S4 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2289656 2016-03-07] (Comodo)
S4 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-05] () [File not signed] <==== ATTENTION
S4 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [244392 2015-06-02] (Foxit Software Inc.)
S4 GenieTimelineService; C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe [673856 2014-06-18] (Genie9)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [8915968 2016-01-27] (SecureMix LLC)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S4 IceDragonUpdater; C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe [1985688 2016-03-09] ()
S4 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel® Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-03-29] (Microsoft Corporation)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
S4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2014-12-02] (National Instruments, Inc.)
S4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53032 2014-06-09] (National Instruments Corporation)
S4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63280 2014-06-09] (National Instruments Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [69964448 2015-04-03] (Microsoft Corporation)
S4 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [84792 2015-01-09] (National Instruments Corporation)
S4 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-06-01] (NETGEAR)
S4 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57184 2014-11-21] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [80736 2014-11-21] (National Instruments Corporation)
S4 niauth; C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [569152 2014-10-23] (National Instruments Corporation)
S4 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [394544 2014-06-09] (National Instruments Corporation)
S4 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
S4 niLXIDiscovery; C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [383352 2014-06-13] (National Instruments Corporation)
S4 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [320368 2014-06-06] (National Instruments Corporation)
S4 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [177536 2014-06-19] (National Instruments Corporation)
S4 nipxirmu; C:\Windows\SysWOW64\nipxism.exe [20816 2014-01-09] (National Instruments Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S4 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [89928 2014-06-06] (National Instruments Corporation)
S4 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57168 2014-11-21] (National Instruments Corporation)
S4 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [692040 2014-06-10] (National Instruments Corporation)
S4 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [86016 2010-09-13] (PC Pitstop LLC) [File not signed]
S4 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3446224 2015-02-23] (Paramount Software UK Ltd)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441512 2015-04-03] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [137216 2016-03-29] (Microsoft Corporation) [File not signed]
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [868592 2016-03-31] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-03-31] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-03-31] (McAfee, Inc.)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
R2 WV5Communication; C:\Program Files (x86)\HeavyWeatherWV5\HeavyWeatherService.exe [1854464 2011-04-19] (LaCrosse Technology) [File not signed]
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 fwlanusb6_860; C:\Windows\System32\DRIVERS\fwlanusb6_860.sys [2274336 2015-07-20] (AVM GmbH)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-07-26] (Glarysoft Ltd)
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33248 2015-05-28] (SecureMix LLC)
R3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1485824 2009-02-13] (Conexant Systems, Inc.)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2014-11-18] (Intel  Corporation)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36944 2014-03-04] (IObit)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
S3 ni1045k; C:\Windows\system32\drivers\ni1045kl.sys [12984 2014-05-16] (National Instruments Corporation)
S3 ni1065k; C:\Windows\system32\drivers\ni1065k.sys [30032 2014-05-16] (National Instruments Corporation)
S3 nidimk; C:\Windows\system32\drivers\nidimkl.sys [15200 2014-03-13] (National Instruments Corporation)
S3 nimdbgk; C:\Windows\system32\drivers\nimdbgkl.sys [15200 2014-03-13] (National Instruments Corporation)
S3 nimxdfk; C:\Windows\system32\drivers\nimxdfkl.sys [15184 2014-03-13] (National Instruments Corporation)
S3 niorbk; C:\Windows\system32\drivers\niorbkl.sys [15184 2014-03-12] (National Instruments Corporation)
S3 nipalfwedl; C:\Windows\System32\drivers\nipalfwedl.sys [15232 2014-06-05] (National Instruments Corporation)
R0 NIPALK; C:\Windows\System32\drivers\nipalk.sys [773464 2014-06-05] (National Instruments Corporation)
S3 nipalusbedl; C:\Windows\System32\drivers\nipalusbedl.sys [15224 2014-06-05] (National Instruments Corporation)
R0 nipbcfk; C:\Windows\System32\drivers\nipbcfk.sys [19288 2014-02-28] (National Instruments Corporation)
R0 nipxibaf; C:\Windows\System32\drivers\nipxibaf.sys [89992 2014-06-12] (National Instruments Corporation)
R0 nipxibrc; C:\Windows\System32\drivers\nipxibrc.sys [73112 2015-05-18] (National Instruments Corporation)
S3 nipxifpk; C:\Windows\system32\drivers\nipxifpk.sys [37272 2013-09-10] (National Instruments Corporation)
S3 nipxigpk; C:\Windows\system32\drivers\nipxigpk.sys [22680 2011-08-09] (National Instruments Corporation)
R2 nipxirmk; C:\Windows\system32\drivers\nipxirmkl.sys [15184 2014-01-09] (National Instruments Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 NiViPciK; C:\Windows\System32\drivers\NiViPciKl.sys [15200 2014-06-13] (National Instruments Corporation)
R2 NiViPxiK; C:\Windows\System32\drivers\NiViPxiKl.sys [15200 2014-06-13] (National Instruments Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2015-09-04] (CACE Technologies, Inc.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1528976 2015-12-05] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 SpotUsb; C:\Windows\System32\DRIVERS\MFUSB_Netduino.sys [34912 2012-04-11] (Microsoft Corporation)
S3 TRLNDISMON; C:\Windows\System32\DRIVERS\TRLNDISMON.sys [31392 2015-03-18] (Tarlogic)
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [194976 2015-11-10] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125008 2015-11-10] (Oracle Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-05-21] (VMware, Inc.)
S3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
S3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [223744 2013-03-19] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-03-19] (VIA Technologies, Inc.)
S3 cpuz138; \??\C:\Users\Dan\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-15 15:55 - 2016-05-15 15:55 - 00033903 _____ C:\Users\Dan\Desktop\FRST.txt
2016-05-15 15:54 - 2016-05-15 15:55 - 00000000 ____D C:\FRST
2016-05-15 15:54 - 2016-05-15 15:53 - 02382336 _____ (Farbar) C:\Users\Dan\Desktop\FRST64 (1).exe
2016-05-15 12:14 - 2016-05-15 12:14 - 00051444 _____ C:\Users\Dan\Desktop\ESET-Threats.txt
2016-05-13 14:53 - 2016-05-13 14:53 - 00001999 _____ C:\Users\Dan\Desktop\AdwCleaner[C2].txt
2016-05-13 14:53 - 2016-05-13 14:53 - 00000000 ____D C:\Program Files (x86)\ESET
2016-05-13 14:44 - 2016-05-13 14:44 - 00001062 _____ C:\Users\Dan\Desktop\MalWareBytesLog.txt
2016-05-13 12:29 - 2016-05-13 12:33 - 00794908 _____ C:\TDSSKiller.3.1.0.9_13.05.2016_12.29.06_log.txt
2016-05-13 12:22 - 2016-05-13 12:24 - 00010556 _____ C:\TDSSKiller.3.1.0.9_13.05.2016_12.22.38_log.txt
2016-05-13 12:20 - 2016-05-13 12:21 - 00003458 _____ C:\Users\Dan\Desktop\Rkill.txt
2016-05-13 12:18 - 2016-05-13 12:17 - 02870984 _____ (ESET) C:\Users\Dan\Desktop\esetsmartinstaller_enu.exe
2016-05-13 12:18 - 2016-05-13 12:16 - 03640384 _____ C:\Users\Dan\Desktop\AdwCleaner (1).exe
2016-05-13 12:15 - 2016-05-13 12:15 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Dan\Desktop\tdsskiller (1).exe
2016-05-13 12:15 - 2016-05-13 12:13 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dan\Desktop\rkill (1).com
2016-05-10 17:59 - 2016-04-23 12:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-10 17:59 - 2016-04-23 11:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-10 17:59 - 2016-04-23 00:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-10 17:59 - 2016-04-23 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-10 17:59 - 2016-04-23 00:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-10 17:59 - 2016-04-23 00:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-10 17:59 - 2016-04-23 00:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-10 17:59 - 2016-04-22 23:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-10 17:59 - 2016-04-22 23:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-10 17:59 - 2016-04-22 23:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-10 17:59 - 2016-04-22 23:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-10 17:59 - 2016-04-22 23:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-10 17:59 - 2016-04-22 23:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-10 17:59 - 2016-04-22 23:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-10 17:59 - 2016-04-22 23:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-10 17:59 - 2016-04-22 23:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-10 17:59 - 2016-04-22 23:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-10 17:59 - 2016-04-22 23:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-10 17:59 - 2016-04-22 23:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-10 17:59 - 2016-04-22 23:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-10 17:59 - 2016-04-22 23:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-10 17:59 - 2016-04-22 23:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-10 17:59 - 2016-04-22 23:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-10 17:59 - 2016-04-22 23:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-10 17:59 - 2016-04-22 23:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-10 17:59 - 2016-04-22 23:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-10 17:59 - 2016-04-22 22:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-10 17:59 - 2016-04-22 22:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-10 17:59 - 2016-04-22 22:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-10 17:59 - 2016-04-22 22:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-10 17:59 - 2016-04-22 22:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-10 17:59 - 2016-04-22 22:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-10 17:59 - 2016-04-22 22:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-10 17:59 - 2016-04-22 22:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-10 17:59 - 2016-04-22 22:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-10 17:59 - 2016-04-22 22:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-10 17:59 - 2016-04-22 22:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-10 17:59 - 2016-04-22 22:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-10 17:59 - 2016-04-22 22:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-10 17:59 - 2016-04-22 22:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-10 17:59 - 2016-04-22 22:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-10 17:59 - 2016-04-22 22:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-10 17:59 - 2016-04-22 22:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-10 17:59 - 2016-04-14 08:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-10 17:59 - 2016-04-14 08:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-10 17:59 - 2016-04-09 02:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-10 17:59 - 2016-04-09 02:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-10 17:59 - 2016-04-09 01:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-10 17:59 - 2016-04-09 01:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-10 17:59 - 2016-04-09 01:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-10 17:59 - 2016-04-09 01:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-10 17:59 - 2016-04-09 01:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-10 17:59 - 2016-04-09 00:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-10 17:59 - 2016-04-06 10:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-10 17:59 - 2016-03-09 13:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-10 17:59 - 2016-03-09 13:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-10 17:58 - 2016-04-23 00:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-10 17:58 - 2016-04-23 00:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-10 17:58 - 2016-04-23 00:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-10 17:58 - 2016-04-23 00:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-10 17:58 - 2016-04-22 23:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-10 17:58 - 2016-04-22 23:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-10 17:58 - 2016-04-22 23:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-10 17:58 - 2016-04-22 23:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-10 17:58 - 2016-04-22 23:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-10 17:58 - 2016-04-22 23:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-10 17:58 - 2016-04-22 23:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-10 17:58 - 2016-04-22 23:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-10 17:58 - 2016-04-22 23:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-10 17:58 - 2016-04-22 23:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-10 17:58 - 2016-04-22 23:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-10 17:58 - 2016-04-22 23:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-10 17:58 - 2016-04-22 23:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-10 17:58 - 2016-04-22 22:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-10 17:58 - 2016-04-22 22:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-10 17:58 - 2016-04-22 22:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-10 17:58 - 2016-04-22 22:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-10 17:58 - 2016-04-22 22:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-10 17:58 - 2016-04-22 22:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-10 17:58 - 2016-04-09 02:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-10 17:58 - 2016-04-09 02:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-10 17:58 - 2016-04-09 02:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-10 17:58 - 2016-04-09 02:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-10 17:58 - 2016-04-09 02:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-10 17:58 - 2016-04-09 01:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-10 17:58 - 2016-04-09 01:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-10 17:58 - 2016-04-09 01:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-10 17:58 - 2016-04-09 01:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-10 17:58 - 2016-04-09 01:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-10 17:58 - 2016-04-09 01:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-10 17:58 - 2016-04-09 01:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-10 17:58 - 2016-04-09 01:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-10 17:58 - 2016-04-09 01:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-10 17:58 - 2016-04-09 01:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-10 17:58 - 2016-04-09 01:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-10 17:58 - 2016-04-09 01:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-10 17:58 - 2016-04-09 01:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-10 17:58 - 2016-04-09 01:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-10 17:58 - 2016-04-09 01:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-10 17:58 - 2016-04-09 01:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-10 17:58 - 2016-04-09 01:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-10 17:58 - 2016-04-09 01:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 00:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-10 17:58 - 2016-04-09 00:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-10 17:58 - 2016-04-09 00:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-10 17:58 - 2016-04-09 00:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-10 17:58 - 2016-04-09 00:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-10 17:58 - 2016-04-09 00:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-10 17:58 - 2016-04-09 00:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-10 17:58 - 2016-04-09 00:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-10 17:58 - 2016-04-09 00:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-10 17:58 - 2016-04-09 00:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-10 17:58 - 2016-04-09 00:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-10 17:58 - 2016-04-09 00:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-10 17:58 - 2016-04-09 00:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-10 17:58 - 2016-04-09 00:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-10 17:58 - 2016-04-09 00:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-10 17:58 - 2016-04-09 00:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-10 17:58 - 2016-04-09 00:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-10 17:58 - 2016-04-09 00:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 00:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 00:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-10 17:58 - 2016-04-09 00:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-10 17:55 - 2016-04-08 23:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-10 17:55 - 2016-04-08 22:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-10 17:00 - 2016-05-15 15:55 - 00001044 _____ C:\ProgramData\currdat.lst.tmp
2016-05-10 16:20 - 2016-05-10 16:23 - 00000000 ____D C:\Program Files (x86)\GUMA18B.tmp
2016-05-10 15:12 - 2016-05-10 19:16 - 00000000 ___SD C:\ComboFix
2016-05-10 15:12 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-05-10 14:34 - 2016-05-10 19:16 - 00000000 ____D C:\Windows\erdnt
2016-05-10 14:34 - 2016-05-10 15:12 - 00000000 ____D C:\Qoobox
2016-05-10 08:29 - 2016-05-10 08:37 - 00000000 ____D C:\Users\Dan\AppData\Local\Thunderbird
2016-05-10 08:29 - 2016-05-10 08:29 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Thunderbird
2016-05-10 08:28 - 2016-05-10 19:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-05-08 21:34 - 2016-05-09 20:28 - 00007865 _____ C:\Users\Dan\Desktop\MTB.txt
2016-05-08 21:33 - 2016-05-08 21:29 - 00891392 _____ (Farbar) C:\Users\Dan\Desktop\MiniToolBox (1).exe
2016-05-07 12:54 - 2016-05-07 12:54 - 00000000 ____D C:\Users\Dan\AppData\Local\NuGet
2016-05-07 12:54 - 2016-05-07 12:54 - 00000000 ____D C:\Users\Dan\.nuget
2016-05-07 12:44 - 2016-05-07 13:01 - 00000000 ____D C:\Users\Dan\AppData\Local\Xamarin
2016-05-07 12:44 - 2016-05-07 12:44 - 00000000 ____D C:\ProgramData\MonoTouch
2016-05-07 12:44 - 2016-05-07 12:44 - 00000000 ____D C:\ProgramData\Mono for Android
2016-05-07 11:44 - 2016-05-07 11:45 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Astra Jigsaw Gift
2016-05-07 11:41 - 2016-05-07 11:41 - 00001043 _____ C:\Users\Public\Desktop\Astra Jigsaw France and UK.lnk
2016-05-07 11:41 - 2016-05-07 11:41 - 00000988 _____ C:\Users\Public\Desktop\Astra Gift Maker.lnk
2016-05-07 11:41 - 2016-05-07 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astra Jigsaw France and UK
2016-05-07 11:41 - 2016-05-07 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astra Gift Maker
2016-05-07 11:41 - 2016-05-07 11:41 - 00000000 ____D C:\Program Files (x86)\Astra Jigsaw France and UK
2016-05-07 11:41 - 2016-05-07 11:41 - 00000000 ____D C:\Program Files (x86)\Astra Gift Maker
2016-05-07 11:40 - 2016-05-07 11:40 - 00001004 _____ C:\Users\Public\Desktop\Astra Jigsaw Art Edition.lnk
2016-05-07 11:40 - 2016-05-07 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astra Jigsaw Art Edition
2016-05-07 11:40 - 2016-05-07 11:40 - 00000000 ____D C:\Program Files (x86)\Astra Jigsaw Art Edition
2016-05-07 11:39 - 2016-05-07 11:39 - 00001063 _____ C:\Users\Public\Desktop\Astra Jigsaw My Favorite Things.lnk
2016-05-07 11:39 - 2016-05-07 11:39 - 00001008 _____ C:\Users\Public\Desktop\Astra Jigsaw Art II.lnk
2016-05-07 11:39 - 2016-05-07 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astra Jigsaw My Favorite Things
2016-05-07 11:39 - 2016-05-07 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astra Jigsaw Art II
2016-05-07 11:39 - 2016-05-07 11:39 - 00000000 ____D C:\Program Files (x86)\Astra Jigsaw My Favorite Things
2016-05-07 11:39 - 2016-05-07 11:39 - 00000000 ____D C:\Program Files (x86)\Astra Jigsaw Art II
2016-05-07 11:38 - 2016-05-07 11:38 - 00001063 _____ C:\Users\Public\Desktop\Astra Jigsaw Landmarks Edition.lnk
2016-05-07 11:38 - 2016-05-07 11:38 - 00001048 _____ C:\Users\Public\Desktop\Astra Jigsaw Asian Holidays.lnk
2016-05-07 11:38 - 2016-05-07 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astra Jigsaw Landmarks Edition
2016-05-07 11:38 - 2016-05-07 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astra Jigsaw Asian Holidays
2016-05-07 11:38 - 2016-05-07 11:38 - 00000000 ____D C:\Program Files (x86)\Astra Jigsaw Landmarks Edition
2016-05-07 11:38 - 2016-05-07 11:38 - 00000000 ____D C:\Program Files (x86)\Astra Jigsaw Asian Holidays
2016-05-07 11:37 - 2016-05-07 11:37 - 00001058 _____ C:\Users\Public\Desktop\Astra Jigsaw Tropical Edition.lnk
2016-05-07 11:37 - 2016-05-07 11:37 - 00001018 _____ C:\Users\Public\Desktop\Astra Jigsaw Americas.lnk
2016-05-07 11:37 - 2016-05-07 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astra Jigsaw Tropical Edition
2016-05-07 11:37 - 2016-05-07 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astra Jigsaw Americas
2016-05-07 11:37 - 2016-05-07 11:37 - 00000000 ____D C:\Program Files (x86)\Astra Jigsaw Tropical Edition
2016-05-07 11:37 - 2016-05-07 11:37 - 00000000 ____D C:\Program Files (x86)\Astra Jigsaw Americas
2016-05-07 11:36 - 2016-05-07 11:36 - 00001129 _____ C:\Users\Public\Desktop\Astra Jigsaw Europe Tour.lnk
2016-05-07 11:36 - 2016-05-07 11:36 - 00001028 _____ C:\Users\Public\Desktop\Astra Jigsaw USA Edition.lnk
2016-05-07 11:36 - 2016-05-07 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astra Jigsaw USA Edition
2016-05-07 11:36 - 2016-05-07 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astra Jigsaw Europe Tour
2016-05-07 11:36 - 2016-05-07 11:36 - 00000000 ____D C:\Program Files (x86)\Astra Jigsaw USA Edition
2016-05-07 11:36 - 2016-05-07 11:36 - 00000000 ____D C:\Program Files (x86)\Astra Jigsaw Europe Tour
2016-05-07 11:35 - 2016-05-07 11:35 - 00001092 _____ C:\Users\Public\Desktop\Astra Jigsaw Japan.lnk
2016-05-07 11:35 - 2016-05-07 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astra Jigsaw Japan
2016-05-07 11:35 - 2016-05-07 11:35 - 00000000 ____D C:\Program Files (x86)\Astra Jigsaw Japan
2016-05-07 11:34 - 2016-05-07 11:34 - 00001157 _____ C:\Users\Public\Desktop\Astra Jigsaw Italy and Spain.lnk
2016-05-07 11:34 - 2016-05-07 11:34 - 00001092 _____ C:\Users\Public\Desktop\Astra Jigsaw India.lnk
2016-05-07 11:34 - 2016-05-07 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astra Jigsaw Italy and Spain
2016-05-07 11:34 - 2016-05-07 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astra Jigsaw India
2016-05-07 11:34 - 2016-05-07 11:34 - 00000000 ____D C:\Program Files (x86)\Astra Jigsaw Italy and Spain
2016-05-07 11:34 - 2016-05-07 11:34 - 00000000 ____D C:\Program Files (x86)\Astra Jigsaw India
2016-05-07 11:04 - 2016-05-07 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python Tools for Visual Studio 2015
2016-05-07 11:03 - 2016-05-07 11:03 - 00000000 ____D C:\Program Files (x86)\Java
2016-05-07 11:02 - 2016-05-07 11:02 - 00000000 ____D C:\ProgramData\Monodoc
2016-05-07 11:01 - 2016-05-07 11:01 - 00000000 ____D C:\Program Files (x86)\Xamarin
2016-05-07 09:59 - 2016-05-07 09:59 - 00000000 ____D C:\Program Files\Application Verifier
2016-05-07 09:59 - 2016-05-07 09:59 - 00000000 ____D C:\Program Files (x86)\Application Verifier
2016-05-07 09:58 - 2016-05-07 09:58 - 00000000 ____D C:\ProgramData\Windows App Certification Kit
2016-05-07 09:17 - 2016-05-07 09:17 - 00000000 ____D C:\Program Files\IIS Express
2016-05-07 09:14 - 2016-05-07 09:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Office365 Tools
2016-05-07 09:13 - 2016-05-07 09:13 - 00000000 ____D C:\Program Files (x86)\Common7
2016-04-28 05:02 - 2016-04-28 05:02 - 00001858 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2016-04-24 16:10 - 2016-04-24 16:10 - 21041152 _____ C:\Users\Dan\Desktop\system event log.evtx
2016-04-24 16:09 - 2016-04-24 16:09 - 21041152 _____ C:\Users\Dan\Desktop\application event log.evtx
2016-04-23 05:02 - 2016-04-23 05:02 - 00003828 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1461405773
2016-04-23 05:02 - 2016-04-23 05:02 - 00001135 _____ C:\Users\Public\Desktop\Opera.lnk
2016-04-23 05:02 - 2016-04-23 05:02 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-04-21 05:45 - 2016-04-21 05:45 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-04-19 17:44 - 2016-04-19 17:46 - 00000000 ____D C:\Users\Dan\AppData\Local\tkdata
2016-04-19 17:43 - 2016-04-21 05:45 - 00001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-04-19 17:43 - 2016-04-19 17:43 - 00000000 ____D C:\ProgramData\TrueKey
2016-04-19 17:43 - 2016-04-19 17:43 - 00000000 ____D C:\Program Files\Intel Security
2016-04-19 17:42 - 2016-04-28 06:31 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-04-19 17:42 - 2016-04-27 06:44 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2016-04-19 17:42 - 2016-04-20 05:43 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-04-19 17:42 - 2016-04-19 17:42 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-19 17:34 - 2016-04-28 06:30 - 00000000 ____D C:\Program Files\TrueKey
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-15 15:55 - 2016-02-23 06:53 - 00001044 _____ C:\ProgramData\currdat.lst
2016-05-15 15:51 - 2014-12-23 15:59 - 00000000 ____D C:\Users\Dan\AppData\Local\ClipboardManager
2016-05-15 15:50 - 2014-12-27 08:04 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Earth Alerts
2016-05-15 15:48 - 2015-08-05 08:08 - 00000000 ____D C:\ProgramData\BOINC
2016-05-15 15:25 - 2014-12-26 09:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-15 15:00 - 2014-12-23 16:00 - 00568447 _____ C:\Users\Dan\Network_Meter_Data.js
2016-05-15 12:49 - 2009-07-13 23:45 - 00020816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-15 12:49 - 2009-07-13 23:45 - 00020816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-15 12:48 - 2015-04-30 10:01 - 00518424 _____ C:\Windows\system32\perfh011.dat
2016-05-15 12:48 - 2015-04-30 10:01 - 00168646 _____ C:\Windows\system32\perfc011.dat
2016-05-15 12:48 - 2015-04-30 09:45 - 00883860 _____ C:\Windows\system32\perfh00A.dat
2016-05-15 12:48 - 2015-04-30 09:45 - 00212984 _____ C:\Windows\system32\perfc00A.dat
2016-05-15 12:48 - 2015-04-30 09:35 - 00875916 _____ C:\Windows\system32\perfh010.dat
2016-05-15 12:48 - 2015-04-30 09:35 - 00198434 _____ C:\Windows\system32\perfc010.dat
2016-05-15 12:48 - 2009-07-14 00:13 - 03803218 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-15 12:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-05-15 12:41 - 2015-01-04 09:01 - 00000091 _____ C:\HaxLogs.txt
2016-05-15 12:41 - 2014-12-27 15:32 - 00000000 ____D C:\ProgramData\VMware
2016-05-15 12:41 - 2014-12-26 09:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-15 12:41 - 2014-12-23 15:58 - 00023242 _____ C:\Users\Dan\IP_Log_Data.js
2016-05-15 12:41 - 2014-12-23 11:44 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-15 12:41 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-15 12:38 - 2014-12-23 16:53 - 00000030 _____ C:\Users\Dan\AppData\Roaming\Network Meter_Usage.ini
2016-05-14 04:08 - 2015-02-02 09:12 - 00000000 ____D C:\Users\Dan\AppData\LocalLow\LastPass
2016-05-13 14:47 - 2016-02-11 06:34 - 00000000 ____D C:\AdwCleaner
2016-05-13 12:36 - 2015-10-25 06:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-12 19:27 - 2014-12-26 09:26 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-12 13:03 - 2015-12-15 11:47 - 00000000 ____D C:\Program Files (x86)\Raptr
2016-05-12 13:00 - 2015-12-15 11:47 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Raptr
2016-05-12 05:17 - 2015-10-10 07:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-05-12 03:02 - 2014-12-23 12:04 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-11 03:46 - 2009-07-13 23:45 - 00387776 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-11 03:44 - 2009-07-14 02:46 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 03:22 - 2014-12-23 12:00 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 03:03 - 2014-12-23 12:00 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-10 19:16 - 2015-12-06 08:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-05-10 19:16 - 2015-10-25 06:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-10 19:16 - 2015-06-30 12:18 - 00000000 ____D C:\Windows\SysWOW64\VC
2016-05-10 19:16 - 2015-01-19 06:42 - 00000000 ____D C:\Windows\pss
2016-05-10 19:16 - 2015-01-12 15:07 - 00000000 ____D C:\ProgramData\FLEXnet
2016-05-10 19:16 - 2014-12-27 08:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW
2016-05-10 19:16 - 2014-12-27 08:00 - 00000000 ____D C:\Program Files (x86)\SIW 2011 Home Edition
2016-05-10 19:16 - 2014-12-23 12:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-10 19:16 - 2009-07-14 02:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-05-10 19:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-05-10 16:39 - 2015-07-26 09:02 - 00000000 ____D C:\Users\Dan\AppData\Roaming\GlarySoft
2016-05-10 16:39 - 2015-07-26 09:02 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2016-05-10 16:20 - 2014-12-26 09:24 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 16:20 - 2014-12-26 09:24 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 16:18 - 2014-12-23 11:31 - 00000000 ____D C:\Users\Dan
2016-05-10 15:24 - 2009-07-13 21:34 - 30146560 _____ C:\Windows\system32\config\SYSTEM.bak
2016-05-10 15:24 - 2009-07-13 21:34 - 249561088 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-05-10 15:24 - 2009-07-13 21:34 - 23068672 _____ C:\Windows\system32\config\DEFAULT.bak
2016-05-10 15:24 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2016-05-10 15:24 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2016-05-08 07:51 - 2015-11-02 06:56 - 00000000 ____D C:\Program Files (x86)\Vistumbler
2016-05-08 07:45 - 2015-10-25 06:42 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-08 07:45 - 2015-10-25 06:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-07 11:27 - 2015-01-13 20:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-07 11:21 - 2014-12-25 09:51 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-07 11:02 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-05-07 10:38 - 2015-07-21 08:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2016-05-07 10:38 - 2015-07-21 08:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2016-05-07 10:37 - 2015-12-16 10:23 - 00000000 ____D C:\ProgramData\Git
2016-05-07 10:37 - 2015-07-21 08:55 - 00000000 ____D C:\Program Files (x86)\Git
2016-05-07 10:10 - 2014-12-25 09:58 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-05-07 10:05 - 2014-12-25 09:51 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-07 09:59 - 2014-12-25 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2016-05-07 09:51 - 2014-12-25 10:42 - 00000000 ____D C:\Program Files (x86)\AppInsights
2016-05-07 09:47 - 2014-12-25 10:08 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-05-07 09:46 - 2014-12-25 10:08 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-05-07 09:24 - 2014-12-25 10:12 - 00000000 ____D C:\Program Files (x86)\HTML Help Workshop
2016-05-07 09:17 - 2015-07-21 08:32 - 00000000 ____D C:\Program Files (x86)\IIS Express
2016-05-07 09:15 - 2014-12-25 10:24 - 00000000 ____D C:\Program Files (x86)\NuGet
2016-05-07 09:14 - 2015-07-21 09:09 - 00000000 ____D C:\Users\Dan\AppData\Local\VSIXInstaller
2016-05-07 09:13 - 2015-07-21 08:26 - 00001534 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2016-05-07 09:03 - 2014-12-23 17:24 - 03771186 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-05-07 08:57 - 2015-07-21 08:15 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2016-05-07 08:57 - 2014-12-25 10:08 - 00000000 ____D C:\Windows\SysWOW64\1033
2016-05-07 08:48 - 2014-12-25 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-05-06 09:05 - 2014-12-27 15:36 - 00000000 ____D C:\Users\Dan\AppData\Local\VMware
2016-05-06 08:50 - 2014-12-27 15:36 - 00000000 ____D C:\Users\Dan\AppData\Roaming\VMware
2016-05-06 03:01 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-06 03:01 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-03 09:06 - 2014-12-26 09:22 - 00000175 _____ C:\ProgramData\LockFilePath.ini
2016-04-29 06:46 - 2015-08-05 11:31 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Arduino15
2016-04-28 06:36 - 2015-07-26 09:02 - 00003304 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2016-04-28 06:36 - 2015-07-26 09:02 - 00002964 _____ C:\Windows\System32\Tasks\GU5SkipUAC
2016-04-28 06:31 - 2014-12-24 06:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-28 06:26 - 2016-03-30 08:07 - 00000000 ____D C:\Users\Dan\.yawcam
2016-04-28 05:17 - 2016-04-13 07:16 - 00000000 ____D C:\Users\Dan\AppData\Roaming\FileZilla
2016-04-28 05:02 - 2016-04-13 07:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-04-28 05:02 - 2016-04-13 07:16 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-04-27 06:44 - 2014-12-23 14:23 - 00000000 ____D C:\ProgramData\McAfee
2016-04-23 07:56 - 2015-11-05 07:27 - 00000600 _____ C:\Users\Dan\AppData\Local\PUTTY.RND
2016-04-23 05:03 - 2014-12-23 12:32 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Opera Software
2016-04-23 05:03 - 2014-12-23 12:32 - 00000000 ____D C:\Users\Dan\AppData\Local\Opera Software
2016-04-23 05:03 - 2014-12-23 12:32 - 00000000 ____D C:\Program Files (x86)\Opera
2016-04-22 02:57 - 2014-12-23 11:50 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-19 17:43 - 2015-01-04 09:01 - 00000000 ____D C:\Program Files\Intel
2016-04-19 17:34 - 2014-12-24 06:29 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-19 17:34 - 2014-12-24 06:29 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-19 17:34 - 2014-12-24 06:29 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-19 17:33 - 2014-12-23 14:21 - 00000000 ____D C:\Users\Dan\AppData\Local\Adobe
 
==================== Files in the root of some directories =======
 
2015-02-02 09:12 - 2015-02-02 09:12 - 15000576 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-12-23 16:53 - 2016-05-15 12:38 - 0000030 _____ () C:\Users\Dan\AppData\Roaming\Network Meter_Usage.ini
2015-11-05 07:27 - 2016-04-23 07:56 - 0000600 _____ () C:\Users\Dan\AppData\Local\PUTTY.RND
2014-12-23 12:44 - 2015-08-20 12:48 - 0007626 _____ () C:\Users\Dan\AppData\Local\resmon.resmoncfg
2016-02-23 06:53 - 2016-05-15 15:55 - 0001044 _____ () C:\ProgramData\currdat.lst
2016-05-10 17:00 - 2016-05-15 15:55 - 0001044 _____ () C:\ProgramData\currdat.lst.tmp
2014-12-26 09:22 - 2016-05-03 09:06 - 0000175 _____ () C:\ProgramData\LockFilePath.ini
2014-12-25 11:00 - 2014-12-25 11:00 - 10485760 _____ () C:\ProgramData\WV5DataStore
 
Files to move or delete:
====================
C:\Users\Dan\IP_Log_Data.js
C:\Users\Dan\Network_Meter_Data.js
 
 
Some files in TEMP:
====================
C:\Users\Dan\AppData\Local\Temp\libeay32.dll
C:\Users\Dan\AppData\Local\Temp\msvcr120.dll
C:\Users\Dan\AppData\Local\Temp\procexp64.exe
C:\Users\Dan\AppData\Local\Temp\speccycpuid.dll
C:\Users\Dan\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-08 09:39
 
==================== End of FRST.txt ============================Thank for your help,
 
Dan
 
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 PM

Posted 16 May 2016 - 09:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Featutes applet.
KMSpico vx.x.x (HKLM\...\KMSpico_is1) (Version: x.x.x - )

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
Winlogon\Notify\igfxcui: igfxdev.dll [X]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Veronica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [741056 2015-11-29] (@ByELDI) [File not signed]
C:\Program Files\KMSpico
C:\Users\Veronica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Include also the Addition.txt file that was created by the Farbar tool.

How is the computer running now?

#3 DanT

DanT
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arkansas, USA
  • Local time:10:26 PM

Posted 16 May 2016 - 11:30 AM

Thanks for your response.

 

There was no KMSpico program listed in Programs & Features to remove.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:16-05-2016
Ran by Dan (2016-05-16 11:13:27) Run:1
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
Winlogon\Notify\igfxcui: igfxdev.dll [X]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Veronica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [741056 2015-11-29] (@ByELDI) [File not signed]
C:\Program Files\KMSpico
C:\Users\Veronica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files\KMSpico\Service_KMS.exe => No running process found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => key not found. 
HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10 => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10 => key not found. 
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value not found.
C:\Users\Veronica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => not found
Service KMSELDI => service not found.
"C:\Program Files\KMSpico" => not found.
"C:\Users\Veronica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
EmptyTemp: => 2.5 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 11:16:04 ====
 
 
The computer  seems to be normal right now.  I don't know what was changed.
 
Dan

Attached Files


Edited by DanT, 16 May 2016 - 11:32 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 PM

Posted 16 May 2016 - 12:39 PM

Your addition.txt file is clean.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 DanT

DanT
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arkansas, USA
  • Local time:10:26 PM

Posted 16 May 2016 - 01:10 PM

Does this mean that I do not have any viruses, trojans, worms or whatever?

 

Dan



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 PM

Posted 17 May 2016 - 06:17 AM

Not that I can see.

Any pending issues?

#7 DanT

DanT
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arkansas, USA
  • Local time:10:26 PM

Posted 17 May 2016 - 06:59 AM

No issues right now.  I'm going to make a system image and a full backup and continue onwards.

 

Thanks,

 

Dan



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 PM

Posted 23 May 2016 - 07:08 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users