Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Computer is trying to logon to my router


  • This topic is locked This topic is locked
17 replies to this topic

#1 mar_initials

mar_initials

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 22 May 2016 - 01:03 PM

 My windows 7 computer keeps trying to logon to my router.  It is not successful, but it's so persistent that the router often hangs.  At that point, I have to reset the router so that my other devices can access the internet.

 

I run Avast antivirus, and it says the computer is clean.  

 

I've tried running MalwareBytes, and now it says the computer is clean as well.

I've tried Sophos, TDSKiller, RougeKiller, and HitmanPro - but none seem to be helpful.

 

I've moved the computer behind an old router that I configured on a different subnet - it continues to attack it, but at least my other devices don't suffer.

 

I've pasted the logs from the router below, as well as both logs from FRST64.  Any help sure would be appreciated.

Michael

 

----- Log from the router -----------

 

Monday,09 May 2016 10:11:34 [TCP SYN Flood][Deny access policy matched, dropping packet] 
Monday,09 May 2016 10:55:09 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:09 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:09 Authentication attempt failed for  from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:09 Authentication attempt failed for Admin from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:09 Authentication attempt failed for Admin from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:09 Authentication attempt failed for Administrator from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:09 Authentication attempt failed for Administrator from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:09 Authentication attempt failed for administrator from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:09 Authentication attempt failed for administrator from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:09 Authentication attempt failed for root from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:09 Authentication attempt failed for root from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:09 Authentication attempt failed for Gearguy from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:09 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:09 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:09 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:09 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:09 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:09 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:09 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:09 Authentication attempt failed for cusadmin from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:10 Authentication attempt failed for super from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:10 Authentication attempt failed for superman from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:10 Authentication attempt failed for superuser from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:10 Authentication attempt failed for Admin from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:10 Authentication attempt failed for Admin from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:10 Authentication attempt failed for Administrator from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:10 Authentication attempt failed for Administrator from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:10 Authentication attempt failed for User from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:10 Authentication attempt failed for User from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:10 Authentication attempt failed for Username from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:10 Authentication attempt failed for  from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:10 Authentication attempt failed for  from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:10 Authentication attempt failed for  from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:10 Authentication attempt failed for  from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:10 Authentication attempt failed for  from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:10 Authentication attempt failed for adm from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:10 Authentication attempt failed for admim from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:10 Authentication attempt failed for admin2 from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:10 Authentication attempt failed for admin2 from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:10 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:10 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:10 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:10 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:10 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:10 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:10 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:10 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:10 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:10 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:10 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:10 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:10 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:11 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:11 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:11 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:11 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:11 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:11 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:11 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:11 Authentication attempt failed for admin from 192.168.3.60 because: Bad Password
Monday,09 May 2016 10:55:11 Authentication attempt failed for TMARDLKT93319 from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:11 Authentication attempt failed for ZXDSL from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:11 Authentication attempt failed for DXDSL from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:11 Authentication attempt failed for ADSL from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:11 Authentication attempt failed for comcast from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:11 Authentication attempt failed for customer from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:11 Authentication attempt failed for login from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:11 Authentication attempt failed for login from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:11 Authentication attempt failed for login from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:11 Authentication attempt failed for manager from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:11 Authentication attempt failed for root from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:11 Authentication attempt failed for root from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:11 Authentication attempt failed for root from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:11 Authentication attempt failed for smc from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:11 Authentication attempt failed for support from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:11 Authentication attempt failed for sysadm from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:11 Authentication attempt failed for user from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:11 Authentication attempt failed for user from 192.168.3.60 because: Invalid Username
Monday,09 May 2016 10:55:11 Authentication attempt failed for user from 192.168.3.60 because: Invalid Username

 

----------  End Router Log  -------------------

 

------ FRST.txt ---------------

  

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:22-05-2016 01
Ran by Ben (ATTENTION: The user is not administrator) on BEN-PC (22-05-2016 12:19:17)
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben (Available Profiles: Ben & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> winlogon.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> FBAgent.exe
Failed to access process -> AsLdrSrv.exe
Failed to access process -> GFNEXSrv.exe
Failed to access process -> AvastSvc.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> OfficeClickToRun.exe
Failed to access process -> UpdateService.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> AvastVBoxSVC.exe
Failed to access process -> svchost.exe
Failed to access process -> TrustedInstaller.exe
Failed to access process -> HControl.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> ATKOSD.exe
Failed to access process -> KBFiltr.exe
Failed to access process -> WDC.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
Failed to access process -> armsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> LMS.exe
Failed to access process -> svchost.exe
Failed to access process -> UNS.exe
Failed to access process -> svchost.exe
Failed to access process -> GoogleUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> sppsvc.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe
Failed to access process -> svchost.exe
Failed to access process -> taskeng.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-03-06] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-23] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\...\MountPoints2: {ebddf37a-d535-11e1-afb0-c86000449414} - F:\LaunchU3.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-09] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.35.1
Tcpip\..\Interfaces\{08D34172-7635-4E5F-A61F-813CE16911D4}: [DhcpNameServer] 192.168.35.1
Tcpip\..\Interfaces\{9DEBBBEE-3108-4204-8350-25B9DFD1C405}: [DhcpNameServer] 192.168.3.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-05-02] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-21] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-09] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-05-02] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-02] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-21] (Oracle Corporation)
BHO-x32: Wondershare AllMyTube 4.7.0 -> {067DF9EC-26B7-40DC-8DB8-CD8BE85AE367} -> C:\ProgramData\Wondershare\AllMyTube\WSBrowserAppMgr.dll [2015-09-16] (Wondershare)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-09] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-05-02] (Microsoft Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {1241F20B-0688-45A5-ADB2-208AFE4A5DDC}
DPF: HKLM-x32 {23C36C53-9D4E-4860-96A8-E3AB44A209E7} hxxps://secure.accessacs.com/access/changerequest/AccessACSCR.ocx
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-02] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 -  No File
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-05-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3191172797-3150339674-2304963226-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ben\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-04-02] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-09]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-09]
FF HKLM-x32\...\Firefox\Extensions: [support@acs-ids.com] - C:\Program Files (x86)\IDS LLC\IDS\Plugin\idsnsplugin_ff3.windows
FF Extension: IDS IDS Server - C:\Program Files (x86)\IDS LLC\IDS\Plugin\idsnsplugin_ff3.windows [2014-09-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension => not found
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [AllMyTube@Wondershare.com] - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com
FF Extension: Wondershare AllMyTube - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com [2015-12-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
 
Chrome:
=======
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=407453&fr=yo-yhp-ch
CHR StartupUrls: Default -> "about:blank"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=407453&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast SafePrice) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-05-04]
CHR Extension: (Avast Online Security) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-04]
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-02-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-09]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-09] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5570120 2016-02-09] (Avast Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2911472 2016-05-02] (Microsoft Corporation)
R2 GGUpdateClient; C:\Program Files (x86)\IDS LLC\IDS\Client\UpdateService.exe [108664 2012-09-21] (IDS Links)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-02-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-10] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MEMSWEEP2; C:\Windows\system32\31E.tmp [6144 2011-08-25] (Sophos Plc) [File not signed]
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [154024 2016-02-09] (AVAST Software)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-20] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2016-02-09] (Avast Software)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
U2 TMAgent; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-22 12:19 - 2016-05-22 12:19 - 00020836 _____ C:\Users\Ben\Desktop\FRST.txt
2016-05-22 12:19 - 2016-05-22 12:19 - 00000000 ____D C:\FRST
2016-05-22 12:18 - 2016-05-22 12:17 - 02383360 _____ (Farbar) C:\Users\Ben\Desktop\FRST64.exe
2016-05-22 12:17 - 2016-05-22 12:17 - 02383360 _____ (Farbar) C:\Users\Ben\Downloads\FRST64.exe
2016-05-20 19:31 - 2016-05-20 19:31 - 09096848 _____ (SurfRight B.V.) C:\Users\Ben\Downloads\HitmanPro.exe
2016-05-20 18:59 - 2016-05-20 18:59 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-05-20 18:58 - 2016-05-20 19:47 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-20 18:56 - 2016-05-20 18:56 - 19840072 _____ C:\Users\Ben\Downloads\RogueKiller.exe
2016-05-19 16:44 - 2016-05-19 16:45 - 01835048 _____ (LogMeIn, Inc.) C:\Users\Ben\Downloads\Support-LogMeInRescue (1).exe
2016-05-19 10:47 - 2016-05-19 10:47 - 01081227 _____ C:\Users\Ben\Downloads\Robious Landing Park (L) (1).pdf
2016-05-19 10:47 - 2016-05-19 10:47 - 00191377 _____ C:\Users\Ben\Downloads\Picnic Shelter Reservation Form.pdf
2016-05-19 10:46 - 2016-05-19 10:46 - 01081227 _____ C:\Users\Ben\Downloads\Robious Landing Park (L).pdf
2016-05-18 20:07 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\31E.tmp
2016-05-18 19:57 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\DBEE.tmp
2016-05-15 19:23 - 2015-07-16 15:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-05-15 19:23 - 2015-07-16 15:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2016-05-15 19:23 - 2015-07-16 15:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2016-05-15 19:23 - 2015-07-16 15:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-05-15 19:23 - 2015-07-16 15:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-05-15 19:23 - 2015-07-16 15:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-05-15 19:23 - 2015-07-11 09:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-05-15 18:35 - 2015-12-20 14:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-05-15 18:35 - 2015-12-20 14:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-05-15 18:35 - 2015-12-20 10:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-05-15 18:35 - 2014-12-11 13:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-05-15 18:34 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\DE9D.tmp
2016-05-15 18:15 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\379.tmp
2016-05-15 18:14 - 2016-05-15 18:14 - 00000000 ____D C:\Users\Admin
2016-05-15 17:42 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2016-05-15 17:42 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2016-05-15 17:42 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-05-15 17:42 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2016-05-15 17:42 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2016-05-15 17:42 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2016-05-15 17:42 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2016-05-15 17:42 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2016-05-15 17:42 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2016-05-15 17:42 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2016-05-15 17:39 - 2012-08-23 10:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2016-05-15 17:39 - 2012-08-23 10:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2016-05-15 17:39 - 2012-08-23 07:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2016-05-15 17:39 - 2012-08-23 06:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2016-05-15 17:39 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\2E9E.tmp
2016-05-15 17:31 - 2016-03-09 15:00 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-05-15 17:31 - 2016-03-09 15:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-05-15 17:31 - 2016-03-09 14:40 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-05-15 17:31 - 2016-03-09 14:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-05-15 17:31 - 2015-12-16 14:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-05-15 17:31 - 2015-12-16 14:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-05-15 17:31 - 2015-12-16 14:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-05-15 17:31 - 2015-12-16 14:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-05-15 17:31 - 2015-12-16 14:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-05-15 17:31 - 2015-12-16 14:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-05-15 17:31 - 2015-12-16 14:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-05-15 17:31 - 2015-12-16 14:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-05-15 17:31 - 2015-12-16 10:38 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2016-05-15 17:31 - 2015-12-16 10:37 - 00419928 _____ C:\Windows\system32\locale.nls
2016-05-15 17:31 - 2015-08-05 13:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2016-05-15 17:31 - 2015-08-05 13:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2016-05-14 21:24 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\85A4.tmp
2016-05-14 21:10 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\AD00.tmp
2016-05-12 15:53 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\8B6F.tmp
2016-05-12 15:47 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\1BE9.tmp
2016-05-11 22:18 - 2016-04-23 13:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 22:18 - 2016-04-23 12:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 22:18 - 2016-04-23 01:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 22:18 - 2016-04-23 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 22:18 - 2016-04-23 01:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 22:18 - 2016-04-23 01:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 22:18 - 2016-04-23 00:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 22:18 - 2016-04-23 00:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 22:18 - 2016-04-23 00:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 22:18 - 2016-04-23 00:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 22:18 - 2016-04-23 00:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 22:18 - 2016-04-23 00:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 22:18 - 2016-04-23 00:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 22:18 - 2016-04-23 00:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 22:18 - 2016-04-23 00:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 22:18 - 2016-04-23 00:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 22:18 - 2016-04-23 00:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-11 22:18 - 2016-04-23 00:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-11 22:18 - 2016-04-23 00:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 22:18 - 2016-04-23 00:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-11 22:18 - 2016-04-23 00:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 22:18 - 2016-04-23 00:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 22:18 - 2016-04-23 00:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 22:18 - 2016-04-23 00:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 22:18 - 2016-04-23 00:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-11 22:18 - 2016-04-22 23:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 22:18 - 2016-04-22 23:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 22:18 - 2016-04-22 23:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-11 22:18 - 2016-04-22 23:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 22:18 - 2016-04-22 23:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-11 22:18 - 2016-04-22 23:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-11 22:18 - 2016-04-22 23:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 22:18 - 2016-04-22 23:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 22:18 - 2016-04-22 23:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 22:18 - 2016-04-22 23:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-11 22:18 - 2016-04-22 23:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 22:18 - 2016-04-22 23:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 22:18 - 2016-04-22 23:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 22:18 - 2016-04-22 23:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 22:18 - 2016-04-22 23:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 22:18 - 2016-04-22 23:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 22:18 - 2016-04-09 02:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 22:18 - 2016-04-09 02:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 22:18 - 2016-03-17 18:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-05-11 22:18 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-05-11 22:18 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-05-11 22:18 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-05-11 22:18 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-05-11 22:18 - 2016-02-12 14:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-05-11 22:18 - 2016-02-12 14:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-05-11 22:18 - 2016-02-12 14:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-05-11 22:18 - 2016-02-12 14:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-05-11 22:18 - 2016-02-12 14:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-05-11 22:18 - 2016-02-12 14:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-05-11 22:18 - 2016-02-12 14:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-05-11 22:18 - 2016-02-12 14:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-05-11 22:18 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-05-11 22:18 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-05-11 22:18 - 2016-02-12 14:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-05-11 22:18 - 2016-02-12 14:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-05-11 22:18 - 2016-02-12 14:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-05-11 22:18 - 2016-02-12 14:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-05-11 22:18 - 2016-02-12 14:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-05-11 22:18 - 2016-02-12 14:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-05-11 22:18 - 2016-02-05 14:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-05-11 22:18 - 2016-02-05 14:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-05-11 22:18 - 2016-02-05 13:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-05-11 22:18 - 2016-01-22 02:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-05-11 22:18 - 2016-01-22 02:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-05-11 22:18 - 2016-01-22 02:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-05-11 22:18 - 2016-01-22 02:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-05-11 22:18 - 2016-01-22 02:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-05-11 22:18 - 2016-01-22 02:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-05-11 22:18 - 2016-01-22 02:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-05-11 22:18 - 2016-01-22 02:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-05-11 22:18 - 2016-01-22 02:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-05-11 22:18 - 2016-01-22 01:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-05-11 22:18 - 2016-01-22 01:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-05-11 22:18 - 2016-01-22 01:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-05-11 22:18 - 2016-01-20 20:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-05-11 22:18 - 2015-06-03 16:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-05-11 22:17 - 2016-04-23 01:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 22:17 - 2016-04-23 01:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 22:17 - 2016-04-23 01:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 22:17 - 2016-04-23 01:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 22:17 - 2016-04-23 01:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 22:17 - 2016-04-23 00:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 22:17 - 2016-04-23 00:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 22:17 - 2016-04-23 00:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 22:17 - 2016-04-23 00:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 22:17 - 2016-04-23 00:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 22:17 - 2016-04-23 00:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 22:17 - 2016-04-23 00:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 22:17 - 2016-04-23 00:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 22:17 - 2016-04-23 00:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 22:17 - 2016-04-23 00:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 22:17 - 2016-04-23 00:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 22:17 - 2016-04-23 00:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 22:17 - 2016-04-23 00:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 22:17 - 2016-04-22 23:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 22:17 - 2016-04-22 23:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 22:17 - 2016-04-22 23:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-11 22:17 - 2016-04-22 23:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 22:17 - 2016-04-22 23:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 22:17 - 2016-04-22 23:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-11 22:17 - 2016-04-22 23:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 22:17 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 22:17 - 2016-04-14 09:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 22:17 - 2016-04-09 03:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 22:17 - 2016-04-09 03:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 22:17 - 2016-04-09 03:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 22:17 - 2016-04-09 03:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 22:17 - 2016-04-09 03:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 22:17 - 2016-04-09 03:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 22:17 - 2016-04-09 03:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 22:17 - 2016-04-09 02:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 22:17 - 2016-04-09 02:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 22:17 - 2016-04-09 02:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 01:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 22:17 - 2016-04-09 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 22:17 - 2016-04-09 01:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 22:17 - 2016-04-09 01:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 22:17 - 2016-04-09 01:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 22:17 - 2016-04-09 01:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 22:17 - 2016-04-09 01:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 22:17 - 2016-04-09 01:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 22:17 - 2016-04-09 01:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 22:17 - 2016-04-09 01:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 22:17 - 2016-04-09 01:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 22:17 - 2016-04-09 01:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 22:17 - 2016-04-09 01:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 22:17 - 2016-04-09 01:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 22:17 - 2016-04-09 01:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 22:17 - 2016-04-09 01:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 22:17 - 2016-04-09 01:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 22:17 - 2016-04-09 01:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 22:17 - 2016-04-09 01:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 01:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 01:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 01:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 22:17 - 2016-04-06 11:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 22:17 - 2016-04-04 14:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-05-11 22:17 - 2016-04-04 14:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-05-11 22:17 - 2016-04-02 09:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-05-11 22:17 - 2016-03-23 10:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-05-11 22:17 - 2016-03-17 14:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-05-11 22:17 - 2016-03-17 14:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-05-11 22:17 - 2016-03-17 14:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-05-11 22:17 - 2016-03-17 14:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-05-11 22:17 - 2016-03-16 14:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-05-11 22:17 - 2016-03-16 14:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-05-11 22:17 - 2016-03-16 14:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-05-11 22:17 - 2016-03-09 14:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 22:17 - 2016-03-09 14:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-11 22:17 - 2016-03-06 14:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-05-11 22:17 - 2016-03-06 14:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-05-11 22:17 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-05-11 22:17 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-05-11 22:17 - 2016-02-09 05:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-05-11 22:17 - 2016-02-09 05:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-05-11 22:17 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-05-11 22:17 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-05-11 22:17 - 2016-02-09 05:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-05-11 22:17 - 2016-02-09 05:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-05-11 22:17 - 2016-02-09 05:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-05-11 22:17 - 2016-02-09 05:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-05-11 22:17 - 2016-02-09 05:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-05-11 22:17 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-05-11 22:17 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-05-11 22:17 - 2016-02-05 14:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-05-11 22:17 - 2016-02-05 14:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-05-11 22:17 - 2016-02-05 14:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-05-11 22:17 - 2016-02-05 14:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-05-11 22:17 - 2016-02-05 14:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-05-11 22:17 - 2016-02-05 14:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-05-11 22:17 - 2016-02-05 14:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-05-11 22:17 - 2016-02-05 13:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-05-11 22:17 - 2016-02-05 13:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-05-11 22:17 - 2016-02-05 13:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-05-11 22:17 - 2016-02-04 21:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-05-11 22:17 - 2016-02-04 14:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-05-11 22:17 - 2016-02-03 14:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-05-11 22:17 - 2016-02-03 14:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-05-11 22:17 - 2016-02-03 14:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-05-11 22:17 - 2016-02-03 14:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-05-11 22:17 - 2016-02-03 14:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-05-11 22:17 - 2016-02-02 14:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-05-11 22:17 - 2016-01-11 15:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-05-11 22:17 - 2016-01-07 13:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-05-11 22:17 - 2015-11-19 10:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-05-11 22:10 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 22:10 - 2016-04-08 23:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 21:08 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\387F.tmp
2016-05-11 21:07 - 2016-05-11 21:07 - 04759456 _____ (LionSea Software co., ltd ) C:\Users\Ben\Downloads\setup.exe
2016-05-11 21:07 - 2016-05-11 21:07 - 04759456 _____ (LionSea Software co., ltd ) C:\Users\Ben\Downloads\setup (1).exe
2016-05-11 20:53 - 2016-05-20 19:50 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-05-11 20:53 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\5791.tmp
2016-05-11 20:51 - 2016-05-11 20:53 - 00217486 _____ C:\TDSSKiller.3.1.0.9_11.05.2016_20.51.10_log.txt
2016-05-09 20:29 - 2016-05-20 19:51 - 00000085 _____ C:\Windows\wininit.ini
2016-05-08 12:14 - 2009-06-10 17:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160508-121440.backup
2016-05-08 11:04 - 2016-05-08 11:04 - 00000000 ____D C:\Users\Ben\Documents\ProcAlyzer Dumps
2016-05-08 09:19 - 2016-05-20 20:00 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-05-08 09:19 - 2016-05-20 19:51 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-05-04 19:40 - 2016-05-15 17:38 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-02 17:45 - 2016-05-02 17:45 - 00000000 ____D C:\Program Files (x86)\ESET
2016-05-01 16:31 - 2016-05-01 16:31 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-01 16:31 - 2016-05-01 16:31 - 00000000 ____D C:\Program Files\CCleaner
2016-05-01 16:30 - 2016-05-01 16:30 - 06882192 _____ (Piriform Ltd) C:\Users\Ben\Downloads\ccsetup517.exe
2016-05-01 16:09 - 2016-05-01 16:09 - 00000000 ____D C:\Users\Ben\AppData\Local\{F2F75982-8982-4A8B-8B26-7165203A4D54}
2016-05-01 08:09 - 2016-05-01 08:09 - 01501155 _____ C:\Users\Ben\Documents\Secret Church complete book.pdf
2016-04-26 13:46 - 2016-04-26 13:46 - 00000326 _____ C:\Users\Ben\Downloads\webinar-appointment.ics
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-22 12:19 - 2015-09-17 19:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-22 11:33 - 2012-03-06 06:49 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-22 06:26 - 2009-07-14 00:45 - 00026464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-22 06:26 - 2009-07-14 00:45 - 00026464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-21 20:33 - 2012-03-06 06:49 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-20 20:00 - 2012-07-26 22:25 - 00000000 ____D C:\Program Files\Google
2016-05-20 20:00 - 2012-03-06 06:49 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-20 20:00 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-20 19:51 - 2016-01-16 13:53 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-05-20 19:49 - 2013-03-20 20:00 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2016-05-20 19:35 - 2012-08-07 12:59 - 00000000 ____D C:\Users\Ben\Documents\Outlook Files
2016-05-20 05:43 - 2014-09-22 15:35 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-20 05:41 - 2014-09-22 15:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-05-19 17:12 - 2014-10-23 11:36 - 00000000 ____D C:\Users\Ben\Documents\Business Meetings
2016-05-19 16:19 - 2015-02-03 12:20 - 00000000 ____D C:\Users\Ben\Documents\Constant Contact
2016-05-19 16:01 - 2012-11-15 09:48 - 00000000 ____D C:\Users\Ben\AppData\Local\Google
2016-05-19 10:27 - 2013-01-28 17:13 - 00000759 _____ C:\Users\Ben\Desktop\Welcome to Google Docs.website
2016-05-18 19:28 - 2015-12-08 17:03 - 00000000 ____D C:\Users\Ben\Documents\Security Team
2016-05-18 17:59 - 2014-06-16 11:38 - 00000042 _____ C:\Users\Ben\pdfprint.dat
2016-05-18 16:17 - 2012-07-10 19:22 - 00000000 ____D C:\Users\Ben\AppData\Local\Microsoft Help
2016-05-16 19:36 - 2013-02-27 16:20 - 00009312 _____ C:\Users\Ben\AppData\Roaming\Comma Separated Values (Windows).EML
2016-05-16 09:38 - 2012-08-07 12:00 - 00084480 _____ C:\Users\Ben\Desktop\Sunday School Attendance current.XLS
2016-05-16 08:36 - 2015-08-31 15:22 - 00000000 ____D C:\Users\Ben\Documents\2016 Budget
2016-05-15 22:19 - 2015-09-17 19:44 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-15 22:19 - 2015-09-17 19:44 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-15 21:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-05-15 18:48 - 2009-07-14 01:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-15 18:48 - 2009-07-14 00:45 - 00464040 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-15 17:46 - 2014-12-17 11:08 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-15 17:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-05-15 17:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-15 17:40 - 2009-07-14 01:13 - 00782574 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-15 17:38 - 2012-03-06 06:49 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-15 17:35 - 2014-09-12 11:48 - 00775188 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-05-15 08:17 - 2015-09-14 12:20 - 00000000 ____D C:\Users\Ben\AppData\Local\WORDsearch 11
2016-05-14 21:08 - 2012-03-22 10:27 - 00045056 _____ C:\Windows\SysWOW64\acovcnt.exe
2016-05-12 15:46 - 2015-11-29 20:27 - 00000000 ____D C:\Users\Ben\Documents\Romans
2016-05-12 13:15 - 2013-05-16 13:59 - 00000000 ____D C:\Users\Ben\Documents\Banner
2016-05-12 03:42 - 2015-04-04 13:28 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-12 03:42 - 2015-04-04 13:28 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-12 03:42 - 2014-04-27 07:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-05-12 03:42 - 2011-04-12 04:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 03:11 - 2013-09-07 18:18 - 00000000 ____D C:\Windows\system32\MRT
2016-05-12 03:00 - 2014-09-12 12:50 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-11 19:35 - 2012-10-03 08:18 - 00000000 ____D C:\Users\Ben\Documents\Hope Class
2016-05-09 13:49 - 2014-12-02 12:33 - 00000000 ____D C:\Users\Ben\Documents\Personnel
2016-05-08 12:14 - 2009-07-13 22:34 - 00452402 ____R C:\Windows\system32\Drivers\etc\hosts.20160509-202910.backup
2016-05-08 09:23 - 2012-03-22 10:25 - 00003026 _____ C:\Windows\system32\AutoRunFilter.ini
2016-05-08 09:23 - 2012-03-22 10:25 - 00001817 _____ C:\Windows\system32\ServiceFilter.ini
2016-05-08 09:21 - 2015-12-03 09:54 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-04 17:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-04 15:42 - 2013-10-30 15:41 - 00000000 ____D C:\Users\Ben\Documents\Financial Administrative Assistant
2016-05-04 12:41 - 2014-08-13 13:03 - 00000000 ____D C:\Users\Ben\Documents\Deacons
2016-05-03 11:09 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-05-03 10:58 - 2015-06-18 08:50 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3191172797-3150339674-2304963226-1001UA.job
2016-05-03 10:58 - 2015-06-18 08:50 - 00000858 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3191172797-3150339674-2304963226-1001Core.job
2016-05-02 17:45 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-05-02 13:40 - 2014-08-18 12:40 - 00000000 ____D C:\Users\Ben\Documents\Sunday School
2016-05-01 16:51 - 2014-09-12 09:53 - 00000000 ____D C:\Windows\pss
 
==================== Files in the root of some directories =======
 
2014-03-10 19:50 - 2014-03-10 19:50 - 0038469 _____ () C:\Users\Ben\AppData\Roaming\Comma Separated Values (DOS).ADR
2012-08-09 14:09 - 2014-08-18 17:11 - 0038334 _____ () C:\Users\Ben\AppData\Roaming\Comma Separated Values (Windows).ADR
2013-02-27 16:20 - 2016-05-16 19:36 - 0009312 _____ () C:\Users\Ben\AppData\Roaming\Comma Separated Values (Windows).EML
2014-09-21 21:48 - 2014-09-21 21:48 - 0003584 _____ () C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-16 15:44 - 2015-03-16 15:44 - 0000036 _____ () C:\Users\Ben\AppData\Local\housecall.guid.cache
2015-07-21 14:05 - 2015-07-21 14:05 - 0000017 _____ () C:\Users\Ben\AppData\Local\resmon.resmoncfg
2015-07-22 10:31 - 2015-08-10 14:57 - 0000010 _____ () C:\Users\Ben\AppData\Local\sponge.last.runtime.cache
2015-09-16 20:41 - 2015-09-16 20:41 - 0000000 _____ () C:\Users\Ben\AppData\Local\{E89B285E-55D5-4F68-AB71-F08B58DCD371}
2016-01-16 13:47 - 2016-04-13 17:34 - 0007522 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Users\Ben\pdfprint.dat
 

==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 

ATTENTION: ==> Could not access BCD. The user is not administrator
 
==================== End of FRST.txt ============================

------- End FRST.txt  ------------

 

----------  Additions.txt  -------------

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:22-05-2016 01
Ran by Ben (2016-05-22 12:19:53)
Running from C:\Users\Ben\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-09-12 15:43:36)
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Admin (S-1-5-21-3191172797-3150339674-2304963226-1006 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3191172797-3150339674-2304963226-500 - Administrator - Disabled)
Ben (S-1-5-21-3191172797-3150339674-2304963226-1001 - Limited - Enabled) => C:\Users\Ben
Guest (S-1-5-21-3191172797-3150339674-2304963226-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3191172797-3150339674-2304963226-1005 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Amazon Kindle (HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.2.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.19 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0013 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.28 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.0 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0037 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.24 - asus)
AsusScr_K3 Series_ENG (HKLM-x32\...\AsusScr_K3 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0014 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - epubfilereader.com)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Glary Utilities 2.47.0.1539 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.47.0.1539 - Glarysoft Ltd)
Google Apps Migration For Microsoft Outlook® 4.0.29.9 (HKLM-x32\...\{E8248BD6-6294-4CF6-9CF9-BDAAC0CC8253}) (Version: 4.0.29.9 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.8.440.1250 (HKLM-x32\...\{091C294E-F243-432C-93E1-DEC4C2B9635B}) (Version: 3.8.440.1250 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GoToMeeting 7.3.0.3499 (HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\...\GoToMeeting) (Version: 7.3.0.3499 - CitrixOnline)
HL-3170CDW (HKLM-x32\...\{C6580DE1-F539-4700-ADD2-3185121E51A8}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
IDS Client (HKLM-x32\...\{4EE4B3B1-39EC-42DB-9693-14EA20C0C48F}) (Version: 4.5.0.13211 - IDS Links)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6868.2062 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6828.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6828.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6828.1016 - Microsoft Corporation) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6304 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.98 (x32 Version: 1.48.2066.98 - Avast Software) Hidden
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TOSHIBA e-STUDIO AddressBook Viewer (HKLM\...\{F85C8C60-6A59-4E4F-947D-5FB4EEB0E2CC}) (Version: 1.30.000 - TOSHIBA TEC CORPORATION)
TOSHIBA e-STUDIO File Downloader (HKLM-x32\...\{0371781F-538F-49A3-AC5B-2992ADE220AE}) (Version: 1.30.000 - TOSHIBA TEC CORPORATION)
TOSHIBA e-STUDIO Remote Scan driver (HKLM-x32\...\{1F061DB3-28AA-44B9-8FDD-64D3C25B3BCD}) (Version: 1.30.000 - TOSHIBA TEC CORPORATION)
TOSHIBA e-STUDIO TWAIN Driver (HKLM-x32\...\{02DBF734-C4B0-4D0C-B17C-0A9DB1B5C4D8}) (Version: 1.30.000 - TOSHIBA TEC CORPORATION)
Uniquely You for Windows 16-Gift (HKLM-x32\...\Unique16) (Version:  - )
Uniquely You on the Web (HKLM-x32\...\UniqWeb) (Version:  - )
VCRT for DirectPass x64 (Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VCRT for DirectPass x86 (x32 Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.3 - ASUS)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)
Wondershare AllMyTube(Build 4.7.0.1) (HKLM-x32\...\Wondershare AllMyTube_is1) (Version: 4.7.0.1 - Wondershare Software)
WORDsearch 11 (HKLM-x32\...\WORDsearch 11) (Version:  - LifeWay)
WORDsearch 11 (x32 Version: 11 - WORDsearch Corp) Hidden
WORDsearch Installer (HKLM-x32\...\WORDsearch Installer) (Version:  - LifeWay)
WORDsearch Installer (x32 Version: 10 - WORDsearch Corp) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job =>
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3191172797-3150339674-2304963226-1001Core.job => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3191172797-3150339674-2304963226-1001UA.job => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3191172797-3150339674-2304963226-1001.job => C:\Users\Ben\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3191172797-3150339674-2304963226-1001.job => C:\Users\Ben\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job =>  <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job =>  <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-14 18:10 - 2016-05-02 07:01 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2012-12-14 02:42 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 

==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\...\trendmicro.com -> hxxps://pwm.trendmicro.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2016-05-09 20:29 - 00000938 ____R C:\Windows\system32\Drivers\etc\hosts
 

==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.35.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Ben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\AllMyTube\DelayPluginI.exe
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mctadmin => C:\Windows\System32\mctadmin.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Sidebar => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
MSCONFIG\startupreg: SonicMasterTray => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: ZipScript => C:\Program Files (x86)\WORDsearch 11\ZipScript.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6ABF5A44-E99D-4D5D-868C-005F2FFF9876}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{E93285D4-EBB9-47DF-8DB3-2869C70CD322}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{4837885A-87E0-4918-B8B7-CA18A2A0BA84}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [IDS Client Launcher-In-UDP] => (Allow) C:\Program Files (x86)\IDS LLC\IDS\Client\clientlauncher.exe
FirewallRules: [IDS Client Launcher-Out-TCP] => (Allow) C:\Program Files (x86)\IDS LLC\IDS\Client\clientlauncher.exe
FirewallRules: [IDS Client Launcher-In-TCP] => (Allow) C:\Program Files (x86)\IDS LLC\IDS\Client\clientlauncher.exe
FirewallRules: [IDS Client Launcher-Out-UDP] => (Allow) C:\Program Files (x86)\IDS LLC\IDS\Client\clientlauncher.exe
FirewallRules: [UDP Query User{4E8D21D5-186C-432C-AD90-7B2E38068014}C:\users\ben\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ben\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{60FA67E2-19F9-4EA6-B75E-B9BCD73C2DF0}C:\users\ben\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ben\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{95473F45-6317-4F0A-9965-AE6F85063826}] => (Allow) C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{829FFAB2-B901-4FEE-AF4E-44BD21C3690E}] => (Allow) C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{203182F8-499F-4B27-9C52-73D28EC951FD}E:\e-studio\setup.exe] => (Allow) E:\e-studio\setup.exe
FirewallRules: [TCP Query User{958CECB7-9A7A-40E0-B322-15ED7782833C}E:\e-studio\setup.exe] => (Allow) E:\e-studio\setup.exe
FirewallRules: [{4E95D625-CBBD-4190-AE1A-B62014615E39}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{75949EDD-4E24-4BE3-B8A8-3E12EABE7645}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{01E32914-5F5B-40E7-BD55-FBD19B5FB361}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8F28DFE9-135D-4AA8-AD78-739E48FEF597}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6E474D80-F1CF-4B06-9AA6-8ECE5051BA79}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{B70F1A94-0081-44CC-A107-D20A439EF583}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E6270FE6-9CFE-41B0-8138-DA4F0713BF99}] => (Allow) LPort=1900
FirewallRules: [{39AAC38A-96B4-4FEE-935D-3A979E122D68}] => (Allow) LPort=2869
FirewallRules: [{13D0D4AD-D0AF-4ACD-946A-526C30C7005A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{5E0C7B0B-E1FB-487A-B0F0-81FE59459797}E:\e-studio\setup.exe] => (Allow) E:\e-studio\setup.exe
FirewallRules: [UDP Query User{C3E8C7BC-3566-40A2-A6E7-D5979F266E81}E:\e-studio\setup.exe] => (Allow) E:\e-studio\setup.exe
FirewallRules: [{10EBD328-1DA7-452C-BDA6-DA51F6BC09F0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C3CFEACD-6610-4EC7-9AB4-755DD9527157}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7C9D0793-5551-44B1-A134-B8AFC03574FB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{018FA3A4-09A2-42B7-BA40-761D8E858D46}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{827F1F15-5281-4FFD-A6D6-30B7241E7A49}C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe] => (Allow) C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe
FirewallRules: [UDP Query User{CF4C1F88-5C15-4DBB-84F7-1672F9C88103}C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe] => (Allow) C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe
FirewallRules: [{05AB38EF-940D-4C48-A6BC-F32BD2FC38B0}] => (Block) C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe
FirewallRules: [{CE789D3A-1148-4C07-A665-E0DE9108278B}] => (Block) C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe
FirewallRules: [TCP Query User{AD1B55FD-0E5A-4B50-8AD0-C3A08A864946}C:\program files (x86)\wondershare\youtube-downloader\urlreqservice.exe] => (Block) C:\program files (x86)\wondershare\youtube-downloader\urlreqservice.exe
FirewallRules: [UDP Query User{36F8F629-8FB6-444B-84BE-B8D899A7AFCD}C:\program files (x86)\wondershare\youtube-downloader\urlreqservice.exe] => (Block) C:\program files (x86)\wondershare\youtube-downloader\urlreqservice.exe
FirewallRules: [{1161B428-EC48-4AAB-94A7-B8EC79415584}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{3B3C10DE-3C30-4142-9296-B57CB7731959}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{2055DD44-4B9C-41DD-9C6D-E7DFCD4C0657}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8C02BFF1-7244-48F2-824F-730C6BB7BD1F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{A8179EA9-BE56-41DB-82E8-FD7B7BD50B15}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{25F08F09-D1EC-44BB-A708-1FF5AC8172DA}C:\users\ben\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Block) C:\users\ben\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{091E7DFA-CCC8-435D-863D-F35DE4FB91A2}C:\users\ben\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Block) C:\users\ben\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\IDS LLC\IDS\Client\clientlauncher.exe] => Enabled:IDS Client Launcher
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\IDS LLC\IDS\Client\clientlauncher.exe] => Enabled:IDS Client Launcher
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
 

==================== Faulty Device Manager Devices =============
 
Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/22/2016 10:47:08 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (05/22/2016 03:02:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.14275.1000, time stamp: 0x56e8dec4
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xc06d007e
Fault offset: 0x000000000001a06d
Faulting process id: 0x142c
Faulting application start time: 0xCompatTelRunner.exe0
Faulting application path: CompatTelRunner.exe1
Faulting module path: CompatTelRunner.exe2
Report Id: CompatTelRunner.exe3
 
Error: (05/21/2016 03:48:08 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108
 
Error: (05/21/2016 02:05:38 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108
 
Error: (05/21/2016 04:52:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.14275.1000, time stamp: 0x56e8dec4
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xc06d007e
Fault offset: 0x000000000001a06d
Faulting process id: 0x1530
Faulting application start time: 0xCompatTelRunner.exe0
Faulting application path: CompatTelRunner.exe1
Faulting module path: CompatTelRunner.exe2
Report Id: CompatTelRunner.exe3
 
Error: (05/20/2016 08:47:27 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (05/20/2016 03:09:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.14275.1000, time stamp: 0x56e8dec4
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xc06d007e
Fault offset: 0x000000000001a06d
Faulting process id: 0x1210
Faulting application start time: 0xCompatTelRunner.exe0
Faulting application path: CompatTelRunner.exe1
Faulting module path: CompatTelRunner.exe2
Report Id: CompatTelRunner.exe3
 
Error: (05/20/2016 01:46:22 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (05/19/2016 06:34:33 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (05/19/2016 04:04:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.14275.1000, time stamp: 0x56e8dec4
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xc06d007e
Fault offset: 0x000000000001a06d
Faulting process id: 0x1760
Faulting application start time: 0xCompatTelRunner.exe0
Faulting application path: CompatTelRunner.exe1
Faulting module path: CompatTelRunner.exe2
Report Id: CompatTelRunner.exe3
 

System errors:
=============
Error: (05/22/2016 03:02:04 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Diagnostics Tracking Service service terminated with the following error:
%%-2147024843
 
Error: (05/21/2016 04:52:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Diagnostics Tracking Service service terminated with the following error:
%%-2147024843
 
Error: (05/20/2016 08:02:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/20/2016 08:01:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Diagnostics Tracking Service service terminated with the following error:
%%-2147024843
 
Error: (05/20/2016 08:00:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3
 
Error: (05/20/2016 06:59:53 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (05/20/2016 03:09:41 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Diagnostics Tracking Service service terminated with the following error:
%%-2147024843
 
Error: (05/19/2016 04:04:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Diagnostics Tracking Service service terminated with the following error:
%%-2147024843
 
Error: (05/18/2016 09:28:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MEMSWEEP2 service failed to start due to the following error:
%%1275
 
Error: (05/18/2016 09:28:24 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\system32\31E.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 

CodeIntegrity:
===================================
  Date: 2016-05-18 21:28:24.387
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\31E.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-18 21:28:24.309
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\31E.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-18 21:28:23.732
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\31E.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-18 21:28:23.654
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\31E.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-18 20:07:03.735
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\31E.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-18 20:07:03.672
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\31E.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-18 19:57:03.928
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DBEE.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-18 19:57:03.866
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DBEE.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-15 18:34:50.995
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DE9D.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-15 18:34:50.933
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DE9D.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 

==================== Memory info ===========================
 
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 30%
Total physical RAM: 7969.14 MB
Available physical RAM: 5571.1 MB
Total Virtual: 15936.46 MB
Available Virtual: 13421.47 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:96.31 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:254.46 GB) (Free:254.19 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================

 

-------- End Additions.txt  ----------------



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:44 AM

Posted 27 May 2016 - 09:04 AM

Greetings Michael and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please rerun FRST making sure Addition.txt is checked. You must right click on the icon and select Run as administrator. In addition, please do this.

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • If you receive a warning you are running a 32 bit version, ignore the warning and click Yes to continue anywar
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed you will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Cleaning
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Frst.txt
  • Addition.txt
  • RogueKiller log
  • MTM log
  • AdwCleaner log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 mar_initials

mar_initials
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 27 May 2016 - 10:51 PM

Gary -

 

Thanks so much for your help. When I ran the MiniToolBox - it stated that I did not run it as an administrator.  I ran it a second time as an administrator - and am uploading both logs.

 

When AdwCleaner rebooted the laptop - it did not bring up a text file when I logged on.  I searched for .txt files on the laptop dated today, and found two that seemed to have been created by adwcleaner.  I have uploaded both.

 

I apologize in advance if this was not the right course of action - and again, thanks so much for your help.

 

Michael

 

-----------------  frst.txt  -----------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:22-05-2016 01
Ran by Admin (administrator) on BEN-PC (27-05-2016 22:31:39)
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben & Admin (Available Profiles: Ben & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(IDS Links) C:\Program Files (x86)\IDS LLC\IDS\Client\UpdateService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-03-06] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-23] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\...\MountPoints2: {ebddf37a-d535-11e1-afb0-c86000449414} - F:\LaunchU3.exe
HKU\S-1-5-21-3191172797-3150339674-2304963226-1006\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-09] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.35.1
Tcpip\..\Interfaces\{08D34172-7635-4E5F-A61F-813CE16911D4}: [DhcpNameServer] 192.168.35.1
Tcpip\..\Interfaces\{9DEBBBEE-3108-4204-8350-25B9DFD1C405}: [DhcpNameServer] 192.168.3.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-05-02] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-21] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-09] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-05-02] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-02] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-21] (Oracle Corporation)
BHO-x32: Wondershare AllMyTube 4.7.0 -> {067DF9EC-26B7-40DC-8DB8-CD8BE85AE367} -> C:\ProgramData\Wondershare\AllMyTube\WSBrowserAppMgr.dll [2015-09-16] (Wondershare)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-09] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-05-02] (Microsoft Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {1241F20B-0688-45A5-ADB2-208AFE4A5DDC}
DPF: HKLM-x32 {23C36C53-9D4E-4860-96A8-E3AB44A209E7} hxxps://secure.accessacs.com/access/changerequest/AccessACSCR.ocx
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-02] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 -  No File
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-05-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3191172797-3150339674-2304963226-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ben\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-04-02] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-09]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-09]
FF HKLM-x32\...\Firefox\Extensions: [support@acs-ids.com] - C:\Program Files (x86)\IDS LLC\IDS\Plugin\idsnsplugin_ff3.windows
FF Extension: IDS IDS Server - C:\Program Files (x86)\IDS LLC\IDS\Plugin\idsnsplugin_ff3.windows [2014-09-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension => not found
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [AllMyTube@Wondershare.com] - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com
FF Extension: Wondershare AllMyTube - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com [2015-12-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
 
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-02-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-09]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-09] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5570120 2016-02-09] (Avast Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2911472 2016-05-02] (Microsoft Corporation)
R2 GGUpdateClient; C:\Program Files (x86)\IDS LLC\IDS\Client\UpdateService.exe [108664 2012-09-21] (IDS Links)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-02-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-10] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MEMSWEEP2; C:\Windows\system32\31E.tmp [6144 2011-08-25] (Sophos Plc) [File not signed]
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [154024 2016-02-09] (AVAST Software)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-20] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2016-02-09] (Avast Software)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
U2 TMAgent; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-27 22:31 - 2016-05-27 22:31 - 00019156 _____ C:\Users\Ben\Desktop\FRST.txt
2016-05-22 12:19 - 2016-05-27 22:31 - 00000000 ____D C:\FRST
2016-05-22 12:18 - 2016-05-22 12:17 - 02383360 _____ (Farbar) C:\Users\Ben\Desktop\FRST64.exe
2016-05-22 12:17 - 2016-05-22 12:17 - 02383360 _____ (Farbar) C:\Users\Ben\Downloads\FRST64.exe
2016-05-20 19:51 - 2016-05-20 19:51 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Yahoo!
2016-05-20 19:31 - 2016-05-20 19:31 - 09096848 _____ (SurfRight B.V.) C:\Users\Ben\Downloads\HitmanPro.exe
2016-05-20 19:16 - 2016-05-20 19:16 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Macromedia
2016-05-20 18:59 - 2016-05-20 18:59 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-05-20 18:58 - 2016-05-20 19:47 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-20 18:58 - 2016-05-20 18:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2016-05-20 18:56 - 2016-05-20 18:56 - 19840072 _____ C:\Users\Ben\Downloads\RogueKiller.exe
2016-05-19 16:44 - 2016-05-19 16:45 - 01835048 _____ (LogMeIn, Inc.) C:\Users\Ben\Downloads\Support-LogMeInRescue (1).exe
2016-05-19 10:47 - 2016-05-19 10:47 - 01081227 _____ C:\Users\Ben\Downloads\Robious Landing Park (L) (1).pdf
2016-05-19 10:47 - 2016-05-19 10:47 - 00191377 _____ C:\Users\Ben\Downloads\Picnic Shelter Reservation Form.pdf
2016-05-19 10:46 - 2016-05-19 10:46 - 01081227 _____ C:\Users\Ben\Downloads\Robious Landing Park (L).pdf
2016-05-18 20:07 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\31E.tmp
2016-05-18 19:57 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\DBEE.tmp
2016-05-15 19:23 - 2015-07-16 15:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-05-15 19:23 - 2015-07-16 15:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2016-05-15 19:23 - 2015-07-16 15:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2016-05-15 19:23 - 2015-07-16 15:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-05-15 19:23 - 2015-07-16 15:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-05-15 19:23 - 2015-07-16 15:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-05-15 19:23 - 2015-07-11 09:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-05-15 18:35 - 2015-12-20 14:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-05-15 18:35 - 2015-12-20 14:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-05-15 18:35 - 2015-12-20 10:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-05-15 18:35 - 2014-12-11 13:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-05-15 18:34 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\DE9D.tmp
2016-05-15 18:15 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\379.tmp
2016-05-15 18:14 - 2016-05-20 19:48 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2016-05-15 18:14 - 2016-05-15 18:14 - 00000020 ___SH C:\Users\Admin\ntuser.ini
2016-05-15 18:14 - 2016-05-15 18:14 - 00000000 _SHDL C:\Users\Admin\My Documents
2016-05-15 18:14 - 2016-05-15 18:14 - 00000000 _SHDL C:\Users\Admin\Documents\My Videos
2016-05-15 18:14 - 2016-05-15 18:14 - 00000000 _SHDL C:\Users\Admin\Documents\My Pictures
2016-05-15 18:14 - 2016-05-15 18:14 - 00000000 _SHDL C:\Users\Admin\Documents\My Music
2016-05-15 18:14 - 2016-05-15 18:14 - 00000000 ____D C:\Users\Admin
2016-05-15 18:14 - 2015-12-07 13:09 - 00002106 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-05-15 18:14 - 2014-09-12 11:20 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TuneUp Software
2016-05-15 18:14 - 2014-09-12 11:20 - 00000000 ____D C:\Users\Admin\AppData\Local\Microsoft Help
2016-05-15 18:14 - 2013-12-17 21:52 - 00002106 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2016-05-15 18:14 - 2011-04-12 04:28 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Media Center Programs
2016-05-15 17:42 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2016-05-15 17:42 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2016-05-15 17:42 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-05-15 17:42 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2016-05-15 17:42 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2016-05-15 17:42 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2016-05-15 17:42 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2016-05-15 17:42 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2016-05-15 17:42 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2016-05-15 17:42 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2016-05-15 17:39 - 2012-08-23 10:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2016-05-15 17:39 - 2012-08-23 10:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2016-05-15 17:39 - 2012-08-23 07:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2016-05-15 17:39 - 2012-08-23 06:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2016-05-15 17:39 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\2E9E.tmp
2016-05-15 17:31 - 2016-03-09 15:00 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-05-15 17:31 - 2016-03-09 15:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-05-15 17:31 - 2016-03-09 14:40 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-05-15 17:31 - 2016-03-09 14:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-05-15 17:31 - 2015-12-16 14:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-05-15 17:31 - 2015-12-16 14:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-05-15 17:31 - 2015-12-16 14:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-05-15 17:31 - 2015-12-16 14:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-05-15 17:31 - 2015-12-16 14:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-05-15 17:31 - 2015-12-16 14:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-05-15 17:31 - 2015-12-16 14:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-05-15 17:31 - 2015-12-16 14:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-05-15 17:31 - 2015-12-16 10:38 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2016-05-15 17:31 - 2015-12-16 10:37 - 00419928 _____ C:\Windows\system32\locale.nls
2016-05-15 17:31 - 2015-08-05 13:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2016-05-15 17:31 - 2015-08-05 13:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2016-05-14 21:24 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\85A4.tmp
2016-05-14 21:10 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\AD00.tmp
2016-05-12 15:53 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\8B6F.tmp
2016-05-12 15:47 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\1BE9.tmp
2016-05-11 22:18 - 2016-04-23 13:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 22:18 - 2016-04-23 12:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 22:18 - 2016-04-23 01:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 22:18 - 2016-04-23 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 22:18 - 2016-04-23 01:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 22:18 - 2016-04-23 01:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 22:18 - 2016-04-23 00:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 22:18 - 2016-04-23 00:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 22:18 - 2016-04-23 00:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 22:18 - 2016-04-23 00:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 22:18 - 2016-04-23 00:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 22:18 - 2016-04-23 00:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 22:18 - 2016-04-23 00:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 22:18 - 2016-04-23 00:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 22:18 - 2016-04-23 00:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 22:18 - 2016-04-23 00:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 22:18 - 2016-04-23 00:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-11 22:18 - 2016-04-23 00:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-11 22:18 - 2016-04-23 00:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 22:18 - 2016-04-23 00:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-11 22:18 - 2016-04-23 00:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 22:18 - 2016-04-23 00:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 22:18 - 2016-04-23 00:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 22:18 - 2016-04-23 00:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 22:18 - 2016-04-23 00:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-11 22:18 - 2016-04-22 23:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 22:18 - 2016-04-22 23:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 22:18 - 2016-04-22 23:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-11 22:18 - 2016-04-22 23:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 22:18 - 2016-04-22 23:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-11 22:18 - 2016-04-22 23:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-11 22:18 - 2016-04-22 23:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 22:18 - 2016-04-22 23:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 22:18 - 2016-04-22 23:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 22:18 - 2016-04-22 23:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-11 22:18 - 2016-04-22 23:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 22:18 - 2016-04-22 23:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 22:18 - 2016-04-22 23:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 22:18 - 2016-04-22 23:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 22:18 - 2016-04-22 23:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 22:18 - 2016-04-22 23:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 22:18 - 2016-04-09 02:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 22:18 - 2016-04-09 02:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 22:18 - 2016-03-17 18:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-05-11 22:18 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-05-11 22:18 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-05-11 22:18 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-05-11 22:18 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-05-11 22:18 - 2016-02-12 14:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-05-11 22:18 - 2016-02-12 14:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-05-11 22:18 - 2016-02-12 14:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-05-11 22:18 - 2016-02-12 14:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-05-11 22:18 - 2016-02-12 14:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-05-11 22:18 - 2016-02-12 14:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-05-11 22:18 - 2016-02-12 14:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-05-11 22:18 - 2016-02-12 14:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-05-11 22:18 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-05-11 22:18 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-05-11 22:18 - 2016-02-12 14:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-05-11 22:18 - 2016-02-12 14:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-05-11 22:18 - 2016-02-12 14:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-05-11 22:18 - 2016-02-12 14:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-05-11 22:18 - 2016-02-12 14:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-05-11 22:18 - 2016-02-12 14:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-05-11 22:18 - 2016-02-05 14:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-05-11 22:18 - 2016-02-05 14:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-05-11 22:18 - 2016-02-05 13:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-05-11 22:18 - 2016-01-22 02:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-05-11 22:18 - 2016-01-22 02:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-05-11 22:18 - 2016-01-22 02:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-05-11 22:18 - 2016-01-22 02:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-05-11 22:18 - 2016-01-22 02:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-05-11 22:18 - 2016-01-22 02:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-05-11 22:18 - 2016-01-22 02:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-05-11 22:18 - 2016-01-22 02:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-05-11 22:18 - 2016-01-22 02:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-05-11 22:18 - 2016-01-22 01:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-05-11 22:18 - 2016-01-22 01:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-05-11 22:18 - 2016-01-22 01:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-05-11 22:18 - 2016-01-20 20:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-05-11 22:18 - 2015-06-03 16:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-05-11 22:17 - 2016-04-23 01:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 22:17 - 2016-04-23 01:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 22:17 - 2016-04-23 01:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 22:17 - 2016-04-23 01:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 22:17 - 2016-04-23 01:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 22:17 - 2016-04-23 00:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 22:17 - 2016-04-23 00:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 22:17 - 2016-04-23 00:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 22:17 - 2016-04-23 00:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 22:17 - 2016-04-23 00:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 22:17 - 2016-04-23 00:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 22:17 - 2016-04-23 00:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 22:17 - 2016-04-23 00:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 22:17 - 2016-04-23 00:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 22:17 - 2016-04-23 00:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 22:17 - 2016-04-23 00:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 22:17 - 2016-04-23 00:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 22:17 - 2016-04-23 00:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 22:17 - 2016-04-22 23:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 22:17 - 2016-04-22 23:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 22:17 - 2016-04-22 23:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-11 22:17 - 2016-04-22 23:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 22:17 - 2016-04-22 23:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 22:17 - 2016-04-22 23:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-11 22:17 - 2016-04-22 23:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 22:17 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 22:17 - 2016-04-14 09:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 22:17 - 2016-04-09 03:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 22:17 - 2016-04-09 03:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 22:17 - 2016-04-09 03:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 22:17 - 2016-04-09 03:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 22:17 - 2016-04-09 03:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 22:17 - 2016-04-09 03:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 22:17 - 2016-04-09 03:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 22:17 - 2016-04-09 02:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 22:17 - 2016-04-09 02:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 22:17 - 2016-04-09 02:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 22:17 - 2016-04-09 02:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 01:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 22:17 - 2016-04-09 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 22:17 - 2016-04-09 01:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 22:17 - 2016-04-09 01:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 22:17 - 2016-04-09 01:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 22:17 - 2016-04-09 01:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 22:17 - 2016-04-09 01:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 22:17 - 2016-04-09 01:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 22:17 - 2016-04-09 01:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 22:17 - 2016-04-09 01:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 22:17 - 2016-04-09 01:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 22:17 - 2016-04-09 01:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 22:17 - 2016-04-09 01:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 22:17 - 2016-04-09 01:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 22:17 - 2016-04-09 01:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 22:17 - 2016-04-09 01:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 22:17 - 2016-04-09 01:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 22:17 - 2016-04-09 01:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 22:17 - 2016-04-09 01:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 01:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 01:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 22:17 - 2016-04-09 01:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 22:17 - 2016-04-06 11:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 22:17 - 2016-04-04 14:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-05-11 22:17 - 2016-04-04 14:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-05-11 22:17 - 2016-04-02 09:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-05-11 22:17 - 2016-03-23 10:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-05-11 22:17 - 2016-03-17 14:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-05-11 22:17 - 2016-03-17 14:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-05-11 22:17 - 2016-03-17 14:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-05-11 22:17 - 2016-03-17 14:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-05-11 22:17 - 2016-03-16 14:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-05-11 22:17 - 2016-03-16 14:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-05-11 22:17 - 2016-03-16 14:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-05-11 22:17 - 2016-03-09 14:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 22:17 - 2016-03-09 14:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-11 22:17 - 2016-03-06 14:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-05-11 22:17 - 2016-03-06 14:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-05-11 22:17 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-05-11 22:17 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-05-11 22:17 - 2016-02-09 05:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-05-11 22:17 - 2016-02-09 05:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-05-11 22:17 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-05-11 22:17 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-05-11 22:17 - 2016-02-09 05:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-05-11 22:17 - 2016-02-09 05:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-05-11 22:17 - 2016-02-09 05:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-05-11 22:17 - 2016-02-09 05:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-05-11 22:17 - 2016-02-09 05:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-05-11 22:17 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-05-11 22:17 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-05-11 22:17 - 2016-02-05 14:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-05-11 22:17 - 2016-02-05 14:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-05-11 22:17 - 2016-02-05 14:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-05-11 22:17 - 2016-02-05 14:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-05-11 22:17 - 2016-02-05 14:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-05-11 22:17 - 2016-02-05 14:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-05-11 22:17 - 2016-02-05 14:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-05-11 22:17 - 2016-02-05 13:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-05-11 22:17 - 2016-02-05 13:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-05-11 22:17 - 2016-02-05 13:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-05-11 22:17 - 2016-02-04 21:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-05-11 22:17 - 2016-02-04 14:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-05-11 22:17 - 2016-02-03 14:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-05-11 22:17 - 2016-02-03 14:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-05-11 22:17 - 2016-02-03 14:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-05-11 22:17 - 2016-02-03 14:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-05-11 22:17 - 2016-02-03 14:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-05-11 22:17 - 2016-02-02 14:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-05-11 22:17 - 2016-01-11 15:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-05-11 22:17 - 2016-01-07 13:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-05-11 22:17 - 2015-11-19 10:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-05-11 22:17 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-05-11 22:10 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 22:10 - 2016-04-08 23:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 21:08 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\387F.tmp
2016-05-11 21:07 - 2016-05-11 21:07 - 04759456 _____ (LionSea Software co., ltd ) C:\Users\Ben\Downloads\setup.exe
2016-05-11 21:07 - 2016-05-11 21:07 - 04759456 _____ (LionSea Software co., ltd ) C:\Users\Ben\Downloads\setup (1).exe
2016-05-11 20:53 - 2016-05-20 19:50 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-05-11 20:53 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\5791.tmp
2016-05-11 20:51 - 2016-05-11 20:53 - 00217486 _____ C:\TDSSKiller.3.1.0.9_11.05.2016_20.51.10_log.txt
2016-05-09 20:29 - 2016-05-20 19:51 - 00000085 _____ C:\Windows\wininit.ini
2016-05-08 12:14 - 2009-06-10 17:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160508-121440.backup
2016-05-08 11:04 - 2016-05-08 11:04 - 00000000 ____D C:\Users\Ben\Documents\ProcAlyzer Dumps
2016-05-08 09:19 - 2016-05-20 20:00 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-05-08 09:19 - 2016-05-20 19:51 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-05-08 09:19 - 2016-05-08 09:19 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-05-04 19:40 - 2016-05-15 17:38 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-02 17:45 - 2016-05-02 17:45 - 00000000 ____D C:\Program Files (x86)\ESET
2016-05-01 16:31 - 2016-05-16 19:45 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-05-01 16:31 - 2016-05-01 16:31 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-01 16:31 - 2016-05-01 16:31 - 00000000 ____D C:\Program Files\CCleaner
2016-05-01 16:30 - 2016-05-01 16:30 - 06882192 _____ (Piriform Ltd) C:\Users\Ben\Downloads\ccsetup517.exe
2016-05-01 16:09 - 2016-05-01 16:09 - 00000000 ____D C:\Users\Ben\AppData\Local\{F2F75982-8982-4A8B-8B26-7165203A4D54}
2016-05-01 08:09 - 2016-05-01 08:09 - 01501155 _____ C:\Users\Ben\Documents\Secret Church complete book.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-27 22:27 - 2014-03-15 20:48 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Skype
2016-05-27 22:19 - 2015-09-17 19:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-27 21:33 - 2012-03-06 06:49 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-27 21:22 - 2009-07-14 00:45 - 00026464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-27 21:22 - 2009-07-14 00:45 - 00026464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-27 20:33 - 2012-03-06 06:49 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-26 03:00 - 2015-04-04 13:28 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-26 03:00 - 2015-04-04 13:28 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-20 20:00 - 2012-07-26 22:25 - 00000000 ____D C:\Program Files\Google
2016-05-20 20:00 - 2012-03-06 06:49 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-20 20:00 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-20 19:51 - 2016-01-16 13:53 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-05-20 19:49 - 2013-03-20 20:00 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2016-05-20 19:35 - 2012-08-07 12:59 - 00000000 ____D C:\Users\Ben\Documents\Outlook Files
2016-05-20 05:43 - 2014-09-22 15:35 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-20 05:41 - 2014-09-22 15:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-05-19 17:12 - 2014-10-23 11:36 - 00000000 ____D C:\Users\Ben\Documents\Business Meetings
2016-05-19 16:19 - 2015-02-03 12:20 - 00000000 ____D C:\Users\Ben\Documents\Constant Contact
2016-05-19 16:01 - 2012-11-15 09:48 - 00000000 ____D C:\Users\Ben\AppData\Local\Google
2016-05-19 10:27 - 2013-01-28 17:13 - 00000759 _____ C:\Users\Ben\Desktop\Welcome to Google Docs.website
2016-05-18 19:28 - 2015-12-08 17:03 - 00000000 ____D C:\Users\Ben\Documents\Security Team
2016-05-18 17:59 - 2014-06-16 11:38 - 00000042 _____ C:\Users\Ben\pdfprint.dat
2016-05-18 16:17 - 2012-07-10 19:22 - 00000000 ____D C:\Users\Ben\AppData\Local\Microsoft Help
2016-05-16 19:36 - 2013-02-27 16:20 - 00009312 _____ C:\Users\Ben\AppData\Roaming\Comma Separated Values (Windows).EML
2016-05-16 09:38 - 2012-08-07 12:00 - 00084480 _____ C:\Users\Ben\Desktop\Sunday School Attendance current.XLS
2016-05-16 08:36 - 2015-08-31 15:22 - 00000000 ____D C:\Users\Ben\Documents\2016 Budget
2016-05-15 22:19 - 2015-09-17 19:44 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-15 22:19 - 2015-09-17 19:44 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-15 22:19 - 2015-09-17 19:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-15 21:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-05-15 18:48 - 2009-07-14 01:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-15 18:48 - 2009-07-14 00:45 - 00464040 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-15 17:46 - 2014-12-17 11:08 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-15 17:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-05-15 17:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-15 17:40 - 2009-07-14 01:13 - 00782574 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-15 17:38 - 2012-03-06 06:49 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-15 17:35 - 2014-09-12 11:48 - 00775188 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-05-15 17:22 - 2015-08-23 21:48 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-05-15 08:17 - 2015-09-14 12:20 - 00000000 ____D C:\Users\Ben\AppData\Local\WORDsearch 11
2016-05-14 21:08 - 2012-03-22 10:27 - 00045056 _____ C:\Windows\SysWOW64\acovcnt.exe
2016-05-12 15:46 - 2015-11-29 20:27 - 00000000 ____D C:\Users\Ben\Documents\Romans
2016-05-12 13:15 - 2013-05-16 13:59 - 00000000 ____D C:\Users\Ben\Documents\Banner
2016-05-12 03:42 - 2014-04-27 07:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-05-12 03:42 - 2011-04-12 04:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 03:11 - 2013-09-07 18:18 - 00000000 ____D C:\Windows\system32\MRT
2016-05-12 03:00 - 2014-09-12 12:50 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-11 19:35 - 2012-10-03 08:18 - 00000000 ____D C:\Users\Ben\Documents\Hope Class
2016-05-10 20:28 - 2012-03-06 06:49 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 20:28 - 2012-03-06 06:49 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-09 13:49 - 2014-12-02 12:33 - 00000000 ____D C:\Users\Ben\Documents\Personnel
2016-05-08 12:14 - 2009-07-13 22:34 - 00452402 ____R C:\Windows\system32\Drivers\etc\hosts.20160509-202910.backup
2016-05-08 09:23 - 2012-03-22 10:25 - 00003026 _____ C:\Windows\system32\AutoRunFilter.ini
2016-05-08 09:23 - 2012-03-22 10:25 - 00001817 _____ C:\Windows\system32\ServiceFilter.ini
2016-05-08 09:21 - 2015-12-03 09:54 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-04 17:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-04 15:42 - 2013-10-30 15:41 - 00000000 ____D C:\Users\Ben\Documents\Financial Administrative Assistant
2016-05-04 12:41 - 2014-08-13 13:03 - 00000000 ____D C:\Users\Ben\Documents\Deacons
2016-05-03 11:09 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-05-03 10:58 - 2015-06-18 08:50 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3191172797-3150339674-2304963226-1001UA.job
2016-05-03 10:58 - 2015-06-18 08:50 - 00000858 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3191172797-3150339674-2304963226-1001Core.job
2016-05-02 21:02 - 2015-06-18 08:50 - 00003888 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3191172797-3150339674-2304963226-1001UA
2016-05-02 21:02 - 2015-06-18 08:50 - 00003492 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3191172797-3150339674-2304963226-1001Core
2016-05-02 17:45 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-05-02 13:40 - 2014-08-18 12:40 - 00000000 ____D C:\Users\Ben\Documents\Sunday School
2016-05-01 16:51 - 2014-09-12 09:53 - 00000000 ____D C:\Windows\pss
2016-05-01 16:11 - 2016-02-09 20:41 - 00003044 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1455064832
 
==================== Files in the root of some directories =======
 
2016-01-16 13:47 - 2016-04-13 17:34 - 0007522 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Users\Ben\pdfprint.dat
 

Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\dllnt_dump.dll
 

==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2016-05-18 00:09
 
==================== End of FRST.txt ============================

   ​

----------- addition.txt  --------------

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:22-05-2016 01
Ran by Admin (2016-05-27 22:32:08)
Running from C:\Users\Ben\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-09-12 15:43:36)
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Admin (S-1-5-21-3191172797-3150339674-2304963226-1006 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3191172797-3150339674-2304963226-500 - Administrator - Disabled)
Ben (S-1-5-21-3191172797-3150339674-2304963226-1001 - Limited - Enabled) => C:\Users\Ben
Guest (S-1-5-21-3191172797-3150339674-2304963226-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3191172797-3150339674-2304963226-1005 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Amazon Kindle (HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.2.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.19 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0013 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.28 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.0 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0037 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.24 - asus)
AsusScr_K3 Series_ENG (HKLM-x32\...\AsusScr_K3 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0014 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - epubfilereader.com)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Glary Utilities 2.47.0.1539 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.47.0.1539 - Glarysoft Ltd)
Google Apps Migration For Microsoft Outlook® 4.0.29.9 (HKLM-x32\...\{E8248BD6-6294-4CF6-9CF9-BDAAC0CC8253}) (Version: 4.0.29.9 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.8.440.1250 (HKLM-x32\...\{091C294E-F243-432C-93E1-DEC4C2B9635B}) (Version: 3.8.440.1250 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GoToMeeting 7.3.0.3499 (HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\...\GoToMeeting) (Version: 7.3.0.3499 - CitrixOnline)
HL-3170CDW (HKLM-x32\...\{C6580DE1-F539-4700-ADD2-3185121E51A8}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
IDS Client (HKLM-x32\...\{4EE4B3B1-39EC-42DB-9693-14EA20C0C48F}) (Version: 4.5.0.13211 - IDS Links)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6868.2062 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6828.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6828.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6828.1016 - Microsoft Corporation) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6304 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.98 (x32 Version: 1.48.2066.98 - Avast Software) Hidden
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TOSHIBA e-STUDIO AddressBook Viewer (HKLM\...\{F85C8C60-6A59-4E4F-947D-5FB4EEB0E2CC}) (Version: 1.30.000 - TOSHIBA TEC CORPORATION)
TOSHIBA e-STUDIO File Downloader (HKLM-x32\...\{0371781F-538F-49A3-AC5B-2992ADE220AE}) (Version: 1.30.000 - TOSHIBA TEC CORPORATION)
TOSHIBA e-STUDIO Remote Scan driver (HKLM-x32\...\{1F061DB3-28AA-44B9-8FDD-64D3C25B3BCD}) (Version: 1.30.000 - TOSHIBA TEC CORPORATION)
TOSHIBA e-STUDIO TWAIN Driver (HKLM-x32\...\{02DBF734-C4B0-4D0C-B17C-0A9DB1B5C4D8}) (Version: 1.30.000 - TOSHIBA TEC CORPORATION)
Uniquely You for Windows 16-Gift (HKLM-x32\...\Unique16) (Version:  - )
Uniquely You on the Web (HKLM-x32\...\UniqWeb) (Version:  - )
VCRT for DirectPass x64 (Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VCRT for DirectPass x86 (x32 Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.3 - ASUS)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)
Wondershare AllMyTube(Build 4.7.0.1) (HKLM-x32\...\Wondershare AllMyTube_is1) (Version: 4.7.0.1 - Wondershare Software)
WORDsearch 11 (HKLM-x32\...\WORDsearch 11) (Version:  - LifeWay)
WORDsearch 11 (x32 Version: 11 - WORDsearch Corp) Hidden
WORDsearch Installer (HKLM-x32\...\WORDsearch Installer) (Version:  - LifeWay)
WORDsearch Installer (x32 Version: 10 - WORDsearch Corp) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3191172797-3150339674-2304963226-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3191172797-3150339674-2304963226-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Ben\AppData\Local\Citrix\GoToMeeting\2185\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3191172797-3150339674-2304963226-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3191172797-3150339674-2304963226-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3191172797-3150339674-2304963226-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3191172797-3150339674-2304963226-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3191172797-3150339674-2304963226-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3191172797-3150339674-2304963226-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3191172797-3150339674-2304963226-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3191172797-3150339674-2304963226-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3191172797-3150339674-2304963226-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3191172797-3150339674-2304963226-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03481314-0D56-4EA1-8187-8F544F93BADC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {0F1DCFCE-E60C-4C54-BE16-C8175820DD54} - System32\Tasks\G2MUpdateTask-S-1-5-21-3191172797-3150339674-2304963226-1001 => C:\Users\Ben\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe [2015-09-20] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {11A94187-8BD4-47F7-876C-C555F4E49B2D} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS)
Task: {3DC32EF6-3BEF-4AE1-9200-9C0F5EE7DB74} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-02] (Microsoft Corporation)
Task: {3EB8EC1D-4B5A-4C39-A278-0A58485AFBD7} - \SidebarExecute -> No File <==== ATTENTION
Task: {438FDDE7-F5C5-4356-A9AC-7D881D93ED76} - System32\Tasks\SafeZone scheduled Autoupdate 1455064832 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-30] (Avast Software)
Task: {43BA492D-2084-4C0B-BC63-25893CD0A2D2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {4A49A795-CA35-4D53-91BB-BF016D91294B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4C50C337-CEF3-4136-8F06-60F6A8CD5CD0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-05-04] (Microsoft Corporation)
Task: {585B73BB-5917-4DAF-AC85-3074BE07B06F} - System32\Tasks\G2MUploadTask-S-1-5-21-3191172797-3150339674-2304963226-1001 => C:\Users\Ben\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe [2015-09-20] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {5B4CFE02-1531-4A6B-B4D2-856FACF36479} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {8B357E32-5D68-4ADF-BDD9-7A32302F71CD} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS)
Task: {8BF06350-FCA5-4733-861E-AE57F401EFB8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3191172797-3150339674-2304963226-1001Core => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {93668593-671B-4ED0-AFE4-A48C8B9E1311} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-09] (AVAST Software)
Task: {9B79C165-B289-4D77-868F-353F6A8676F4} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-12-06] (ASUS)
Task: {AC636386-E6C6-44CC-ABE5-3606C9E81701} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-15] (Adobe Systems Incorporated)
Task: {B9BF31F5-534A-46A9-8391-A7464D3FFC3D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {D7177C7A-F6DC-45D6-AB95-8AF95805AC30} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)
Task: {F0DE39E6-7CCB-4AC2-8007-175692793310} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-02] (Microsoft Corporation)
Task: {F297E131-DF21-4DB6-880F-838E4549658C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-08] (AVAST Software)
Task: {FE140499-1406-487C-82D8-C6E794B1188C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3191172797-3150339674-2304963226-1001UA => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3191172797-3150339674-2304963226-1001Core.job => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3191172797-3150339674-2304963226-1001UA.job => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3191172797-3150339674-2304963226-1001.job => C:\Users\Ben\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3191172797-3150339674-2304963226-1001.job => C:\Users\Ben\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-06 09:32 - 2016-05-02 04:01 - 00417472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-03-14 18:10 - 2016-05-02 07:01 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2012-12-14 02:42 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-02-09 20:38 - 2016-02-09 20:38 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-09 20:38 - 2016-02-09 20:38 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-05-20 14:47 - 2016-05-20 14:47 - 02972704 _____ () C:\Program Files\AVAST Software\Avast\defs\16052007\algo.dll
2016-04-14 09:15 - 2016-04-14 09:15 - 00509344 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-02-09 20:38 - 2016-02-09 20:38 - 00307808 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-27 16:15 - 2016-05-27 16:15 - 02982040 _____ () C:\Program Files\AVAST Software\Avast\defs\16052701\algo.dll
2016-02-09 20:38 - 2016-02-09 20:38 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 

==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\...\trendmicro.com -> hxxps://pwm.trendmicro.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2016-05-09 20:29 - 00000938 ____R C:\Windows\system32\Drivers\etc\hosts
 

==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.35.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Ben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\AllMyTube\DelayPluginI.exe
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mctadmin => C:\Windows\System32\mctadmin.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Sidebar => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
MSCONFIG\startupreg: SonicMasterTray => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: ZipScript => C:\Program Files (x86)\WORDsearch 11\ZipScript.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6ABF5A44-E99D-4D5D-868C-005F2FFF9876}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{E93285D4-EBB9-47DF-8DB3-2869C70CD322}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{4837885A-87E0-4918-B8B7-CA18A2A0BA84}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [IDS Client Launcher-In-UDP] => (Allow) C:\Program Files (x86)\IDS LLC\IDS\Client\clientlauncher.exe
FirewallRules: [IDS Client Launcher-Out-TCP] => (Allow) C:\Program Files (x86)\IDS LLC\IDS\Client\clientlauncher.exe
FirewallRules: [IDS Client Launcher-In-TCP] => (Allow) C:\Program Files (x86)\IDS LLC\IDS\Client\clientlauncher.exe
FirewallRules: [IDS Client Launcher-Out-UDP] => (Allow) C:\Program Files (x86)\IDS LLC\IDS\Client\clientlauncher.exe
FirewallRules: [UDP Query User{4E8D21D5-186C-432C-AD90-7B2E38068014}C:\users\ben\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ben\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{60FA67E2-19F9-4EA6-B75E-B9BCD73C2DF0}C:\users\ben\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ben\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{95473F45-6317-4F0A-9965-AE6F85063826}] => (Allow) C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{829FFAB2-B901-4FEE-AF4E-44BD21C3690E}] => (Allow) C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{203182F8-499F-4B27-9C52-73D28EC951FD}E:\e-studio\setup.exe] => (Allow) E:\e-studio\setup.exe
FirewallRules: [TCP Query User{958CECB7-9A7A-40E0-B322-15ED7782833C}E:\e-studio\setup.exe] => (Allow) E:\e-studio\setup.exe
FirewallRules: [{4E95D625-CBBD-4190-AE1A-B62014615E39}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{75949EDD-4E24-4BE3-B8A8-3E12EABE7645}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{01E32914-5F5B-40E7-BD55-FBD19B5FB361}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8F28DFE9-135D-4AA8-AD78-739E48FEF597}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6E474D80-F1CF-4B06-9AA6-8ECE5051BA79}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{B70F1A94-0081-44CC-A107-D20A439EF583}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E6270FE6-9CFE-41B0-8138-DA4F0713BF99}] => (Allow) LPort=1900
FirewallRules: [{39AAC38A-96B4-4FEE-935D-3A979E122D68}] => (Allow) LPort=2869
FirewallRules: [{13D0D4AD-D0AF-4ACD-946A-526C30C7005A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{5E0C7B0B-E1FB-487A-B0F0-81FE59459797}E:\e-studio\setup.exe] => (Allow) E:\e-studio\setup.exe
FirewallRules: [UDP Query User{C3E8C7BC-3566-40A2-A6E7-D5979F266E81}E:\e-studio\setup.exe] => (Allow) E:\e-studio\setup.exe
FirewallRules: [{10EBD328-1DA7-452C-BDA6-DA51F6BC09F0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C3CFEACD-6610-4EC7-9AB4-755DD9527157}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7C9D0793-5551-44B1-A134-B8AFC03574FB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{018FA3A4-09A2-42B7-BA40-761D8E858D46}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{827F1F15-5281-4FFD-A6D6-30B7241E7A49}C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe] => (Allow) C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe
FirewallRules: [UDP Query User{CF4C1F88-5C15-4DBB-84F7-1672F9C88103}C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe] => (Allow) C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe
FirewallRules: [{05AB38EF-940D-4C48-A6BC-F32BD2FC38B0}] => (Block) C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe
FirewallRules: [{CE789D3A-1148-4C07-A665-E0DE9108278B}] => (Block) C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe
FirewallRules: [TCP Query User{AD1B55FD-0E5A-4B50-8AD0-C3A08A864946}C:\program files (x86)\wondershare\youtube-downloader\urlreqservice.exe] => (Block) C:\program files (x86)\wondershare\youtube-downloader\urlreqservice.exe
FirewallRules: [UDP Query User{36F8F629-8FB6-444B-84BE-B8D899A7AFCD}C:\program files (x86)\wondershare\youtube-downloader\urlreqservice.exe] => (Block) C:\program files (x86)\wondershare\youtube-downloader\urlreqservice.exe
FirewallRules: [{1161B428-EC48-4AAB-94A7-B8EC79415584}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{3B3C10DE-3C30-4142-9296-B57CB7731959}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{2055DD44-4B9C-41DD-9C6D-E7DFCD4C0657}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8C02BFF1-7244-48F2-824F-730C6BB7BD1F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{A8179EA9-BE56-41DB-82E8-FD7B7BD50B15}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{25F08F09-D1EC-44BB-A708-1FF5AC8172DA}C:\users\ben\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Block) C:\users\ben\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{091E7DFA-CCC8-435D-863D-F35DE4FB91A2}C:\users\ben\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Block) C:\users\ben\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\IDS LLC\IDS\Client\clientlauncher.exe] => Enabled:IDS Client Launcher
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\IDS LLC\IDS\Client\clientlauncher.exe] => Enabled:IDS Client Launcher
 
==================== Restore Points =========================
 
20-05-2016 19:52:27 已移除 適用遠端連線的 Windows Live Mesh ActiveX 控制項
24-05-2016 02:11:45 Windows Update
26-05-2016 03:00:10 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/27/2016 04:53:23 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (05/27/2016 03:08:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.14275.1000, time stamp: 0x56e8dec4
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xc06d007e
Fault offset: 0x000000000001a06d
Faulting process id: 0xf84
Faulting application start time: 0xCompatTelRunner.exe0
Faulting application path: CompatTelRunner.exe1
Faulting module path: CompatTelRunner.exe2
Report Id: CompatTelRunner.exe3
 
Error: (05/27/2016 03:08:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.14275.1000, time stamp: 0x56e8dec4
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xc06d007e
Fault offset: 0x000000000001a06d
Faulting process id: 0x1788
Faulting application start time: 0xCompatTelRunner.exe0
Faulting application path: CompatTelRunner.exe1
Faulting module path: CompatTelRunner.exe2
Report Id: CompatTelRunner.exe3
 
Error: (05/26/2016 09:47:02 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (05/26/2016 03:11:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.14275.1000, time stamp: 0x56e8dec4
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xc06d007e
Fault offset: 0x000000000001a06d
Faulting process id: 0x1284
Faulting application start time: 0xCompatTelRunner.exe0
Faulting application path: CompatTelRunner.exe1
Faulting module path: CompatTelRunner.exe2
Report Id: CompatTelRunner.exe3
 
Error: (05/25/2016 02:39:32 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (05/25/2016 04:26:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.14275.1000, time stamp: 0x56e8dec4
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xc06d007e
Fault offset: 0x000000000001a06d
Faulting process id: 0x15a0
Faulting application start time: 0xCompatTelRunner.exe0
Faulting application path: CompatTelRunner.exe1
Faulting module path: CompatTelRunner.exe2
Report Id: CompatTelRunner.exe3
 
Error: (05/25/2016 04:26:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.14275.1000, time stamp: 0x56e8dec4
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xc06d007e
Fault offset: 0x000000000001a06d
Faulting process id: 0xb68
Faulting application start time: 0xCompatTelRunner.exe0
Faulting application path: CompatTelRunner.exe1
Faulting module path: CompatTelRunner.exe2
Report Id: CompatTelRunner.exe3
 
Error: (05/24/2016 07:49:52 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (05/24/2016 03:17:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.14275.1000, time stamp: 0x56e8dec4
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xc06d007e
Fault offset: 0x000000000001a06d
Faulting process id: 0x674
Faulting application start time: 0xCompatTelRunner.exe0
Faulting application path: CompatTelRunner.exe1
Faulting module path: CompatTelRunner.exe2
Report Id: CompatTelRunner.exe3
 

System errors:
=============
Error: (05/27/2016 03:08:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Diagnostics Tracking Service service terminated with the following error:
%%-2147024843
 
Error: (05/26/2016 03:11:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Diagnostics Tracking Service service terminated with the following error:
%%-2147024843
 
Error: (05/25/2016 04:25:52 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Diagnostics Tracking Service service terminated with the following error:
%%-2147024843
 
Error: (05/24/2016 03:17:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Diagnostics Tracking Service service terminated with the following error:
%%-2147024843
 
Error: (05/23/2016 03:45:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Diagnostics Tracking Service service terminated with the following error:
%%-2147024843
 
Error: (05/22/2016 03:02:04 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Diagnostics Tracking Service service terminated with the following error:
%%-2147024843
 
Error: (05/21/2016 04:52:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Diagnostics Tracking Service service terminated with the following error:
%%-2147024843
 
Error: (05/20/2016 08:02:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/20/2016 08:01:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Diagnostics Tracking Service service terminated with the following error:
%%-2147024843
 
Error: (05/20/2016 08:00:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3
 

CodeIntegrity:
===================================
  Date: 2016-05-18 21:28:24.387
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\31E.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-18 21:28:24.309
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\31E.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-18 21:28:23.732
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\31E.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-18 21:28:23.654
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\31E.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-18 20:07:03.735
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\31E.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-18 20:07:03.672
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\31E.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-18 19:57:03.928
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DBEE.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-18 19:57:03.866
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DBEE.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-15 18:34:50.995
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DE9D.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-15 18:34:50.933
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DE9D.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 

==================== Memory info ===========================
 
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 27%
Total physical RAM: 7969.14 MB
Available physical RAM: 5753.75 MB
Total Virtual: 15936.46 MB
Available Virtual: 13271.61 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:93.99 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:254.46 GB) (Free:254.19 GB) NTFS
Drive f: (SPARE_2) (Removable) (Total:3.73 GB) (Free:3.6 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 17568ACF)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1B)
Partition 2: (Active) - (Size=186.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=254.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)
 
==================== End of Addition.txt ============================
 
---------  RougeKiller.log  ---------------
 
  
RogueKiller V12.3.0.0 [May 22 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Admin [Administrator]
Started from : C:\Users\Ben\Desktop\RogueKiller.exe
Mode : Scan -- Date : 05/27/2016 22:48:44
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LM012 HN-M500MBB +++++
--- User ---
[MBR] 4aca801ef5efc786d67411ef6428be8c
[BSP] 8804f2149613ea60b4c6b31057598825 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 2048 | Size: 25596 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52422656 | Size: 190772 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 443123712 | Size: 260571 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 47323d941d5866d42bec3dfc195e9ac4
[BSP] ec038f3ca5091360f60d743d6f1c7fdb : Legit.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 1144 | Size: 3823 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
 

-------------------

 

-----------------  MTB  log  - not admin  --------------------

 

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Ben (ATTENTION: The logged in user is not administrator) on 27-05-2016 at 22:53:37
Running from "C:\Users\Ben\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: K53E Manufacturer: ASUSTeK Computer Inc.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ==============================
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ==============================
 

"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Connected)
Atheros AR9485 Wireless Network Adapter = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled metric=5 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled metric=8 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
 

popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Ben-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : B6-DB-C9-47-A4-76
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : C8-60-00-44-94-14
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::908b:9e26:c49e:9f9b%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.35.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, May 21, 2016 8:00:38 PM
   Lease Expires . . . . . . . . . . : Saturday, May 28, 2016 8:00:39 PM
   Default Gateway . . . . . . . . . : 192.168.35.1
   DHCP Server . . . . . . . . . . . : 192.168.35.1
   DHCPv6 IAID . . . . . . . . . . . : 248012800
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-FC-ED-7B-C8-60-00-44-94-14
   DNS Servers . . . . . . . . . . . : 192.168.35.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Wireless LAN adapter Wireless Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : RP614v4
   Description . . . . . . . . . . . : Atheros AR9485 Wireless Network Adapter
   Physical Address. . . . . . . . . : 94-DB-C9-47-A4-76
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.RP614v4:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Reusable ISATAP Interface {A20C0DE4-2F0C-4F2C-8B95-96ACCDACFDD3}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{B20B36F2-7C5E-404D-A15E-BF68B1B64606}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{08D34172-7635-4E5F-A61F-813CE16911D4}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 20:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
1.35.168.192.in-addr.arpa
 primary name server = localhost
 responsible mail addr = nobody.invalid
 serial  = 1
 refresh = 600 (10 mins)
 retry   = 1200 (20 mins)
 expire  = 604800 (7 days)
 default TTL = 10800 (3 hours)
Server:  UnKnown
Address:  192.168.35.1
 
Name:    google.com
Addresses:  2607:f8b0:4004:806::200e
   172.217.2.206
 

Pinging google.com [172.217.2.206] with 32 bytes of data:
Reply from 172.217.2.206: bytes=32 time=23ms TTL=53
Reply from 172.217.2.206: bytes=32 time=35ms TTL=53
 
Ping statistics for 172.217.2.206:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 35ms, Average = 29ms
1.35.168.192.in-addr.arpa
 primary name server = localhost
 responsible mail addr = nobody.invalid
 serial  = 1
 refresh = 600 (10 mins)
 retry   = 1200 (20 mins)
 expire  = 604800 (7 days)
 default TTL = 10800 (3 hours)
Server:  UnKnown
Address:  192.168.35.1
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
   2001:4998:58:c02::a9
   2001:4998:44:204::a7
   98.138.253.109
   98.139.183.24
   206.190.36.45
 

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=61ms TTL=46
Reply from 98.138.253.109: bytes=32 time=61ms TTL=46
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 61ms, Maximum = 61ms, Average = 61ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...b6 db c9 47 a4 76 ......Microsoft Virtual WiFi Miniport Adapter
 11...c8 60 00 44 94 14 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
 10...94 db c9 47 a4 76 ......Atheros AR9485 Wireless Network Adapter
  1...........................Software Loopback Interface 1
 28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 26...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.35.1     192.168.35.2     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     192.168.35.0    255.255.255.0         On-link      192.168.35.2    261
     192.168.35.2  255.255.255.255         On-link      192.168.35.2    261
   192.168.35.255  255.255.255.255         On-link      192.168.35.2    261
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.35.2    261
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.35.2    261
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    266 fe80::/64                On-link
 11    266 fe80::908b:9e26:c49e:9f9b/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
**** End of log ****

 

 

----------  MTB.log  -- As Administrator  ------------

 

   

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Admin (administrator) on 27-05-2016 at 22:56:11
Running from "C:\Users\Ben\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: K53E Manufacturer: ASUSTeK Computer Inc.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ==============================
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Connected)
Atheros AR9485 Wireless Network Adapter = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled metric=5 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled metric=8 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
 

popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Ben-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : B6-DB-C9-47-A4-76
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : C8-60-00-44-94-14
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::908b:9e26:c49e:9f9b%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.35.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, May 21, 2016 8:00:38 PM
   Lease Expires . . . . . . . . . . : Saturday, May 28, 2016 8:00:38 PM
   Default Gateway . . . . . . . . . : 192.168.35.1
   DHCP Server . . . . . . . . . . . : 192.168.35.1
   DHCPv6 IAID . . . . . . . . . . . : 248012800
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-FC-ED-7B-C8-60-00-44-94-14
   DNS Servers . . . . . . . . . . . : 192.168.35.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Wireless LAN adapter Wireless Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : RP614v4
   Description . . . . . . . . . . . : Atheros AR9485 Wireless Network Adapter
   Physical Address. . . . . . . . . : 94-DB-C9-47-A4-76
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.RP614v4:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Reusable ISATAP Interface {A20C0DE4-2F0C-4F2C-8B95-96ACCDACFDD3}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{B20B36F2-7C5E-404D-A15E-BF68B1B64606}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{08D34172-7635-4E5F-A61F-813CE16911D4}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 20:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
1.35.168.192.in-addr.arpa
 primary name server = localhost
 responsible mail addr = nobody.invalid
 serial  = 1
 refresh = 600 (10 mins)
 retry   = 1200 (20 mins)
 expire  = 604800 (7 days)
 default TTL = 10800 (3 hours)
Server:  UnKnown
Address:  192.168.35.1
 
Name:    google.com
Addresses:  2607:f8b0:4004:806::200e
   172.217.2.206
 

Pinging google.com [172.217.2.206] with 32 bytes of data:
Reply from 172.217.2.206: bytes=32 time=22ms TTL=53
Reply from 172.217.2.206: bytes=32 time=22ms TTL=53
 
Ping statistics for 172.217.2.206:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 22ms, Average = 22ms
1.35.168.192.in-addr.arpa
 primary name server = localhost
 responsible mail addr = nobody.invalid
 serial  = 1
 refresh = 600 (10 mins)
 retry   = 1200 (20 mins)
 expire  = 604800 (7 days)
 default TTL = 10800 (3 hours)
Server:  UnKnown
Address:  192.168.35.1
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
   2001:4998:58:c02::a9
   2001:4998:44:204::a7
   98.138.253.109
   98.139.183.24
   206.190.36.45
 

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=60ms TTL=46
Reply from 98.138.253.109: bytes=32 time=61ms TTL=46
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 60ms, Maximum = 61ms, Average = 60ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...b6 db c9 47 a4 76 ......Microsoft Virtual WiFi Miniport Adapter
 11...c8 60 00 44 94 14 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
 10...94 db c9 47 a4 76 ......Atheros AR9485 Wireless Network Adapter
  1...........................Software Loopback Interface 1
 28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 26...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.35.1     192.168.35.2     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     192.168.35.0    255.255.255.0         On-link      192.168.35.2    261
     192.168.35.2  255.255.255.255         On-link      192.168.35.2    261
   192.168.35.255  255.255.255.255         On-link      192.168.35.2    261
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.35.2    261
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.35.2    261
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    266 fe80::/64                On-link
 11    266 fe80::908b:9e26:c49e:9f9b/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 \Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 \Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 \Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 \Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 \Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 07 \Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
**** End of log ****

 

---------   AdwCleaner  C1  log   --------

 

  

# AdwCleaner v5.118 - Logfile created 27/05/2016 at 23:02:17
# Updated 23/05/2016 by Xplode
# Database : 2016-05-26.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Admin - BEN-PC
# Running from : C:\Users\Ben\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum
 
***** [ Services ] *****
 

***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Ben\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\Ben\AppData\LocalLow\ytd
[-] Folder Deleted : C:\Users\Ben\AppData\Roaming\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Ben\Favorites\Video downloader
[-] Folder Deleted : C:\Users\Admin\AppData\Roaming\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Ben\AppData\Local\VirtualStore\Program Files (x86)\otshot
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage
 
***** [ DLLs ] *****
 

***** [ WMI ] *****
 

***** [ Shortcuts ] *****
 

***** [ Scheduled tasks ] *****
 

***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
[-] Key Deleted : HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\Software\BEFRUGAL
[-] Key Deleted : HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\Software\Yahoo\Companion
[-] Key Deleted : HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\Software\GreenTree Applications\YTD
[-] Key Deleted : HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\Software\AppDataLow\Software\Yahoo\Companion
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
\AdwCleaner\AdwCleaner[C1].txt - [4041 bytes] - [27/05/2016 23:02:17]
\AdwCleaner\AdwCleaner[R0].txt - [6508 bytes] - [17/03/2015 14:06:01]
\AdwCleaner\AdwCleaner[S0].txt - [5901 bytes] - [17/03/2015 14:07:28]
\AdwCleaner\AdwCleaner[S1].txt - [4271 bytes] - [27/05/2016 22:59:21]
 
########## EOF - \AdwCleaner\AdwCleaner[C1].txt - [4325 bytes] ##########

 

 

--------------   adwcleaner  S1 log   --------------

 

 

# AdwCleaner v5.118 - Logfile created 27/05/2016 at 22:59:21
# Updated 23/05/2016 by Xplode
# Database : 2016-05-26.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Admin - BEN-PC
# Running from : C:\Users\Ben\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum
 
***** [ Services ] *****
 

***** [ Folders ] *****
 
Folder Found : C:\Users\Ben\AppData\Local\PackageAware
Folder Found : C:\Users\Ben\AppData\LocalLow\ytd
Folder Found : C:\Users\Ben\AppData\Roaming\Yahoo!\Companion
Folder Found : C:\Users\Ben\Favorites\Video downloader
Folder Found : C:\Users\Admin\AppData\Roaming\Yahoo!\Companion
Folder Found : C:\Users\Ben\AppData\Local\VirtualStore\Program Files (x86)\otshot
 
***** [ Files ] *****
 
File Found : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage
 
***** [ DLL ] *****
 

***** [ WMI ] *****
 

***** [ Shortcuts ] *****
 

***** [ Scheduled tasks ] *****
 

***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
Key Found : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKU\.DEFAULT\Software\AVG Secure Search
Key Found : HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\Software\BEFRUGAL
Key Found : HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\Software\Yahoo\YFriendsBar
Key Found : HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\Software\GreenTree Applications\YTD
Key Found : HKU\S-1-5-21-3191172797-3150339674-2304963226-1001\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-3191172797-3150339674-2304963226-1006\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-3191172797-3150339674-2304963226-1006\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKU\S-1-5-18\Software\AVG Secure Search
 
***** [ Web browsers ] *****
 
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
 
*************************
 
\AdwCleaner\AdwCleaner[R0].txt - [6508 bytes] - [17/03/2015 14:06:01]
\AdwCleaner\AdwCleaner[S0].txt - [5901 bytes] - [17/03/2015 14:07:28]
\AdwCleaner\AdwCleaner[S1].txt - [4123 bytes] - [27/05/2016 22:59:21]
 
########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [4194 bytes] ##########

 

---------------  End of logs requested   ----------------

  



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:44 AM

Posted 28 May 2016 - 02:43 PM

Thank you for the information and your patience.

Do you recognize this?

IDS Client Launcher

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 -  No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension => not found
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - <no Path/update_url>
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
U2 TMAgent; no ImagePath
C:\Users\Ben\pdfprint.dat
Task: {3EB8EC1D-4B5A-4C39-A278-0A58485AFBD7} - \SidebarExecute -> No File <==== ATTENTION
FirewallRules: [UDP Query User{203182F8-499F-4B27-9C52-73D28EC951FD}E:\e-studio\setup.exe] => (Allow) E:\e-studio\setup.exe
FirewallRules: [TCP Query User{958CECB7-9A7A-40E0-B322-15ED7782833C}E:\e-studio\setup.exe] => (Allow) E:\e-studio\setup.exe
FirewallRules: [TCP Query User{5E0C7B0B-E1FB-487A-B0F0-81FE59459797}E:\e-studio\setup.exe] => (Allow) E:\e-studio\setup.exe
FirewallRules: [UDP Query User{C3E8C7BC-3566-40A2-A6E7-D5979F266E81}E:\e-studio\setup.exe] => (Allow) E:\e-studio\setup.exe
2016-05-18 20:07 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\31E.tmp
2016-05-18 19:57 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\DBEE.tmp
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Recognize entry?
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 mar_initials

mar_initials
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 29 May 2016 - 12:06 PM

Gary -

 

1.  Files in "program files(x86)\IDS LLC"  are the client side application for our ACS software.

2.  I've run the fix - the log is below. 

3.  Performance is not an issue.  I will watch the router logs to see if the attempted logons have stopped.

 

Michael

 

 

-----------------   FixLog  ----------------

 

Fix result of Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
Ran by Admin (2016-05-29 12:18:39) Run:1
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben & Admin (Available Profiles: Ben & Admin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 -  No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension => not found
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - <no Path/update_url>
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
U2 TMAgent; no ImagePath
C:\Users\Ben\pdfprint.dat
Task: {3EB8EC1D-4B5A-4C39-A278-0A58485AFBD7} - \SidebarExecute -> No File <==== ATTENTION
FirewallRules: [UDP Query User{203182F8-499F-4B27-9C52-73D28EC951FD}E:\e-studio\setup.exe] => (Allow) E:\e-studio\setup.exe
FirewallRules: [TCP Query User{958CECB7-9A7A-40E0-B322-15ED7782833C}E:\e-studio\setup.exe] => (Allow) E:\e-studio\setup.exe
FirewallRules: [TCP Query User{5E0C7B0B-E1FB-487A-B0F0-81FE59459797}E:\e-studio\setup.exe] => (Allow) E:\e-studio\setup.exe
FirewallRules: [UDP Query User{C3E8C7BC-3566-40A2-A6E7-D5979F266E81}E:\e-studio\setup.exe] => (Allow) E:\e-studio\setup.exe
2016-05-18 20:07 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\31E.tmp
2016-05-18 19:57 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\DBEE.tmp
*****************
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => key removed successfully
HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => key removed successfully
HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => key removed successfully
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found.
"HKCR\PROTOCOLS\Handler\tmtbim" => key removed successfully
HKCR\CLSID\{0B37915C-8B98-4B9E-80D4-464D2C830D10} => key not found.
"HKCR\PROTOCOLS\Handler\WSAllMyTubechrome" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2} => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dflinnddekagfkncpgojoppgnppfkbkj" => key removed successfully
LMIInfo => service removed successfully
TMAgent => service removed successfully
C:\Users\Ben\pdfprint.dat => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EB8EC1D-4B5A-4C39-A278-0A58485AFBD7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EB8EC1D-4B5A-4C39-A278-0A58485AFBD7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SidebarExecute" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{203182F8-499F-4B27-9C52-73D28EC951FD}E:\e-studio\setup.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{958CECB7-9A7A-40E0-B322-15ED7782833C}E:\e-studio\setup.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5E0C7B0B-E1FB-487A-B0F0-81FE59459797}E:\e-studio\setup.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C3E8C7BC-3566-40A2-A6E7-D5979F266E81}E:\e-studio\setup.exe => value removed successfully
C:\Windows\system32\31E.tmp => moved successfully
C:\Windows\system32\DBEE.tmp => moved successfully
 

The system needed a reboot.
 
==== End of Fixlog 12:18:39 ====

  ​



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:44 AM

Posted 29 May 2016 - 08:43 PM

Hi Michael,

 

I will watch the router logs to see if the attempted logons have stopped.

I will wait for your update.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:44 AM

Posted 31 May 2016 - 08:48 AM

How are we doing?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#8 mar_initials

mar_initials
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 31 May 2016 - 09:08 PM

Gary -

 

The computer hasn't tried to logon to the routers since the 25th.  I never could determine a pattern - it was always one, two, or three days apart (or some portion).  At this point - it appears that has stopped.  Any idea what was causing the issue - or which step fixed it?

 

Michael



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:44 AM

Posted 31 May 2016 - 09:35 PM

Greetings,

It is hard to tell and I am not convinced it is resolved despite no recent activity. Is this indicative of simply being behind 2 different routers? If so, is 192.168.3.X the original router DNS Server?
 

Tcpip\Parameters: [DhcpNameServer] 192.168.35.1
Tcpip\..\Interfaces\{08D34172-7635-4E5F-A61F-813CE16911D4}: [DhcpNameServer] 192.168.35.1
Tcpip\..\Interfaces\{9DEBBBEE-3108-4204-8350-25B9DFD1C405}: [DhcpNameServer] 192.168.3.1


===================================================

Farbar's MiniRegTool

--------------------
  • Please download MiniRegTool.zip (for 32 bit systems) or MiniRegTool64.zip (for 64 bit systems) and save it to your desktop
  • Unzip the folder and double click the icon
  • Copy and paste the following into the white box:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameter

  • Check the Export keys radio button.
  • Press the Go button and post the result.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MiniRegTool report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 mar_initials

mar_initials
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 01 June 2016 - 03:56 PM

Gary -

 

Yes - 3.1 is the original router /DNS server , 35.1 was a second router/ DNS server that is also behind the 3.1 router. I moved it back to it's original position (behind only the 3.1 router) Sunday the 29th, after noting that the last 'attack' activity was the 25th, and to try to get you a better answer to the 'is it better' question.

 

It is not currently 'attacking' either router (3.1 or 35.1).

 

Would you like me to try anything else at this point?

 

Michael



#11 mar_initials

mar_initials
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 01 June 2016 - 03:58 PM

Gary -  So sorry - I missed the second part of your post -  I'll run that tonight and post again in a while.

 

Michael



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:44 AM

Posted 01 June 2016 - 04:13 PM

Hi Michael,

 

No need to run the MiniRegTool steps unless you notice attacks. Give it some time and let's see how we do.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:44 AM

Posted 04 June 2016 - 02:07 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#14 mar_initials

mar_initials
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 05 June 2016 - 06:48 AM

Gary -

 

There have been no occurances of this since 25 May.  It appears to be resolved - and I really appreciate your help.

 

Any idea what it might have been?

 

Michael



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:44 AM

Posted 05 June 2016 - 07:25 AM

Good morning Michael.

It is nearly impossible for me to isolate what caused the issue. AdwCleaner removed a lot of junk, some of which I am not familiar with so it could have been one of those. Bottom line it appears to be fixed. :)

Do you have any remaining issue you are concerned about?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users