Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zeroaccess rootkit removal help


  • This topic is locked This topic is locked
20 replies to this topic

#1 Flaming

Flaming

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 02 June 2016 - 11:00 PM

Hi, 

 

I recently had sophos installed on my server machine and after running a scan it displayed 13 errors related to SAV interface error 0xa0040202. After some googling i came across this topic http://www.bleepingcomputer.com/forums/t/500504/please-help-with-zeroaccess-rootkit-removal/ citing similar symptoms. Following the guide i downloaded an ran FRST which generated the FRST and Addition logs attached. This is not the first time i've run into a virus or trojan and am seeking help from the good people here :)

This machine is used for my business and has people remotely connecting to it on a daily basis also.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-06-2016
Ran by jake (administrator) on NQESSERVER (03-06-2016 13:43:51)
Running from C:\Users\Admin\Downloads
Loaded Profiles: setup & jake & Steve & craig1 & Hayley & Administrator (Available Profiles: setup & jake & Steve & craig1 & Hayley & Administrator & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ThinSoft Pte Ltd.) C:\Windows\System32\BeTwinServiceVS.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(ThinSoft Pte Ltd.) C:\Windows\System32\BeTwinMessagesLog.exe
(Acresso) C:\Program Files (x86)\NetGuard\TomcatWrapper.exe
() C:\Windows\System32\Rdpssw32.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\NetGuard\jre\bin\javaw.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe
(Acresso) C:\Program Files (x86)\NetGuard2.08\upsMonitor.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\NetGuard2.08\jre\bin\javaw.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.1\ToolbarUpdater.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe
(Apache Software Foundation) C:\Program Files (x86)\NetGuard2.08\tomcat\bin\tomcat6.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(ThinSoft Pte Ltd.) C:\Program Files (x86)\BeTwin\BeTwinAssistant.exe
(ThinSoft Pte Ltd) C:\Program Files (x86)\BeTwin\BeTwinMessages.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(ThinSoft Pte Ltd.) C:\Program Files (x86)\BeTwin\BeTwinAssistant.exe
(ThinSoft Pte Ltd) C:\Program Files (x86)\BeTwin\BeTwinMessages.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\NetGuard2.08\console\ViewPowerTray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Creative Software LLC) C:\limowiz2000\LimoWiz.EXE
() C:\Premier19\Myobp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(ThinSoft Pte Ltd.) C:\Program Files (x86)\BeTwin\BeTwinAssistant.exe
(ThinSoft Pte Ltd) C:\Program Files (x86)\BeTwin\BeTwinMessages.exe
(Creative Software LLC) C:\limowiz2000\LimoWiz.EXE
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Creative Software LLC) C:\limowiz2000\LimoWiz.EXE
() C:\Premier19\Myobp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavProgress.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-21] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [BeTwinAssistant] => C:\Program Files (x86)\BeTwin\BeTwinAssistant.exe [115528 2011-08-24] (ThinSoft Pte Ltd.)
HKLM-x32\...\Run: [BeTwinMessages] => C:\Program Files (x86)\BeTwin\BeTwinMessages.exe [125848 2011-08-24] (ThinSoft Pte Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [1941064 2016-05-16] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1531872 2015-10-13] (Sophos Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1888747803-2331596299-1794523272-1003\...\Run: [ROC_JAN2013_TB] => "C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe"  /PROMPT /CMPID=JAN2013_TB
HKU\S-1-5-21-1888747803-2331596299-1794523272-1003\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-21-1888747803-2331596299-1794523272-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1888747803-2331596299-1794523272-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\...\Run: [Corel Photo Downloader] => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\...\MountPoints2: {d73527e9-31c2-11e2-97b0-50e549e2b493} - G:\laucher.exe
HKU\S-1-5-21-1888747803-2331596299-1794523272-1008\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.)
HKU\S-1-5-21-1888747803-2331596299-1794523272-1008\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1888747803-2331596299-1794523272-1008\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [231936 2016-02-19] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [289040 2016-02-19] (Sophos Limited)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetGuard.lnk [2012-03-20]
ShortcutTarget: NetGuard.lnk -> C:\Program Files (x86)\NetGuard2.08\NetGuard.exe (Acresso)
GroupPolicyUsers\S-1-5-21-1888747803-2331596299-1794523272-1007\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-07-31] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-07-31] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-07-31] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-07-31] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-07-31] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-07-31] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-07-31] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-07-31] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-07-31] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-07-31] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-07-31] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-07-31] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-07-31] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-07-31] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-07-31] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-07-31] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-07-31] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-07-31] (Sophos Limited)
Tcpip\..\Interfaces\{65E2CD76-7DB8-4C86-A486-F676BBDE1028}: [NameServer] 139.130.4.4,203.50.2.71
Tcpip\..\Interfaces\{74EAAF85-8125-43FA-A68B-ABE36CBD23F7}: [NameServer] 192.168.0.10
Tcpip\..\Interfaces\{D2117A80-4DB6-4232-BDC9-8D4DB9A007DA}: [DhcpNameServer] 192.168.0.10
Tcpip\..\Interfaces\{F71F5E06-DDB8-412E-8057-F1C7E14E57A7}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{FFB8BE4A-6EC6-4556-AA5A-6FB4686E93FB}: [NameServer] 192.168.0.10
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1888747803-2331596299-1794523272-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.au/
HKU\S-1-5-21-1888747803-2331596299-1794523272-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ninemsn.com.au/?ocid=iehp
HKU\S-1-5-21-1888747803-2331596299-1794523272-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={C661281B-9B57-4EA7-B164-C609A40DFC8B}&mid=dd476cb9a45647d09ea481ac0f065d60-b7cef3b97b86ed581e2644fdfa16a8aee817759b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915wt&pr=sa&d=2015-09-11 13:22:04&v=4.1.6.294&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-1888747803-2331596299-1794523272-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ninemsn.com.au/?ocid=iehp
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/en-au/?pc=UP97&ocid=UP97DHP
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ninemsn.com.au/?ocid=iehp
HKU\S-1-5-21-1888747803-2331596299-1794523272-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://isearch.avg.com/?cid={993B7D26-4CA1-4AA3-A993-C242AE4C96CD}&mid=dd476cb9a45647d09ea481ac0f065d60-b7cef3b97b86ed581e2644fdfa16a8aee817759b&lang=en&ds=gl011&pr=sa&d=2012-08-16 18:00:54&v=18.5.0.909&sap=hp
SearchScopes: HKU\S-1-5-21-1888747803-2331596299-1794523272-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1888747803-2331596299-1794523272-1004 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={C661281B-9B57-4EA7-B164-C609A40DFC8B}&mid=dd476cb9a45647d09ea481ac0f065d60-b7cef3b97b86ed581e2644fdfa16a8aee817759b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915wt&pr=sa&d=2015-09-11 13:22:04&v=4.1.6.294&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1888747803-2331596299-1794523272-1005 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-1888747803-2331596299-1794523272-1005 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={C661281B-9B57-4EA7-B164-C609A40DFC8B}&mid=dd476cb9a45647d09ea481ac0f065d60-b7cef3b97b86ed581e2644fdfa16a8aee817759b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915wt&pr=sa&d=2015-09-11 13:22:04&v=4.1.8.599&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1888747803-2331596299-1794523272-1007 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={993B7D26-4CA1-4AA3-A993-C242AE4C96CD}&mid=dd476cb9a45647d09ea481ac0f065d60-b7cef3b97b86ed581e2644fdfa16a8aee817759b&lang=en&ds=gl011&pr=sa&d=2012-08-16 18:00:54&v=15.5.0.2&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1888747803-2331596299-1794523272-1007 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={993B7D26-4CA1-4AA3-A993-C242AE4C96CD}&mid=dd476cb9a45647d09ea481ac0f065d60-b7cef3b97b86ed581e2644fdfa16a8aee817759b&lang=en&ds=gl011&pr=sa&d=2012-08-16 18:00:54&v=15.5.0.2&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1888747803-2331596299-1794523272-1008 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-11] (Oracle Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.1.831\AVG Web TuneUp.dll [2016-05-16] (AVG)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-09-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-11] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-09-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-09-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1888747803-2331596299-1794523272-1004 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1888747803-2331596299-1794523272-1005 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1888747803-2331596299-1794523272-1007 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1888747803-2331596299-1794523272-1007 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-1888747803-2331596299-1794523272-1008 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {F4E59691-8BC1-446B-9F89-B4C8621D2079} hxxps://secure.thinsoftinc.com/WinConnectServerRegistration/controls/RegisterBeTwin2000.ocx
 
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1gocvwkt.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.1\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1gocvwkt.default\searchplugins\avg-secure-search.xml [2016-05-16]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-08-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-05-16]
FF Extension: AVG Web TuneUp - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1gocvwkt.default\Extensions\avg@toolbar.xpi [2016-05-16]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-10-04] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.reddit.com/
CHR StartupUrls: Default -> "hxxp://www.reddit.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Hide Fedora) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjgabfifnnmmlckmnijdbijgbfpedde [2016-03-22]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-01-04]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Webmail Ad Blocker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp [2016-05-17]
CHR Extension: (Ratings Preview for YouTube™) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank [2016-01-04]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12]
CHR Extension: (Search by Image (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-01-04]
CHR Extension: (Tampermonkey) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-05-31]
CHR Extension: (Little Alchemy light) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlinaifoeodggjcfoonifcjppkklkdkd [2016-01-04]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2016-04-26]
CHR Extension: (Supernova) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegpgpjbmbggplclldecdbpcmopmlbll [2013-06-28]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-02]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-05-31]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-03-19]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-20]
CHR Extension: (Ghostery) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-03-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-07]
CHR HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 BeTwinMessagesLog; C:\Windows\System32\BeTwinMessagesLog.exe [70480 2011-08-24] (ThinSoft Pte Ltd.)
R3 BeTwinProxy; C:\Windows\System32\BeTwinProxyVS.dll [217928 2011-08-24] (ThinSoft Pte Ltd.)
R2 BeTwinService; C:\Windows\System32\BeTwinServiceVS.exe [335688 2011-08-24] (ThinSoft Pte Ltd.)
R2 NetGuard; C:\Program Files (x86)\NetGuard\TomcatWrapper.exe [116224 2012-03-12] (Acresso) [File not signed]
R2 RDPSSW32; C:\Windows\System32\RDPSSW32.EXE [68608 2010-05-19] () [File not signed]
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [311544 2016-02-19] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [285136 2016-02-19] (Sophos Limited)
R2 ShadowControl ImageManager; C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe [2014952 2015-11-02] (StorageCraft Technology Corporation)
R2 ShadowProtectSvc; C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [4672336 2012-12-04] (StorageCraft Technology Corporation)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [604000 2015-10-13] (Sophos Limited)
R2 sophossps; C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe [2455816 2015-12-16] (Sophos Limited)
R2 StorageCraft ImageManager; C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe [2014952 2015-11-02] (StorageCraft Technology Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3339736 2016-02-19] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2118896 2016-02-19] (Sophos Limited)
R2 upsMonitor; C:\Program Files (x86)\NetGuard2.08\upsMonitor.exe [116224 2012-03-20] (Acresso) [File not signed]
R3 upsTomcat; C:\Program Files (x86)\NetGuard2.08\tomcat\bin\tomcat6.exe [57344 2011-04-15] (Apache Software Foundation) [File not signed]
R2 VSNAPVSS; C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe [71976 2012-12-04] (StorageCraft Technology Corporation)
R2 vToolbarUpdater40.3.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.1\ToolbarUpdater.exe [1323080 2016-05-16] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [972872 2016-05-16] ()
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R1 BeTwinSystem; C:\Windows\System32\Drivers\BeTwinSystemVS.sys [23368 2011-08-24] (ThinSoft Pte Ltd.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [161024 2016-02-19] (Sophos Limited)
R1 sbmount; C:\Windows\System32\Drivers\sbmount.sys [133352 2015-11-02] (StorageCraft Technology Corporation)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2016-02-19] (Sophos Limited)
R0 stcvsm; C:\Windows\System32\DRIVERS\stcvsm.sys [277288 2012-12-04] (StorageCraft Technology Corporation)
S3 cpuz130; \??\C:\Users\Steve\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NPF; system32\DRIVERS\npf.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-03 13:43 - 2016-06-03 13:44 - 00032147 _____ C:\Users\Admin\Downloads\FRST.txt
2016-06-03 13:42 - 2016-06-03 13:42 - 02383872 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2016-06-03 11:47 - 2016-06-03 11:47 - 00000000 ____D C:\Users\Admin\AppData\Local\Sophos
2016-05-31 15:07 - 2016-05-31 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-05-31 15:07 - 2016-02-19 04:30 - 00035592 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2016-05-31 15:06 - 2016-02-19 04:31 - 00161024 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys
2016-05-31 15:06 - 2016-02-19 04:30 - 00027904 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosBootDriver.sys
2016-05-31 15:01 - 2016-05-31 15:07 - 00000000 ____D C:\ProgramData\Sophos
2016-05-31 15:01 - 2016-05-31 15:07 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-05-31 14:58 - 2016-05-31 15:33 - 00000000 ____D C:\savw_103_sa
2016-05-31 14:58 - 2016-01-13 16:17 - 157949968 _____ C:\Users\Steve\Desktop\savw_103_sa_sfx.exe
2016-05-27 09:53 - 2016-05-27 09:53 - 00026698 _____ C:\Users\Admin\Desktop\Test Page.pdf
2016-05-13 15:10 - 2016-05-13 15:10 - 00000000 ____D C:\Users\Admin\AppData\Roaming\AMD
2016-05-11 19:27 - 2016-04-14 23:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 19:27 - 2016-04-14 23:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 19:27 - 2016-04-09 17:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 19:27 - 2016-04-09 17:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 19:27 - 2016-04-09 17:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 19:27 - 2016-04-09 17:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 19:27 - 2016-04-09 17:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 19:27 - 2016-04-09 17:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 19:27 - 2016-04-09 17:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 19:27 - 2016-04-09 16:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 19:27 - 2016-04-09 16:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 19:27 - 2016-04-09 16:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 19:27 - 2016-04-09 15:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 19:27 - 2016-04-09 15:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 19:27 - 2016-04-09 15:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 19:27 - 2016-04-09 15:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 19:27 - 2016-04-09 15:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 19:27 - 2016-04-09 15:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 19:27 - 2016-04-09 15:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 19:27 - 2016-04-09 15:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 19:27 - 2016-04-09 15:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 19:27 - 2016-04-09 15:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 19:27 - 2016-04-09 15:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 19:27 - 2016-04-09 15:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 19:27 - 2016-04-09 15:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 19:27 - 2016-04-09 15:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 19:27 - 2016-04-09 15:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 19:27 - 2016-04-09 15:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 19:27 - 2016-04-09 15:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 19:27 - 2016-04-09 15:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 19:27 - 2016-04-09 15:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 15:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 15:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 15:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 14:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 19:27 - 2016-04-09 13:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 19:27 - 2016-04-07 01:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 19:27 - 2016-03-10 04:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 19:27 - 2016-03-10 04:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-11 10:33 - 2016-05-11 10:33 - 00000000 ____D C:\Users\Steve\AppData\Local\VirtualStore
2016-05-11 08:16 - 2016-05-11 08:16 - 00000000 ____D C:\Users\Hayley\AppData\Local\VirtualStore
2016-05-05 11:43 - 2016-05-31 15:09 - 00000632 __RSH C:\Users\Admin\ntuser.pol
2016-05-05 11:37 - 2016-05-31 15:07 - 00000632 __RSH C:\Users\Hayley\ntuser.pol
2016-05-05 11:24 - 2016-05-05 11:24 - 00054826 _____ C:\Users\Steve\Downloads\FRST.txt
2016-05-05 11:24 - 2016-05-05 11:24 - 00036036 _____ C:\Users\Steve\Downloads\Addition.txt
2016-05-05 11:23 - 2016-05-05 11:23 - 00003130 _____ C:\Windows\System32\Tasks\{198B3756-9592-4CCC-85E4-305DC6A8D173}
2016-05-05 11:21 - 2016-06-03 13:43 - 00000000 ____D C:\FRST
2016-05-05 11:21 - 2016-05-05 11:21 - 02378240 _____ (Farbar) C:\Users\Steve\Downloads\FRST64.exe
2016-05-05 10:56 - 2016-05-05 10:56 - 01309184 _____ C:\Users\Steve\Downloads\zoek.exe
2016-05-05 10:56 - 2016-05-05 10:56 - 00000000 ____D C:\zoek_backup
2016-05-05 10:49 - 2016-05-31 15:10 - 00000632 __RSH C:\Users\Steve\ntuser.pol
2016-05-05 10:42 - 2016-05-05 10:42 - 00002297 _____ C:\Users\Steve\Desktop\Google Chrome.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-03 13:44 - 2012-03-19 15:07 - 00000000 ____D C:\Users\Steve\Documents\Outlook Files
2016-06-03 13:44 - 2012-03-19 14:57 - 00000000 ____D C:\Users\Admin\Documents\Outlook Files
2016-06-03 13:12 - 2012-12-04 11:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-03 12:53 - 2012-03-12 16:10 - 00000520 _____ C:\Windows\SysWOW64\winsusrm.dll
2016-06-03 12:53 - 2012-03-12 16:10 - 00000344 _____ C:\Windows\SysWOW64\winsusrx.dll
2016-06-03 12:45 - 2012-11-13 08:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-03 11:27 - 2015-01-23 09:53 - 00000000 ____D C:\limowiz2000
2016-06-03 10:45 - 2012-11-13 08:48 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-03 09:33 - 2012-03-19 15:12 - 00000000 ____D C:\Premier19
2016-06-03 09:32 - 2012-03-19 15:16 - 00000422 _____ C:\Windows\MYOBP.INI
2016-06-03 09:32 - 2012-03-19 15:16 - 00000042 _____ C:\Windows\MYOB.INI
2016-06-03 03:42 - 2009-07-14 14:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-03 03:42 - 2009-07-14 14:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-02 11:24 - 2016-01-07 16:48 - 00023731 _____ C:\Users\Admin\Documents\figures for hayley.xlsx
2016-06-01 13:42 - 2013-06-03 10:27 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2016-06-01 13:42 - 2013-01-22 03:23 - 00000354 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2016-05-31 15:10 - 2016-03-31 12:21 - 00000000 ____D C:\Users\Admin\AppData\Roaming\StorageCraft
2016-05-31 15:10 - 2012-03-19 15:06 - 00000000 ____D C:\Users\Steve
2016-05-31 15:09 - 2012-03-13 08:29 - 00000000 ____D C:\Users\Admin
2016-05-31 15:07 - 2015-03-23 12:22 - 00000000 ____D C:\Users\Hayley
2016-05-31 15:02 - 2012-03-19 15:46 - 00000000 ____D C:\Users\Steve\AppData\Roaming\StorageCraft
2016-05-31 15:01 - 2009-07-14 15:13 - 00006450 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-31 14:57 - 2012-03-12 16:10 - 00000000 ____D C:\ProgramData\ThinSoft
2016-05-31 14:55 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-31 14:52 - 2012-03-20 14:18 - 00000000 ____D C:\ProgramData\MFAData
2016-05-30 13:06 - 2012-03-19 13:44 - 00000000 ____D C:\NQES
2016-05-27 03:00 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-27 03:00 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-24 10:54 - 2015-03-09 12:44 - 00001456 _____ C:\Users\Admin\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-05-16 08:33 - 2015-09-11 13:21 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-05-16 08:33 - 2015-09-11 13:21 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-05-13 23:12 - 2012-12-04 11:47 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 23:12 - 2012-12-04 11:47 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-13 23:12 - 2012-03-12 11:43 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-13 18:04 - 2012-03-12 16:03 - 00000000 ____D C:\viewpower
2016-05-13 08:46 - 2012-11-13 08:49 - 00002233 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 03:00 - 2014-12-12 03:23 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 04:12 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2016-05-12 03:35 - 2009-07-14 14:45 - 05063728 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-12 03:33 - 2011-04-12 18:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 03:14 - 2013-07-27 03:00 - 00000000 ____D C:\Windows\system32\MRT
2016-05-12 03:02 - 2012-03-09 16:00 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-11 10:40 - 2012-11-13 08:48 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 10:40 - 2012-11-13 08:48 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 15:20 - 2016-02-10 21:12 - 00000000 __SHD C:\Users\Guest\AppData\Roaming\tsifehid
2016-05-05 11:23 - 2013-07-09 12:29 - 00000000 ____D C:\Users\Steve\AppData\Roaming\uTorrent
2016-05-05 10:49 - 2009-07-14 13:20 - 00000000 ___HD C:\Windows\system32\GroupPolicyUsers
 
==================== Files in the root of some directories =======
 
2013-09-28 15:28 - 2014-06-23 14:26 - 0003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2015-03-17 11:53 - 2016-02-03 09:46 - 0000132 _____ () C:\Users\Admin\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-03-09 12:44 - 2016-05-24 10:54 - 0001456 _____ () C:\Users\Admin\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-08-15 09:51 - 2012-08-15 09:51 - 0003584 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-28 17:13 - 2012-08-28 17:13 - 0000008 __RSH () C:\ProgramData\91332E1471.sys
2016-03-18 14:56 - 2016-03-18 14:56 - 0000008 ____H () C:\ProgramData\@000001.dat
2016-03-18 14:56 - 2016-03-22 16:41 - 0000920 ____H () C:\ProgramData\@system.temp
2016-03-18 14:55 - 2016-03-22 16:41 - 0000656 ____H () C:\ProgramData\@system3.att
2012-03-19 15:44 - 2012-03-19 15:44 - 0004899 _____ () C:\ProgramData\giiynunu.mau
2012-12-04 11:52 - 2014-10-17 11:26 - 0005093 _____ () C:\ProgramData\ipqjxxho.fyn
2012-08-16 17:29 - 2013-11-08 12:58 - 0003766 ___SH () C:\ProgramData\KGyGaAvL.sys
2016-03-31 12:38 - 2016-03-31 12:38 - 0000016 _____ () C:\ProgramData\mntemp
 
Files to move or delete:
====================
C:\ProgramData\@000001.dat
 
 
Some files in TEMP:
====================
C:\Users\Steve\AppData\Local\Temp\625D.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-28 00:32
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:59 AM

Posted 07 June 2016 - 08:52 AM

Greetings Flaming and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed you will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Cleaning
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\...\Run: [AdobeBridge] => [X]
GroupPolicyUsers\S-1-5-21-1888747803-2331596299-1794523272-1007\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1888747803-2331596299-1794523272-1005 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
Toolbar: HKU\S-1-5-21-1888747803-2331596299-1794523272-1004 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1888747803-2331596299-1794523272-1005 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1888747803-2331596299-1794523272-1007 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1888747803-2331596299-1794523272-1007 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-1888747803-2331596299-1794523272-1008 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
S3 cpuz130; \??\C:\Users\Steve\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NPF; system32\DRIVERS\npf.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
2016-05-05 11:23 - 2016-05-05 11:23 - 00003130 _____ C:\Windows\System32\Tasks\{198B3756-9592-4CCC-85E4-305DC6A8D173}
2016-03-18 14:56 - 2016-03-18 14:56 - 0000008 ____H () C:\ProgramData\@000001.dat
2016-03-18 14:56 - 2016-03-22 16:41 - 0000920 ____H () C:\ProgramData\@system.temp
2016-03-18 14:55 - 2016-03-22 16:41 - 0000656 ____H () C:\ProgramData\@system3.att
2012-03-19 15:44 - 2012-03-19 15:44 - 0004899 _____ () C:\ProgramData\giiynunu.mau
2012-12-04 11:52 - 2014-10-17 11:26 - 0005093 _____ () C:\ProgramData\ipqjxxho.fyn
2016-03-31 12:38 - 2016-03-31 12:38 - 0000016 _____ () C:\ProgramData\mntemp
C:\Users\Steve\AppData\Local\Temp\625D.exe
Folder: C:\NQES
File: C:\ProgramData\91332E1471.sys
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Rerun FRST making sure to place a checkmark in Addition.txt and post both logs.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Fixlog
  • FRST.txt
  • Addition.txt
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Flaming

Flaming
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 07 June 2016 - 08:05 PM

I've started the process you described but wont have the time to post the information until about this time tomorrow. Thank you for your help thus far. I'll post a proper response tomorrow.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:59 AM

Posted 07 June 2016 - 08:07 PM

Thank you for letting me know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Flaming

Flaming
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 08 June 2016 - 06:33 PM

Here is the requested information. 
 
# AdwCleaner v5.119 - Logfile created 08/06/2016 at 10:39:22
# Updated 30/05/2016 by Xplode
# Database : 2016-06-07.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : jake - NQESSERVER
# Running from : C:\Users\Admin\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum
 
***** [ Services ] *****
 
[-] Service Deleted : WtuSystemSupport
[-] Service Deleted : vToolbarUpdater40.3.1
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\avg web tuneup
[-] Folder Deleted : C:\ProgramData\6983af3800006d06
[#] Folder Deleted : C:\ProgramData\Application Data\AVG Secure Search
[#] Folder Deleted : C:\ProgramData\Application Data\avg web tuneup
[#] Folder Deleted : C:\ProgramData\Application Data\6983af3800006d06
[-] Folder Deleted : C:\Program Files (x86)\avg web tuneup
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Users\Admin\AppData\Local\avg web tuneup
[-] Folder Deleted : C:\Users\Admin\AppData\LocalLow\AVG Secure Search
[#] Folder Deleted : C:\Users\Admin\AppData\Local\avg web tuneup
[#] Folder Deleted : C:\Users\Admin\AppData\LocalLow\AVG Secure Search
[#] Folder Deleted : C:\Users\Admin\AppData\Local\avg web tuneup
[#] Folder Deleted : C:\Users\Admin\AppData\LocalLow\AVG Secure Search
[#] Folder Deleted : C:\Users\Admin\AppData\Local\avg web tuneup
[#] Folder Deleted : C:\Users\Admin\AppData\LocalLow\AVG Secure Search
[#] Folder Deleted : C:\Users\Admin\AppData\Local\avg web tuneup
[#] Folder Deleted : C:\Users\Admin\AppData\LocalLow\AVG Secure Search
[#] Folder Deleted : C:\Users\Admin\AppData\Local\avg web tuneup
[#] Folder Deleted : C:\Users\Admin\AppData\LocalLow\AVG Secure Search
[#] Folder Deleted : C:\Users\Admin\AppData\Local\avg web tuneup
[#] Folder Deleted : C:\Users\Admin\AppData\LocalLow\AVG Secure Search
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
[-] File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1gocvwkt.default\extensions\Avg@toolbar.xpi
[-] File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1gocvwkt.default\searchplugins\avg-secure-search.xml
[#] File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1gocvwkt.default\extensions\Avg@toolbar.xpi
[#] File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1gocvwkt.default\searchplugins\avg-secure-search.xml
[#] File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1gocvwkt.default\extensions\Avg@toolbar.xpi
[#] File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1gocvwkt.default\searchplugins\avg-secure-search.xml
[#] File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1gocvwkt.default\extensions\Avg@toolbar.xpi
[#] File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1gocvwkt.default\searchplugins\avg-secure-search.xml
[#] File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1gocvwkt.default\extensions\Avg@toolbar.xpi
[#] File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1gocvwkt.default\searchplugins\avg-secure-search.xml
[#] File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1gocvwkt.default\extensions\Avg@toolbar.xpi
[#] File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1gocvwkt.default\searchplugins\avg-secure-search.xml
[#] File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1gocvwkt.default\extensions\Avg@toolbar.xpi
[#] File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1gocvwkt.default\searchplugins\avg-secure-search.xml
[-] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : AVG-Secure-Search-Update_JUNE2013_TB_rmv
[-] Task Deleted : AVG-Secure-Search-Update_JUNE2013_TB_rmv
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\s
[-] Key Deleted : HKLM\SOFTWARE\a9ebd1fb-97e5-9897-31cb-ba10bd8299f7
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\IGearSettings
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\AVG Tuneup
[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
[-] Key Deleted : HKU\S-1-5-21-1888747803-2331596299-1794523272-1003\Software\Conduit
[-] Key Deleted : HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\Software\Conduit
[-] Key Deleted : HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\Software\sysTPL
[-] Key Deleted : HKU\S-1-5-21-1888747803-2331596299-1794523272-1007\Software\Conduit
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-1888747803-2331596299-1794523272-1004\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-1888747803-2331596299-1794523272-1007\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{7BC7BE44-B54A-4F79-AF53-8AC073E74F42}]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKU\S-1-5-21-1888747803-2331596299-1794523272-1007\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data Restored : HKU\S-1-5-21-1888747803-2331596299-1794523272-1007\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ndibdjnfmopecpmkdieinmbadjfpblof
[-] [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ndibdjnfmopecpmkdieinmbadjfpblof
[-] [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ndibdjnfmopecpmkdieinmbadjfpblof
[-] [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ndibdjnfmopecpmkdieinmbadjfpblof
[-] [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ndibdjnfmopecpmkdieinmbadjfpblof
[-] [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ndibdjnfmopecpmkdieinmbadjfpblof
[-] [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ndibdjnfmopecpmkdieinmbadjfpblof
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [23487 bytes] - [08/06/2016 10:39:22]
C:\AdwCleaner\AdwCleaner[S1].txt - [23468 bytes] - [08/06/2016 10:36:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [23635 bytes] ##########
 
 
 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-06-2016
Ran by jake (2016-06-08 11:02:09) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: jake (Available Profiles: setup & jake & Steve & craig1 & Hayley & Administrator & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\...\Run: [AdobeBridge] => [X]
GroupPolicyUsers\S-1-5-21-1888747803-2331596299-1794523272-1007\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1888747803-2331596299-1794523272-1005 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
Toolbar: HKU\S-1-5-21-1888747803-2331596299-1794523272-1004 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1888747803-2331596299-1794523272-1005 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1888747803-2331596299-1794523272-1007 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1888747803-2331596299-1794523272-1007 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-1888747803-2331596299-1794523272-1008 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
S3 cpuz130; \??\C:\Users\Steve\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NPF; system32\DRIVERS\npf.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
2016-05-05 11:23 - 2016-05-05 11:23 - 00003130 _____ C:\Windows\System32\Tasks\{198B3756-9592-4CCC-85E4-305DC6A8D173}
2016-03-18 14:56 - 2016-03-18 14:56 - 0000008 ____H () C:\ProgramData\@000001.dat
2016-03-18 14:56 - 2016-03-22 16:41 - 0000920 ____H () C:\ProgramData\@system.temp
2016-03-18 14:55 - 2016-03-22 16:41 - 0000656 ____H () C:\ProgramData\@system3.att
2012-03-19 15:44 - 2012-03-19 15:44 - 0004899 _____ () C:\ProgramData\giiynunu.mau
2012-12-04 11:52 - 2014-10-17 11:26 - 0005093 _____ () C:\ProgramData\ipqjxxho.fyn
2016-03-31 12:38 - 2016-03-31 12:38 - 0000016 _____ () C:\ProgramData\mntemp
C:\Users\Steve\AppData\Local\Temp\625D.exe
Folder: C:\NQES
File: C:\ProgramData\91332E1471.sys
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value not found.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1888747803-2331596299-1794523272-1007\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-1888747803-2331596299-1794523272-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value not found.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
HKU\S-1-5-21-1888747803-2331596299-1794523272-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value not found.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
HKU\S-1-5-21-1888747803-2331596299-1794523272-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value not found.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found. 
HKU\S-1-5-21-1888747803-2331596299-1794523272-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value not found.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
cpuz130 => service removed successfully
gdrv => service removed successfully
MBAMSwissArmy => service removed successfully
NPF => service removed successfully
nvlddmkm => service removed successfully
C:\Windows\System32\Tasks\{198B3756-9592-4CCC-85E4-305DC6A8D173} => moved successfully
C:\ProgramData\@000001.dat => moved successfully
C:\ProgramData\@system.temp => moved successfully
C:\ProgramData\@system3.att => moved successfully
C:\ProgramData\giiynunu.mau => moved successfully
C:\ProgramData\ipqjxxho.fyn => moved successfully
C:\ProgramData\mntemp => moved successfully
"C:\Users\Steve\AppData\Local\Temp\625D.exe" => not found.
 
========================= Folder: C:\NQES ========================
 
 
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-06-2016
Ran by jake (administrator) on NQESSERVER (09-06-2016 09:13:13)
Running from C:\Users\Admin\Desktop
Loaded Profiles: jake & Steve & Hayley (Available Profiles: setup & jake & Steve & craig1 & Hayley & Administrator & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ThinSoft Pte Ltd.) C:\Windows\System32\BeTwinServiceVS.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(ThinSoft Pte Ltd.) C:\Windows\System32\BeTwinMessagesLog.exe
(Acresso) C:\Program Files (x86)\NetGuard\TomcatWrapper.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\NetGuard\jre\bin\javaw.exe
() C:\Windows\System32\Rdpssw32.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Acresso) C:\Program Files (x86)\NetGuard2.08\upsMonitor.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\NetGuard2.08\jre\bin\javaw.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acresso) C:\Program Files (x86)\NetGuard2.08\NetGuard.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\NetGuard2.08\jre\bin\javaw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(ThinSoft Pte Ltd.) C:\Program Files (x86)\BeTwin\BeTwinAssistant.exe
(ThinSoft Pte Ltd) C:\Program Files (x86)\BeTwin\BeTwinMessages.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\NetGuard2.08\console\ViewPowerTray.exe
(Apache Software Foundation) C:\Program Files (x86)\NetGuard2.08\tomcat\bin\tomcat6.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(ThinSoft Pte Ltd.) C:\Program Files (x86)\BeTwin\BeTwinAssistant.exe
(ThinSoft Pte Ltd) C:\Program Files (x86)\BeTwin\BeTwinMessages.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Premier19\Myobp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(ThinSoft Pte Ltd.) C:\Program Files (x86)\BeTwin\BeTwinAssistant.exe
(ThinSoft Pte Ltd) C:\Program Files (x86)\BeTwin\BeTwinMessages.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Creative Software LLC) C:\limowiz2000\LimoWiz.EXE
(Creative Software LLC) C:\limowiz2000\LimoWiz.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(ThinSoft Pte Ltd.) C:\Program Files (x86)\BeTwin\BeTwinAssistant.exe
(ThinSoft Pte Ltd) C:\Program Files (x86)\BeTwin\BeTwinMessages.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Creative Software LLC) C:\limowiz2000\LimoWiz.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\msinfo32.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-21] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [BeTwinAssistant] => C:\Program Files (x86)\BeTwin\BeTwinAssistant.exe [115528 2011-08-24] (ThinSoft Pte Ltd.)
HKLM-x32\...\Run: [BeTwinMessages] => C:\Program Files (x86)\BeTwin\BeTwinMessages.exe [125848 2011-08-24] (ThinSoft Pte Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1531872 2015-10-13] (Sophos Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\...\Run: [Corel Photo Downloader] => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\...\MountPoints2: {d73527e9-31c2-11e2-97b0-50e549e2b493} - G:\laucher.exe
HKU\S-1-5-21-1888747803-2331596299-1794523272-1008\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [231936 2016-02-19] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [289040 2016-02-19] (Sophos Limited)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetGuard.lnk [2012-03-20]
ShortcutTarget: NetGuard.lnk -> C:\Program Files (x86)\NetGuard2.08\NetGuard.exe (Acresso)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-02-19] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-02-19] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-02-19] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-02-19] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-02-19] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-02-19] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-02-19] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-02-19] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-02-19] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-02-19] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-02-19] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-02-19] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-02-19] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-02-19] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-02-19] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-02-19] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-02-19] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-02-19] (Sophos Limited)
Tcpip\..\Interfaces\{65E2CD76-7DB8-4C86-A486-F676BBDE1028}: [NameServer] 139.130.4.4,203.50.2.71
Tcpip\..\Interfaces\{74EAAF85-8125-43FA-A68B-ABE36CBD23F7}: [NameServer] 192.168.0.10
Tcpip\..\Interfaces\{D2117A80-4DB6-4232-BDC9-8D4DB9A007DA}: [DhcpNameServer] 192.168.0.10
Tcpip\..\Interfaces\{F71F5E06-DDB8-412E-8057-F1C7E14E57A7}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{FFB8BE4A-6EC6-4556-AA5A-6FB4686E93FB}: [NameServer] 192.168.0.10
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1888747803-2331596299-1794523272-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ninemsn.com.au/?ocid=iehp
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/en-au/?pc=UP97&ocid=UP97DHP
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ninemsn.com.au/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1888747803-2331596299-1794523272-1005 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-1888747803-2331596299-1794523272-1008 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-11] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-09-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-11] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-09-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-09-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1888747803-2331596299-1794523272-1005 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1888747803-2331596299-1794523272-1008 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {F4E59691-8BC1-446B-9F89-B4C8621D2079} hxxps://secure.thinsoftinc.com/WinConnectServerRegistration/controls/RegisterBeTwin2000.ocx
 
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1gocvwkt.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-10-04] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.reddit.com/
CHR StartupUrls: Default -> "hxxp://www.reddit.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Hide Fedora) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjgabfifnnmmlckmnijdbijgbfpedde [2016-03-22]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-01-04]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Webmail Ad Blocker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp [2016-05-17]
CHR Extension: (Ratings Preview for YouTube™) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank [2016-01-04]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12]
CHR Extension: (Search by Image (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-01-04]
CHR Extension: (Tampermonkey) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-05-31]
CHR Extension: (Little Alchemy light) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlinaifoeodggjcfoonifcjppkklkdkd [2016-01-04]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2016-04-26]
CHR Extension: (Supernova) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegpgpjbmbggplclldecdbpcmopmlbll [2013-06-28]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-02]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-06-09]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-03-19]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-20]
CHR Extension: (Ghostery) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-03-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-07]
CHR HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 BeTwinMessagesLog; C:\Windows\System32\BeTwinMessagesLog.exe [70480 2011-08-24] (ThinSoft Pte Ltd.)
R3 BeTwinProxy; C:\Windows\System32\BeTwinProxyVS.dll [217928 2011-08-24] (ThinSoft Pte Ltd.)
R2 BeTwinService; C:\Windows\System32\BeTwinServiceVS.exe [335688 2011-08-24] (ThinSoft Pte Ltd.)
R2 NetGuard; C:\Program Files (x86)\NetGuard\TomcatWrapper.exe [116224 2012-03-12] (Acresso) [File not signed]
R2 RDPSSW32; C:\Windows\System32\RDPSSW32.EXE [68608 2010-05-19] () [File not signed]
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [311544 2016-02-19] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [285136 2016-02-19] (Sophos Limited)
R2 ShadowControl ImageManager; C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe [2014952 2015-11-02] (StorageCraft Technology Corporation)
R2 ShadowProtectSvc; C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [4672336 2012-12-04] (StorageCraft Technology Corporation)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [604000 2015-10-13] (Sophos Limited)
R2 sophossps; C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe [2455816 2015-12-16] (Sophos Limited)
R2 StorageCraft ImageManager; C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe [2014952 2015-11-02] (StorageCraft Technology Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3339736 2016-02-19] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2118896 2016-02-19] (Sophos Limited)
R2 upsMonitor; C:\Program Files (x86)\NetGuard2.08\upsMonitor.exe [116224 2012-03-20] (Acresso) [File not signed]
R3 upsTomcat; C:\Program Files (x86)\NetGuard2.08\tomcat\bin\tomcat6.exe [57344 2011-04-15] (Apache Software Foundation) [File not signed]
R2 VSNAPVSS; C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe [71976 2012-12-04] (StorageCraft Technology Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R1 BeTwinSystem; C:\Windows\System32\Drivers\BeTwinSystemVS.sys [23368 2011-08-24] (ThinSoft Pte Ltd.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [161024 2016-02-19] (Sophos Limited)
R1 sbmount; C:\Windows\System32\Drivers\sbmount.sys [133352 2015-11-02] (StorageCraft Technology Corporation)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2016-02-19] (Sophos Limited)
R0 stcvsm; C:\Windows\System32\DRIVERS\stcvsm.sys [277288 2012-12-04] (StorageCraft Technology Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-09 09:13 - 2016-06-09 09:13 - 00025847 _____ C:\Users\Admin\Desktop\FRST.txt
2016-06-08 11:28 - 2016-06-08 11:28 - 00005004 _____ C:\ProgramData\giiynunu.mau
2016-06-08 11:28 - 2016-06-08 11:28 - 00000016 _____ C:\ProgramData\mntemp
2016-06-08 11:02 - 2016-06-08 11:23 - 00005012 _____ C:\Users\Admin\Desktop\Fixlog.txt
2016-06-08 11:01 - 2016-06-09 09:13 - 00000000 ____D C:\Users\Admin\Desktop\FRST-OlderVersion
2016-06-08 11:01 - 2016-06-08 11:01 - 00002066 _____ C:\Users\Admin\Desktop\fixlist.txt
2016-06-08 10:59 - 2016-06-08 10:59 - 00023719 _____ C:\Users\Admin\Desktop\AdwCleaner[C1].txt
2016-06-08 10:32 - 2016-06-08 10:39 - 00000000 ____D C:\AdwCleaner
2016-06-08 10:31 - 2016-06-08 10:31 - 03677248 _____ C:\Users\Admin\Desktop\AdwCleaner.exe
2016-06-03 13:44 - 2016-06-07 09:37 - 00037303 _____ C:\Users\Admin\Downloads\Addition.txt
2016-06-03 13:43 - 2016-06-07 09:37 - 00058755 _____ C:\Users\Admin\Downloads\FRST.txt
2016-06-03 13:42 - 2016-06-09 09:13 - 02385408 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2016-06-03 11:47 - 2016-06-03 11:47 - 00000000 ____D C:\Users\Admin\AppData\Local\Sophos
2016-05-31 15:07 - 2016-05-31 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-05-31 15:07 - 2016-02-19 04:30 - 00035592 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2016-05-31 15:06 - 2016-02-19 04:31 - 00161024 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys
2016-05-31 15:06 - 2016-02-19 04:30 - 00027904 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosBootDriver.sys
2016-05-31 15:01 - 2016-05-31 15:07 - 00000000 ____D C:\ProgramData\Sophos
2016-05-31 15:01 - 2016-05-31 15:07 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-05-31 14:58 - 2016-05-31 15:33 - 00000000 ____D C:\savw_103_sa
2016-05-31 14:58 - 2016-01-13 16:17 - 157949968 _____ C:\Users\Steve\Desktop\savw_103_sa_sfx.exe
2016-05-27 09:53 - 2016-05-27 09:53 - 00026698 _____ C:\Users\Admin\Desktop\Test Page.pdf
2016-05-13 15:10 - 2016-05-13 15:10 - 00000000 ____D C:\Users\Admin\AppData\Roaming\AMD
2016-05-11 19:27 - 2016-04-14 23:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 19:27 - 2016-04-14 23:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 19:27 - 2016-04-09 17:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 19:27 - 2016-04-09 17:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 19:27 - 2016-04-09 17:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 19:27 - 2016-04-09 17:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 19:27 - 2016-04-09 17:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 19:27 - 2016-04-09 17:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 19:27 - 2016-04-09 17:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 19:27 - 2016-04-09 16:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 19:27 - 2016-04-09 16:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 19:27 - 2016-04-09 16:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 19:27 - 2016-04-09 16:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 16:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 19:27 - 2016-04-09 15:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 19:27 - 2016-04-09 15:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 19:27 - 2016-04-09 15:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 19:27 - 2016-04-09 15:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 19:27 - 2016-04-09 15:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 19:27 - 2016-04-09 15:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 19:27 - 2016-04-09 15:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 19:27 - 2016-04-09 15:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 19:27 - 2016-04-09 15:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 19:27 - 2016-04-09 15:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 19:27 - 2016-04-09 15:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 19:27 - 2016-04-09 15:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 19:27 - 2016-04-09 15:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 19:27 - 2016-04-09 15:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 19:27 - 2016-04-09 15:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 19:27 - 2016-04-09 15:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 19:27 - 2016-04-09 15:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 19:27 - 2016-04-09 15:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 19:27 - 2016-04-09 15:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 15:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 15:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 15:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 19:27 - 2016-04-09 14:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 19:27 - 2016-04-09 13:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 19:27 - 2016-04-07 01:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 19:27 - 2016-03-10 04:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 19:27 - 2016-03-10 04:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-11 10:33 - 2016-05-11 10:33 - 00000000 ____D C:\Users\Steve\AppData\Local\VirtualStore
2016-05-11 08:16 - 2016-05-11 08:16 - 00000000 ____D C:\Users\Hayley\AppData\Local\VirtualStore
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-09 09:13 - 2016-05-05 11:21 - 00000000 ____D C:\FRST
2016-06-09 09:12 - 2012-12-04 11:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-09 09:09 - 2009-07-14 14:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-09 09:09 - 2009-07-14 14:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-09 09:08 - 2015-01-23 09:53 - 00000000 ____D C:\limowiz2000
2016-06-09 09:07 - 2012-03-19 14:57 - 00000000 ____D C:\Users\Admin\Documents\Outlook Files
2016-06-09 09:04 - 2013-01-22 03:23 - 00000354 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2016-06-09 09:04 - 2012-11-13 08:48 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-09 08:47 - 2012-03-12 16:10 - 00000520 _____ C:\Windows\SysWOW64\winsusrm.dll
2016-06-09 08:47 - 2012-03-12 16:10 - 00000344 _____ C:\Windows\SysWOW64\winsusrx.dll
2016-06-09 08:45 - 2012-11-13 08:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-09 07:47 - 2012-11-13 08:49 - 00002233 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 15:05 - 2012-03-19 15:16 - 00000424 _____ C:\Windows\MYOBP.INI
2016-06-08 15:05 - 2012-03-19 15:12 - 00000000 ____D C:\Premier19
2016-06-08 15:04 - 2012-03-19 15:16 - 00000042 _____ C:\Windows\MYOB.INI
2016-06-08 14:13 - 2016-03-31 12:46 - 00000000 ____D C:\Users\Administrator
2016-06-08 14:00 - 2012-03-12 16:10 - 00000000 ____D C:\ProgramData\ThinSoft
2016-06-08 14:00 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-08 11:45 - 2016-05-05 11:37 - 00000008 __RSH C:\Users\Hayley\ntuser.pol
2016-06-08 11:45 - 2015-03-23 12:22 - 00000000 ____D C:\Users\Hayley
2016-06-08 11:30 - 2016-05-05 11:43 - 00000008 __RSH C:\Users\Admin\ntuser.pol
2016-06-08 11:30 - 2012-03-13 08:29 - 00000000 ____D C:\Users\Admin
2016-06-08 11:29 - 2016-05-05 10:49 - 00000008 __RSH C:\Users\Steve\ntuser.pol
2016-06-08 11:29 - 2012-03-19 15:06 - 00000000 ____D C:\Users\Steve
2016-06-08 11:03 - 2009-07-14 13:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-06-07 10:17 - 2015-03-09 12:44 - 00001456 _____ C:\Users\Admin\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-06-06 00:59 - 2012-03-12 16:03 - 00000000 ____D C:\viewpower
2016-06-03 16:53 - 2012-03-19 15:07 - 00000000 ____D C:\Users\Steve\Documents\Outlook Files
2016-06-02 11:24 - 2016-01-07 16:48 - 00023731 _____ C:\Users\Admin\Documents\figures for hayley.xlsx
2016-05-31 15:10 - 2016-03-31 12:21 - 00000000 ____D C:\Users\Admin\AppData\Roaming\StorageCraft
2016-05-31 15:02 - 2012-03-19 15:46 - 00000000 ____D C:\Users\Steve\AppData\Roaming\StorageCraft
2016-05-31 15:01 - 2009-07-14 15:13 - 00006450 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-31 14:52 - 2012-03-20 14:18 - 00000000 ____D C:\ProgramData\MFAData
2016-05-30 13:06 - 2012-03-19 13:44 - 00000000 ____D C:\NQES
2016-05-27 03:00 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-27 03:00 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-13 23:12 - 2012-12-04 11:47 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 23:12 - 2012-12-04 11:47 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-13 23:12 - 2012-03-12 11:43 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-13 03:00 - 2014-12-12 03:23 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 04:12 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2016-05-12 03:35 - 2009-07-14 14:45 - 05063728 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-12 03:33 - 2011-04-12 18:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 03:14 - 2013-07-27 03:00 - 00000000 ____D C:\Windows\system32\MRT
2016-05-12 03:02 - 2012-03-09 16:00 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-11 10:40 - 2012-11-13 08:48 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 10:40 - 2012-11-13 08:48 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 15:20 - 2016-02-10 21:12 - 00000000 __SHD C:\Users\Guest\AppData\Roaming\tsifehid
 
==================== Files in the root of some directories =======
 
2013-09-28 15:28 - 2014-06-23 14:26 - 0003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2015-03-17 11:53 - 2016-02-03 09:46 - 0000132 _____ () C:\Users\Admin\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-03-09 12:44 - 2016-06-07 10:17 - 0001456 _____ () C:\Users\Admin\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-08-15 09:51 - 2012-08-15 09:51 - 0003584 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-28 17:13 - 2012-08-28 17:13 - 0000008 __RSH () C:\ProgramData\91332E1471.sys
2016-06-08 11:28 - 2016-06-08 11:28 - 0005004 _____ () C:\ProgramData\giiynunu.mau
2012-08-16 17:29 - 2013-11-08 12:58 - 0003766 ___SH () C:\ProgramData\KGyGaAvL.sys
2016-06-08 11:28 - 2016-06-08 11:28 - 0000016 _____ () C:\ProgramData\mntemp
 
Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\libeay32.dll
C:\Users\Admin\AppData\Local\Temp\msvcr120.dll
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-07 00:25
 
==================== End of FRST.txt ============================
 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-06-2016
Ran by jake (2016-06-09 09:13:49)
Running from C:\Users\Admin\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-03-09 03:14:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1888747803-2331596299-1794523272-500 - Administrator - Enabled) => C:\Users\Administrator
craig1 (S-1-5-21-1888747803-2331596299-1794523272-1007 - Limited - Enabled) => C:\Users\craig1
Guest (S-1-5-21-1888747803-2331596299-1794523272-501 - Limited - Enabled) => C:\Users\Guest
Hayley (S-1-5-21-1888747803-2331596299-1794523272-1008 - Limited - Enabled) => C:\Users\Hayley
jake (S-1-5-21-1888747803-2331596299-1794523272-1004 - Administrator - Enabled) => C:\Users\Admin
setup (S-1-5-21-1888747803-2331596299-1794523272-1003 - Limited - Enabled) => C:\Users\setup
SophosSAUNQESSERVER0 (S-1-5-21-1888747803-2331596299-1794523272-1013 - Limited - Enabled)
Steve (S-1-5-21-1888747803-2331596299-1794523272-1005 - Administrator - Enabled) => C:\Users\Steve
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat X Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000005}) (Version: 10.1.8 - Adobe Systems)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.1.831 - AVG Technologies)
Bullzip PDF Printer 10.3.0.2191 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.3.0.2191 - Bullzip)
Corel Painter Photo Essentials 4 (HKLM-x32\...\_{707EB912-C597-49D8-9460-46CC9AB03EBE}) (Version:  - Corel Corporation)
Corel Painter Photo Essentials 4 (x32 Version: 4.1 - Corel Corporation) Hidden
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
eMagicOne Store Manager for PrestaShop STANDARD 2.8.0.639 (HKLM-x32\...\{A07B5EA3-DA77-42CB-A8F6-2813B36BDDB6}_is1) (Version: 2.8.0.639 - eMagicOne)
Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
LimoWiz 16.3.0 (HKLM-x32\...\{5C905A42-C845-480B-90C1-15DE0EB74141}) (Version: 16.3.0 - Creative Software LLC)
LimoWiz RTF Editor 3.0.8 (HKLM-x32\...\{1F5C14F0-B743-4026-B2EC-23329570640E}) (Version: 3.0.8 - Creative Software & Consulting LLC)
LimoWizEditor 3.0.8 (HKLM-x32\...\{EFCC3FA1-9D52-47A7-AB39-A1E92B9D3415}) (Version: 3.0.8 - Creative Software & Consulting LLC)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 en-GB)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MYOB AccountRight Plus v19.9 (HKLM-x32\...\InstallShield_{99E420FC-372C-4107-BA85-4CC44E265C2A}) (Version: 19.9.0 - MYOB Technology Pty Ltd)
MYOB AccountRight Plus v19.9 (x32 Version: 19.9.0 - MYOB Technology Pty Ltd) Hidden
MYOB AccountRight Premier v19 (HKLM-x32\...\InstallShield_{14CD4651-23C3-4D99-9A13-D1DBE4835E16}) (Version: 19.0.0 - MYOB Technology Pty Ltd)
MYOB AccountRight Premier v19 (x32 Version: 19.0.0 - MYOB Technology Pty Ltd) Hidden
MYOB ODBC Direct v10 AUS (HKLM-x32\...\InstallShield_{55D5A77E-FAAA-4358-B3E5-6565E024F78B}) (Version: 10.0.0 - MYOB Technology Pty Ltd)
MYOB ODBC Direct v10 AUS (x32 Version: 10.0.0 - MYOB Technology Pty Ltd) Hidden
NetGuard (HKLM-x32\...\NetGuard) (Version: 1.0.0.0 - )
NetGuard2.08 (HKLM-x32\...\NetGuard2.08) (Version: 1.0.0.0 - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team)
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version:  - Tracker Software)
PUMP-FLO (HKLM-x32\...\PUMP-FLO) (Version: 10.6.2 - )
QuickTime (HKLM-x32\...\{8DC42D05-680B-41B0-8878-6C14D24602DB}) (Version: 7.55.90.70 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.531.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6423 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
ShadowProtect Desktop (x32 Version: 4.15.10129 - StorageCraft) Hidden
Sophos Anti-Virus (HKLM-x32\...\{09863DA9-7A9B-4430-9561-E04D178D7017}) (Version: 10.6.3.537 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{BCF53039-A7FC-4C79-A3E3-437AE28FD918}) (Version: 5.2.0.276 - Sophos Limited)
Sophos System Protection (HKLM-x32\...\{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6}) (Version: 1.3.0 - Sophos Limited)
StorageCraft ImageManager (HKLM-x32\...\{30fd1c71-e90d-4349-a7de-4fa51c1a8656}) (Version: 6.7.7 - StorageCraft Technology Corporation)
StorageCraft ImageManager (Version: 6.7.7 - StorageCraft Technology Corporation) Hidden
StorageCraft ShadowProtect (HKLM-x32\...\ShadowProtect) (Version: 4.2.7.19756 - StorageCraft Technology Corporation (STC))
Vehicle Manager 2016 (HKLM-x32\...\{EDE577B6-48B4-441A-9BD8-63E724D13A1B}_is1) (Version: 2.0.1162.0 - Kaizen Software Solutions)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinConnect Server VS x64 2.00.628 (HKLM\...\WinConnect Server VS x64_is1) (Version: 2.0.0.628 - ThinSoft Pte. Ltd.)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Zebra Font Downloader (HKLM-x32\...\Zebra Font Downloader_is1) (Version:  - Zebra Technologies Corporation)
ZebraDesigner 2 (HKLM-x32\...\ZebraDesigner 2) (Version:  - Zebra Technologies Corporation)
ZebraDesigner 2 (x32 Version: 2.2.0 - Zebra Technologies Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {22C4E176-83C4-4455-AC90-60F74759EAC0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {3A2845EA-C4BE-433F-88F0-C55028B3A674} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {624BB429-9E49-4BDF-BE7A-7E02C7E6B9F6} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {794FC1A7-78BB-4FDC-A23B-7C15BDFA1243} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {8683EF09-8254-4470-A49A-73DADCD561C4} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {9F24DE8A-D04C-4085-9023-8F9B5997F2FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {A6D7C7D8-21BB-4403-8F9C-5139A9D7AE3E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {B1780CED-A313-498B-8AD7-473151104E86} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {BC65D0DC-ACED-41C2-B4D6-51B9CD4895DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {CF6BBB1C-03C6-486B-87BC-C8EA6228F59B} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {F40231AC-116A-42D8-BEE4-917B3D28055B} - \{198B3756-9592-4CCC-85E4-305DC6A8D173} -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-03-12 16:10 - 2010-05-19 13:29 - 00068608 _____ () C:\Windows\System32\RDPSSW32.EXE
2015-10-16 20:02 - 2015-10-16 20:02 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2012-03-20 13:50 - 2011-04-27 09:30 - 00176199 _____ () C:\Program Files (x86)\NetGuard2.08\Console\ViewPowerTray.exe
2010-02-22 15:27 - 2010-02-22 15:27 - 20434592 _____ () C:\Premier19\Myobp.exe
2012-03-12 16:02 - 2010-05-11 10:49 - 00049152 _____ () C:\Program Files (x86)\NetGuard\jre\bin\Shutdown.dll
2012-03-12 16:02 - 2010-05-11 10:49 - 00114688 _____ () C:\Program Files (x86)\NetGuard\jre\bin\USBDevice.dll
2012-03-12 16:02 - 2010-05-11 10:49 - 00077759 _____ () C:\Program Files (x86)\NetGuard\jre\bin\rxtxSerial.dll
2009-07-14 07:03 - 2009-07-14 11:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2012-03-20 13:51 - 2010-05-11 10:49 - 00114688 _____ () C:\Program Files (x86)\NetGuard2.08\jre\bin\USBDevice.dll
2012-03-20 13:51 - 2010-05-11 10:49 - 00049152 _____ () C:\Program Files (x86)\NetGuard2.08\jre\bin\Shutdown.dll
2012-03-20 13:51 - 2010-05-11 10:49 - 00077759 _____ () C:\Program Files (x86)\NetGuard2.08\jre\bin\rxtxSerial.dll
2016-05-12 03:44 - 2016-05-12 03:44 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\68b50258c65f19990de5179995021e57\IsdiInterop.ni.dll
2012-03-09 15:49 - 2011-05-20 10:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2009-11-30 19:16 - 2009-11-30 19:16 - 00204800 _____ () C:\Premier19\MYOBSp32.dll
2007-03-16 03:38 - 2007-03-16 03:38 - 00344064 _____ () C:\Premier19\ctmyob32.dll
2003-02-20 17:42 - 2003-02-20 17:42 - 01159289 _____ () C:\Program Files (x86)\MYOB\Common\JRE\bin\Client\JVM.dll
2003-02-20 17:42 - 2003-02-20 17:42 - 00028787 _____ () C:\Program Files (x86)\MYOB\Common\JRE\bin\hpi.dll
2003-02-20 17:42 - 2003-02-20 17:42 - 00057449 _____ () C:\Program Files (x86)\MYOB\Common\JRE\bin\verify.dll
2003-02-20 17:42 - 2003-02-20 17:42 - 00102511 _____ () C:\Program Files (x86)\MYOB\Common\JRE\bin\java.dll
2003-02-20 17:42 - 2003-02-20 17:42 - 00053360 _____ () C:\Program Files (x86)\MYOB\Common\JRE\bin\zip.dll
2008-09-10 11:34 - 2008-09-10 11:34 - 01988608 _____ () C:\limowiz2000\FabPaint.DLL
2013-05-14 04:42 - 2013-05-14 04:42 - 00107520 _____ () C:\limowiz2000\zlibwapi.DLL
2016-06-09 07:47 - 2016-06-04 11:56 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libglesv2.dll
2016-06-09 07:47 - 2016-06-04 11:56 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libegl.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-09-03 23:54 - 2013-09-03 23:54 - 02897280 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
2015-11-11 02:42 - 2015-11-11 02:42 - 01045672 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:618D0840 [272]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1888747803-2331596299-1794523272-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1888747803-2331596299-1794523272-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 139.130.4.4 - 203.50.2.71
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{EBC1C2DF-33CC-4BDE-8FBF-10EA8AC09114}C:\program files (x86)\netguard\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\netguard\jre\bin\javaw.exe
FirewallRules: [UDP Query User{EE8D9123-3B63-4021-A047-8C7C1BBC45FC}C:\program files (x86)\netguard\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\netguard\jre\bin\javaw.exe
FirewallRules: [{BEFC6ED4-C5B9-469D-9C95-312A3BA8BC9C}] => (Allow) C:\Program Files (x86)\BeTwin\Rdpman.exe
FirewallRules: [{395A6E03-6B30-42C0-A4CD-608CE81444D0}] => (Allow) C:\Program Files (x86)\BeTwin\Rdpman.exe
FirewallRules: [{F444F08B-371A-45B9-B606-4FF58397A86D}] => (Allow) C:\Program Files (x86)\BeTwin\Rdpman.exe
FirewallRules: [{A533FD0D-5C4A-424C-966E-D625656098A7}] => (Allow) C:\Program Files (x86)\BeTwin\Rdpman.exe
FirewallRules: [{F2032BD4-48B5-4496-B46A-71BC7EAEFD15}] => (Allow) C:\Program Files (x86)\BeTwin\BeTwinMessages.exe
FirewallRules: [{5D5776A3-7448-486D-A0E9-F8B25F79D119}] => (Allow) C:\Program Files (x86)\BeTwin\BeTwinMessages.exe
FirewallRules: [{EED37366-BF29-473D-B3A7-B148B2C480CF}] => (Allow) C:\Program Files (x86)\BeTwin\BeTwinMessages.exe
FirewallRules: [{CF100830-5570-476E-A48E-AB39BD78DEC0}] => (Allow) C:\Program Files (x86)\BeTwin\BeTwinMessages.exe
FirewallRules: [{938BBE5C-06F0-4774-82B6-354752739EAB}] => (Allow) C:\Program Files (x86)\BeTwin\BeTwinAssistant.exe
FirewallRules: [{05B69B02-8549-4A56-B9FC-8808243906F0}] => (Allow) C:\Program Files (x86)\BeTwin\BeTwinAssistant.exe
FirewallRules: [{AD890F89-F17C-4683-9A3D-E0B845BC0288}] => (Allow) C:\Program Files (x86)\BeTwin\BeTwinAssistant.exe
FirewallRules: [{831BC636-FF39-4EC1-9EFE-C34370800BA2}] => (Allow) C:\Program Files (x86)\BeTwin\BeTwinAssistant.exe
FirewallRules: [TCP Query User{42247530-2934-4248-8D8C-5B325B7CFA9C}C:\program files (x86)\storagecraft\imagemanager\imagemanager.client.exe] => (Allow) C:\program files (x86)\storagecraft\imagemanager\imagemanager.client.exe
FirewallRules: [UDP Query User{A695C1D7-E86B-4426-B676-BACF73B1B11C}C:\program files (x86)\storagecraft\imagemanager\imagemanager.client.exe] => (Allow) C:\program files (x86)\storagecraft\imagemanager\imagemanager.client.exe
FirewallRules: [{D4C39BBE-5DAF-4E55-A2B8-9DEA22087765}] => (Block) C:\program files (x86)\storagecraft\imagemanager\imagemanager.client.exe
FirewallRules: [{CD7EFE54-0828-462B-8D75-DDD9D8E06DD9}] => (Block) C:\program files (x86)\storagecraft\imagemanager\imagemanager.client.exe
FirewallRules: [{BCF29EA0-373F-43C2-B42C-F3EA7F623A9A}] => (Allow) LPort=3393
FirewallRules: [TCP Query User{A7B933C3-F5B2-4806-9F31-F811C0FBDF8F}C:\program files (x86)\netguard2.08\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\netguard2.08\jre\bin\javaw.exe
FirewallRules: [UDP Query User{C7287DD0-8973-4CFE-8349-30CB2F1000A2}C:\program files (x86)\netguard2.08\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\netguard2.08\jre\bin\javaw.exe
FirewallRules: [{DDA49DF7-3A26-4C7C-9743-5D53076D7822}] => (Block) C:\program files (x86)\netguard2.08\jre\bin\javaw.exe
FirewallRules: [{A4D73337-7D51-4216-8EED-B75626EBE641}] => (Block) C:\program files (x86)\netguard2.08\jre\bin\javaw.exe
FirewallRules: [{8717CCA3-F241-4236-A76B-1C0F0656DEDD}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{90203BED-DBFF-46CD-839A-0A3E9E42F12B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{D1ACD210-B9C8-4354-A9C0-09C1A88D66B5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F40E13F2-0E54-4452-8010-DA36D2A1CFB3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{ED132421-78C1-4856-A166-F055463FB02F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BBFBF2A6-8F9B-4239-9CE4-0898FD76143D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D0D8DAF2-EA95-426F-AF73-19C4352AA67A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{27CCC066-CB1D-464B-B90E-5F5B4675D1C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{77164E8E-5DCD-4876-955C-C32FC3178878}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\admin\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{FB659B00-F306-4DD5-8371-B40539DCF61C}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\admin\appdata\local\akamai\netsession_win.exe
FirewallRules: [{34BAD91D-6E20-4895-A1E3-BC2BE29F0877}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{7C9866F7-9772-4496-A837-E53F1C63B252}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{86D067AF-3094-4A48-B41E-8558527A9731}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{5E61E75D-FA26-40AD-8CA6-015009EF69D5}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{FD603CB3-616E-4E7A-89E0-0F01ED38F2B1}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
FirewallRules: [{750B19AA-1071-4A19-BB32-F4E2232838EC}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
FirewallRules: [{6F2892CE-83D3-466A-A1CF-BF15C3A43EDF}] => (Allow) LPort=4000
FirewallRules: [{12284666-9A3E-4DCD-AB0E-DC6D55C0548A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2DC1CE30-8C20-4EFA-A636-F92BDF59B2C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D1E1EC2F-326B-4A83-8212-E7BA1FEF119A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
31-05-2016 14:59:32 Installed Sophos Anti-Virus
31-05-2016 15:01:50 Installed Sophos AutoUpdate
01-06-2016 03:44:34 Windows Update
07-06-2016 22:49:48 Windows Update
08-06-2016 11:02:36 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/08/2016 03:46:25 PM) (Source: IAStorDataMgrSvc) (EventID: 0) (User: )
Description: Disk on port 0: Failed.
Disk on port 0: Failed.
 
Error: (06/08/2016 02:00:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/08/2016 02:00:39 PM) (Source: StorageCraft ImageManager) (EventID: 1128) (User: )
Description: ImageManager.ThreadProc exception: Only one usage of each socket address (protocol/network address/port) is normally permitted:
 
Error: (06/08/2016 02:00:35 PM) (Source: StorageCraft ImageManager) (EventID: 1129) (User: )
Description: ImageManager.log
 
Log open exception: The process cannot access the file 'C:\Program Files (x86)\StorageCraft\ImageManager\Logs\ImageManager.log' because it is being used by another process.
 
Error: (06/08/2016 11:29:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/08/2016 11:28:50 AM) (Source: StorageCraft ImageManager) (EventID: 1128) (User: )
Description: ImageManager.ThreadProc exception: Only one usage of each socket address (protocol/network address/port) is normally permitted:
 
Error: (06/08/2016 11:28:49 AM) (Source: StorageCraft ImageManager) (EventID: 1129) (User: )
Description: ImageManager.log
 
Log open exception: The process cannot access the file 'C:\Program Files (x86)\StorageCraft\ImageManager\Logs\ImageManager.log' because it is being used by another process.
 
Error: (06/08/2016 11:22:59 AM) (Source: Winlogon) (EventID: 4004) (User: )
Description: The Windows logon process has failed to terminate the currently logged on user's processes.
 
Error: (06/08/2016 11:13:38 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.
 
Details:
Not enough storage is available to process this command.  (HRESULT : 0x80070008) (0x80070008)
 
Error: (06/08/2016 11:13:15 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x80070008)
 
 
System errors:
=============
Error: (06/09/2016 09:03:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the StorageCraft ImageManager service.
 
Error: (06/09/2016 09:02:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the StorageCraft ImageManager service.
 
Error: (06/09/2016 05:31:43 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (06/09/2016 05:31:42 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the StorageCraft ImageManager service.
 
Error: (06/09/2016 05:31:12 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the StorageCraft ImageManager service.
 
Error: (06/08/2016 09:36:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the StorageCraft ImageManager service.
 
Error: (06/08/2016 09:35:31 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the StorageCraft ImageManager service.
 
Error: (06/08/2016 07:29:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (06/08/2016 07:29:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the StorageCraft ImageManager service.
 
Error: (06/08/2016 07:29:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the StorageCraft ImageManager service.
 
 
CodeIntegrity:
===================================
  Date: 2016-06-08 16:20:37.762
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-08 15:46:23.538
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-08 15:14:04.955
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-08 14:22:50.991
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-08 13:57:29.259
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-08 13:44:28.646
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-08 13:20:10.793
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-08 12:21:49.986
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-08 12:09:34.341
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-08 11:45:14.599
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 48%
Total physical RAM: 8175.06 MB
Available physical RAM: 4206.23 MB
Total Virtual: 16348.31 MB
Available Virtual: 10605.07 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:701.49 GB) NTFS
Drive e: (Perm) (Fixed) (Total:1862.89 GB) (Free:1346.27 GB) NTFS
Drive f: (Off Site) (Fixed) (Total:931.51 GB) (Free:676.53 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8A959174)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 60D08FAA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 7B8AF707)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 

 

Since performing the steps in the previous post the computer has been running slower, additionally when i ran adwcleaner and it restarted my computer i had to force a restart because it hung on loading windows. Intel is now reporting that a disk drive my be at ris as well.

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:59 AM

Posted 08 June 2016 - 09:27 PM

There is an error in your report related to your disk.

Please do these things.

===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Double click gsmartcontrol.exe and follow the prompts to install the program all the way through the Finish button
  • Hit the Windows Key + E at the same time
  • Navigate to and double click C:\Program Files (86)\gsmartcontrol (select the application and not the Icon)
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\...\MountPoints2: {d73527e9-31c2-11e2-97b0-50e549e2b493} - G:\laucher.exe
HKU\S-1-5-21-1888747803-2331596299-1794523272-1008\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.)
SearchScopes: HKU\S-1-5-21-1888747803-2331596299-1794523272-1005 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-1888747803-2331596299-1794523272-1008 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-1888747803-2331596299-1794523272-1005 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1888747803-2331596299-1794523272-1008 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
2016-06-08 11:28 - 2016-06-08 11:28 - 00005004 _____ C:\ProgramData\giiynunu.mau
2016-06-08 11:28 - 2016-06-08 11:28 - 00000016 _____ C:\ProgramData\mntemp
2016-05-30 13:06 - 2012-03-19 13:44 - 00000000 ____D C:\NQES
2012-08-28 17:13 - 2012-08-28 17:13 - 0000008 __RSH () C:\ProgramData\91332E1471.sys
Task: {F40231AC-116A-42D8-BEE4-917B3D28055B} - \{198B3756-9592-4CCC-85E4-305DC6A8D173} -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:618D0840 [272]
Folder: C:\Users\Guest\AppData\Roaming\tsifehid
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\Windows\System32\Rdpssw32.exe

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • GSmart report
  • Fixlog
  • VirusTotal link

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Flaming

Flaming
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 09 June 2016 - 12:19 AM

I produced the Gsmart report no problems and the fixlog for FRST however when attempting to locate C:\Windows\System32\Rdpssw32.exe it was not shown in the folder. I then opened task manager and opened the file location of Rdpssw32.exe process (http://imgur.com/2FpdXvg) which displayed it in the folder. I drag and dropped the file into virustotal and it displayed a message that the file uploaded was empty. 

 

 

smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win7(64)-sp1] (sf-5.43-1)

Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net

 

=== START OF INFORMATION SECTION ===

Device Model:     WDC WD10EZEX-00BN5A0

Serial Number:    WD-WCC3F0NA6E5A

LU WWN Device Id: 5 0014ee 20c4c2110

Firmware Version: 01.01A01

User Capacity:    1,000,204,886,016 bytes [1.00 TB]

Sector Sizes:     512 bytes logical, 4096 bytes physical

Device is:        Not in smartctl database [for details use: -P showall]

ATA Version is:   8

ATA Standard is:  ACS-2 (unknown minor revision code: 0x001f)

Local Time is:    Thu Jun 09 14:05:31 2016 EAST

SMART support is: Available - device has SMART capability.

SMART support is: Enabled

 

=== START OF READ SMART DATA SECTION ===

SMART overall-health self-assessment test result: PASSED

 

General SMART Values:

Offline data collection status:  (0x82)      Offline data collection activity

                                                                                was completed without error.

                                                                                Auto Offline Data Collection: Enabled.

Self-test execution status:      (   0)            The previous self-test routine completed

                                                                                without error or no self-test has ever

                                                                                been run.

Total time to complete Offline

data collection:                                 (11400) seconds.

Offline data collection

capabilities:                                         (0x7b) SMART execute Offline immediate.

                                                                                Auto Offline data collection on/off support.

                                                                                Suspend Offline collection upon new

                                                                                command.

                                                                                Offline surface scan supported.

                                                                                Self-test supported.

                                                                                Conveyance Self-test supported.

                                                                                Selective Self-test supported.

SMART capabilities:            (0x0003)           Saves SMART data before entering

                                                                                power-saving mode.

                                                                                Supports SMART auto save timer.

Error logging capability:        (0x01)             Error logging supported.

                                                                                General Purpose Logging supported.

Short self-test routine

recommended polling time:         (   2) minutes.

Extended self-test routine

recommended polling time:         ( 118) minutes.

Conveyance self-test routine

recommended polling time:         (   5) minutes.

SCT capabilities:                       (0x3035)        SCT Status supported.

                                                                                SCT Feature Control supported.

                                                                                SCT Data Table supported.

 

SMART Attributes Data Structure revision number: 16

Vendor Specific SMART Attributes with Thresholds:

ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE

  1 Raw_Read_Error_Rate     0x002f   200   200   051    Pre-fail  Always       -       104

  3 Spin_Up_Time            0x0027   176   174   021    Pre-fail  Always       -       2200

  4 Start_Stop_Count        0x0032   100   100   000    Old_age   Always       -       17

  5 Reallocated_Sector_Ct   0x0033   200   200   140    Pre-fail  Always       -       0

  7 Seek_Error_Rate         0x002e   200   200   000    Old_age   Always       -       0

  9 Power_On_Hours          0x0032   092   092   000    Old_age   Always       -       5925

 10 Spin_Retry_Count        0x0032   100   253   000    Old_age   Always       -       0

 11 Calibration_Retry_Count 0x0032   100   253   000    Old_age   Always       -       0

 12 Power_Cycle_Count       0x0032   100   100   000    Old_age   Always       -       16

192 Power-Off_Retract_Count 0x0032   200   200   000    Old_age   Always       -       3

193 Load_Cycle_Count        0x0032   200   200   000    Old_age   Always       -       81

194 Temperature_Celsius     0x0022   110   102   000    Old_age   Always       -       33

196 Reallocated_Event_Count 0x0032   200   200   000    Old_age   Always       -       0

197 Current_Pending_Sector  0x0032   200   200   000    Old_age   Always       -       0

198 Offline_Uncorrectable   0x0030   200   200   000    Old_age   Offline      -       0

199 UDMA_CRC_Error_Count    0x0032   200   200   000    Old_age   Always       -       0

200 Multi_Zone_Error_Rate   0x0008   200   200   000    Old_age   Offline      -       6

 

SMART Error Log Version: 1

No Errors Logged

 

SMART Self-test log structure revision number 1

Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error

# 1  Short offline       Completed without error       00%      5925         -

# 2  Short offline       Completed without error       00%      5925         -

 

SMART Selective self-test log data structure revision number 1

 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS

    1        0        0  Not_testing

    2        0        0  Not_testing

    3        0        0  Not_testing

    4        0        0  Not_testing

    5        0        0  Not_testing

Selective self-test flags (0x0):

  After scanning selected spans, do NOT read-scan remainder of disk.

If Selective self-test is pending on power-up, resume after 0 minute delay.

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:09-06-2016
Ran by jake (2016-06-09 14:11:53) Run:2
Running from C:\Users\Admin\Desktop
Loaded Profiles: jake & Steve & Hayley (Available Profiles: setup & jake & Steve & craig1 & Hayley & Administrator & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\...\MountPoints2: {d73527e9-31c2-11e2-97b0-50e549e2b493} - G:\laucher.exe
HKU\S-1-5-21-1888747803-2331596299-1794523272-1008\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.)
SearchScopes: HKU\S-1-5-21-1888747803-2331596299-1794523272-1005 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-1888747803-2331596299-1794523272-1008 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-1888747803-2331596299-1794523272-1005 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1888747803-2331596299-1794523272-1008 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
2016-06-08 11:28 - 2016-06-08 11:28 - 00005004 _____ C:\ProgramData\giiynunu.mau
2016-06-08 11:28 - 2016-06-08 11:28 - 00000016 _____ C:\ProgramData\mntemp
2016-05-30 13:06 - 2012-03-19 13:44 - 00000000 ____D C:\NQES
2012-08-28 17:13 - 2012-08-28 17:13 - 0000008 __RSH () C:\ProgramData\91332E1471.sys
Task: {F40231AC-116A-42D8-BEE4-917B3D28055B} - \{198B3756-9592-4CCC-85E4-305DC6A8D173} -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:618D0840 [272]
Folder: C:\Users\Guest\AppData\Roaming\tsifehid
*****************
 
"HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d73527e9-31c2-11e2-97b0-50e549e2b493}" => key removed successfully
HKCR\CLSID\{d73527e9-31c2-11e2-97b0-50e549e2b493} => key not found. 
HKU\S-1-5-21-1888747803-2331596299-1794523272-1008\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value removed successfully
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1888747803-2331596299-1794523272-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1888747803-2331596299-1794523272-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
HKU\S-1-5-21-1888747803-2331596299-1794523272-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
C:\ProgramData\giiynunu.mau => moved successfully
C:\ProgramData\mntemp => moved successfully
C:\NQES => moved successfully
C:\ProgramData\91332E1471.sys => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F40231AC-116A-42D8-BEE4-917B3D28055B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F40231AC-116A-42D8-BEE4-917B3D28055B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{198B3756-9592-4CCC-85E4-305DC6A8D173}" => key removed successfully
C:\ProgramData\TEMP => ":618D0840" ADS removed successfully.
 
========================= Folder: C:\Users\Guest\AppData\Roaming\tsifehid ========================
 
2016-02-10 21:12 - 2016-01-22 15:59 - 0809109 ___SH () C:\Users\Guest\AppData\Roaming\tsifehid\tsifehid
 
====== End of Folder: ======
 
 
==== End of Fixlog 14:11:53 ====

Edited by Flaming, 09 June 2016 - 12:24 AM.


#8 Flaming

Flaming
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 09 June 2016 - 01:43 AM

Update one of my network drives is no longer reachable. Windows displays the following: 'An error occurred while reconnecting N: to \\Nqesserver\nqes Microsoft Windows Network: The network name cannot be found. The connection has not been restored.' I believe this occurred after running gsmartcontrol.

Using gsmart control i ran multiple short self test and it displays no errors. I ran a short self test on all of my drives, one drive displays an 'uncorrectable error in data' under the error log tab but after running a self test passes 100%.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:59 AM

Posted 09 June 2016 - 08:59 AM

Greetings.

That error is because of the Fixlist rather than GSmart. We will reverse the cause of that error.

Though there are a couple of items in the GSmart report noting some errors, overall your main hard drive looks fine.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
RestoreQuarantine: C:\FRST\Quarantine\C:\NQES
C:\Windows\System32\Rdpssw32.exe
C:\Users\Guest\AppData\Roaming\tsifehid
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Check for your network drive
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlist
  • Is your network drive visible again?
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Flaming

Flaming
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 09 June 2016 - 06:34 PM

I ran farbar with the copied code and it restored everything but 'C:\FRST\Quarantine\C:\NQES' citing that it was unable to find. Noticed there was a colon after the second C which i assume was wrong, removed it and reran it. The folder 'NQES' is now empty in the quarantine folder so i assume this has moved it wherever it was suppose to go. 
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:09-06-2016
Ran by jake (2016-06-10 09:18:36) Run:3
Running from C:\Users\Admin\Desktop
Loaded Profiles: jake (Available Profiles: setup & jake & Steve & craig1 & Hayley & Administrator & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
RestoreQuarantine: C:\FRST\Quarantine\C:\NQES
C:\Windows\System32\Rdpssw32.exe
C:\Users\Guest\AppData\Roaming\tsifehid
*****************
 
"C:\FRST\Quarantine\C:\NQES"=> path not found.
C:\Windows\System32\Rdpssw32.exe => moved successfully
C:\Users\Guest\AppData\Roaming\tsifehid => moved successfully
 
==== End of Fixlog 09:18:36 ====
 
 
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:09-06-2016
Ran by jake (2016-06-10 09:25:09) Run:4
Running from C:\Users\Admin\Desktop
Loaded Profiles: jake (Available Profiles: setup & jake & Steve & craig1 & Hayley & Administrator & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
RestoreQuarantine: C:\FRST\Quarantine\C\NQES
 
*****************
 
RestoreQuarantine: C:\FRST\Quarantine\C\NQES=> Restoring from Quarantine completed.
 
==== End of Fixlog 09:26:43 ====
 
 
Network drive remains with the same error message and it unreachable. Computer seems to be running normally.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:59 AM

Posted 10 June 2016 - 08:48 AM

Please do this.

===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Right-click SystemLook.exe and select Run as administrator...
  • Copy the content of the following codebox into the main textfield:
:folderfind
NQES
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • SystemLook report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:59 AM

Posted 13 June 2016 - 08:54 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Flaming

Flaming
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 13 June 2016 - 06:29 PM

Apologies, ive been away from the office for a few days, last friday my IT guy just happened to be passing by and stopped in and restored the folder and networked drive.

After another sophos scan it returned 1 locked file.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:59 AM

Posted 13 June 2016 - 07:25 PM

Greetings,

What was the locked file?

How is your computer running?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Flaming

Flaming
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 13 June 2016 - 07:30 PM

The file is under the path C:\Program Files (x86)\Netguard\WebContent and simply called lock with a file size of 0KB.

Computer appears to be running smoothly






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users