Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Been fighting this infection for over a year now (PID: 6176) [T-HEUR]


  • Please log in to reply
27 replies to this topic

#1 insidesjds

insidesjds

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 06 June 2016 - 09:31 AM

Hi, I've had this virus for a over a year now, I thought I removed it recently but it's back and affecting both home computers. It's disabled my keyboard on my all-in-one touch screen and now seems to cause a noDNS issue so we have no internet connection for hours at a time. The scanners picked up something then the computer randomly restarted without letting the program remove the virus. Having a whole list of other issues/symptoms, this should be interesting to see what's actually causing these issues. Any help is greatly appreciated. I'll be sure to check back for a reply frequently if the noDNS issues doesn't happen again. Let me know what scans you'd like me to run and what I should post. Thanks!

 

 

 

Adware.JavaCore/NoDNS

 

 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 PM

Posted 07 June 2016 - 08:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.

#3 insidesjds

insidesjds
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 07 June 2016 - 10:53 AM

Hi, here are the scan requests for the first computer...

 

Malwarebytes Anti-Malware ////////////////////////////////////////////////
www.malwarebytes.org

Scan Date: 6/7/2016
Scan Time: 10:11 AM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.07.05
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Point Presenter

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 295696
Time Elapsed: 6 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

ADWCLEANER /////////////////////////////////////

 

# AdwCleaner v5.119 - Logfile created 07/06/2016 at 10:37:58
# Updated 30/05/2016 by Xplode
# Database : 2016-06-07.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Point Presenter - POINTPRESENTER
# Running from : C:\Users\Point Presenter\Desktop\adwcleaner_5.119.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [670 bytes] - [07/06/2016 10:37:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [742 bytes] ##########
 

 

 

 

FRST ////////////////////////////////////

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-06-2016
Ran by Point Presenter (administrator) on POINTPRESENTER (07-06-2016 10:48:31)
Running from C:\Users\Point Presenter\Desktop
Loaded Profiles: Point Presenter (Available Profiles: Point Presenter)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(McAfee Inc.) C:\Program Files\McAfee\Real Protect\RealProtect.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Google Inc.) C:\Users\Point Presenter\AppData\Local\Google\Update\GoogleUpdate.exe
(CyberGhost S.R.L.) C:\Program Files\CyberGhost 5\CyberGhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Malware Hunter\mhtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Glarysoft\Malware Hunter\Avira\avupdate.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\upgrade.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-03-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2313408 2016-04-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MalTray] => C:\Program Files (x86)\Glarysoft\Malware Hunter\mhtray.exe [818640 2016-05-16] (Glarysoft Ltd)
HKLM\...\RunOnce: [RealProtect] => C:\Program Files\McAfee\Real Protect\RealProtect.exe [1720176 2016-06-05] (McAfee Inc.)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2016-05-15] (Glarysoft Ltd)
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-06-06] (SUPERAntiSpyware)
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\Run: [Google Update] => C:\Users\Point Presenter\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-02-17] (Google Inc.)
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [426600 2016-01-11] (CyberGhost S.R.L.)
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\RunOnce: [Uninstall C:\Users\Point Presenter\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Point Presenter\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64"
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\RunOnce: [Uninstall C:\Users\Point Presenter\AppData\Local\Microsoft\OneDrive\17.3.4604.0120] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Point Presenter\AppData\Local\Microsoft\OneDrive\17.3.4604.0120"
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
BootExecute: autocheck autochk *  

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.30.10.1 192.168.1.1 192.168.11.1
Tcpip\..\Interfaces\{09E2227C-E842-4BBA-84C6-044503013384}: [DhcpNameServer] 172.30.10.1 192.168.1.1 192.168.11.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =  hxxp://www.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =  hxxp://home.microsoft.com/search/search.asp
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\Software\Microsoft\Internet Explorer\Main,Search Page =  hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://home.microsoft.com/search/search.asp
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://home.microsoft.com/search/lobby/search.asp
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000 -> DefaultScope {3D62D761-B607-49E3-A288-C5F3E1A72E25} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-05-15] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-05-15] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-15] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-15] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Point Presenter\AppData\Roaming\Mozilla\Firefox\Profiles\t4qnqf8a.default-1459475566637
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-06-01] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-04-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-01] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-04-07] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2896009937-3692183909-1683361069-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Point Presenter\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-04-07] (Citrix Online)
FF Plugin HKU\S-1-5-21-2896009937-3692183909-1683361069-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Point Presenter\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2896009937-3692183909-1683361069-1000: @talk.google.com/O1DPlugin -> C:\Users\Point Presenter\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2896009937-3692183909-1683361069-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Point Presenter\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2896009937-3692183909-1683361069-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Point Presenter\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Point Presenter\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Point Presenter\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Flash and Video Download - C:\Users\Point Presenter\AppData\Roaming\Mozilla\Firefox\Profiles\t4qnqf8a.default-1459475566637\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-05-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [694464 2016-04-07] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65128 2016-01-11] (CyberGhost S.R.L)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2911472 2016-05-15] (Microsoft Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2016-03-02] (Bitdefender)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-05-19] (SurfRight B.V.)
R2 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
S3 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [947640 2016-03-30] (Bitdefender)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 372032F16; C:\Windows\System32\drivers\372032F16.sys [478392 2016-05-13] (Kaspersky Lab ZAO)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2016-02-16] (Glarysoft Ltd)
S3 GUMHFilter; C:\Windows\System32\DRIVERS\GUMHFilter.sys [20096 2016-02-18] (GlarySoft Ltd)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 O2MDFRDR; \SystemRoot\system32\drivers\O2MDFw7x64.sys [X]
S3 O2MDRRDR; \SystemRoot\system32\drivers\O2MDRw7x64.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\372032F16.sys BEE1682DA217A4AD46C36896769AA580
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\Apfiltr.sys 151FC56EC8B8ADD08FEC21A31C50AA2C
C:\Windows\system32\drivers\appid.sys CDB8DFAF0506B9AF2D2655056DD2B5F2
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avc3.sys AAE1DAE483DD57D0E267FCA42FCB5133
C:\Windows\System32\DRIVERS\avckf.sys 8183B715BD56561C27BEBB68B1192B7A
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys 4306FB2812531F803EA7733EF95251C9
C:\Windows\System32\drivers\BCM42RLY.sys 5A97BAF441076668D01748144D41F874
C:\Windows\System32\DRIVERS\bcmwl664.sys FBC76C8D561D0AD159EF9452D9F328F6
C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys C0247341C1BCD7FF2742821D0AD7AFBC
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys CA3FB5A6B626D8A00A89E049CF95954E
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dcdbas64.sys E1617EC33B0B88FEC429BF6EB7B9FA52
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\GUBootStartup.sys C06C3D6C5A0805B314E3E940632C97CB
C:\Windows\System32\DRIVERS\GUMHFilter.sys 220DC620AFC08310A8387517BEF3043A
C:\Windows\System32\DRIVERS\gzflt.sys 408B664926675C270D911160F1631D6B
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys CCFA835960E35F30D28A868E0B3B8722
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 3FB253E8059A1AAC3A8B83A31D094CC5
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\IntcDAud.sys 6C9FFFECA9FED31347D211C5D1FFBD2D
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\iusb3hcs.sys 75779002A6084C1A011E195E421A9C75
C:\Windows\System32\DRIVERS\iusb3hub.sys F390B641FE6115F536B8B78AA71B8814
C:\Windows\System32\DRIVERS\iusb3xhc.sys 653B86AA174FF7661D00EE1E524B234F
C:\Windows\System32\DRIVERS\ivusb.sys BD5BF20EC242E003A2F570B8754A56D1
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys DBCC3CC3A47786DC105B76F3DE21CD86
C:\Windows\System32\Drivers\ksecpkg.sys 1B138629A113D8C5FEEB7B4EC4A54372
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys D71FD7A4FDB01C554AE144037B688DF1
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys D7ADC2B83CA0B0381F75A98351F72CEE
C:\Windows\System32\DRIVERS\mrxsmb.sys B7264C444D6F3E5B2D10FC23D3B1035E
C:\Windows\System32\DRIVERS\mrxsmb10.sys DBFF2DE9612D2CE3A91B6C5A8D5147ED
C:\Windows\System32\DRIVERS\mrxsmb20.sys 5E36F5DB9D77773DEDBEF61A20BD9F4E
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netvsc60.sys 73CE12B8BDD747B0063CB0A7EF44CEA7
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 47B2D0B31BDC3EBE6090228E2BA3764D
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\stdcfltn.sys E4EA2412FB1B8AEE33667A9CC6D456A4
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys B1EFA62F5C0E4D3C39E24358FA40CC44
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ST_ACCEL.sys 8BA37304516F9B637FB140DD58B5D88C
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VMBusVideoM.sys 4CDD7DF58730D23BA9CB5829A6E2ECEA
C:\Windows\System32\DRIVERS\tap0901.sys 3C32FF010F869BC184DF71290477384E
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\trufos.sys 132C0E39AF0312E6B9611E2E1B344D41
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 91D3C92A44FC682DD791147604E79152
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys F7FFDF2A1D19A76A87759126B244C816
C:\Windows\System32\DRIVERS\usbhub.sys 245FE7FC634D6A993E682E0A9EBA4ABB
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-07 10:48 - 2016-06-07 10:48 - 00034551 _____ C:\Users\Point Presenter\Desktop\FRST.txt
2016-06-07 10:47 - 2016-06-07 10:47 - 00000981 _____ C:\Users\Point Presenter\Desktop\AdwCleaner[C1].txt
2016-06-07 10:42 - 2016-06-07 10:42 - 02385408 _____ (Farbar) C:\Users\Point Presenter\Desktop\FRST64.exe
2016-06-07 10:39 - 2016-06-07 10:39 - 00000820 _____ C:\Users\Point Presenter\Desktop\AdwCleaner[S1].txt
2016-06-07 10:35 - 2016-06-07 10:43 - 00000000 ____D C:\AdwCleaner
2016-06-07 10:33 - 2016-06-07 10:35 - 03677248 _____ C:\Users\Point Presenter\Desktop\adwcleaner_5.119.exe
2016-06-07 10:19 - 2016-06-07 10:19 - 00001061 _____ C:\Users\Point Presenter\Desktop\MBAM.txt
2016-06-07 09:58 - 2016-06-07 09:58 - 00003706 _____ C:\Users\Point Presenter\Desktop\BeepingComp.txt
2016-06-07 09:48 - 2016-06-07 09:51 - 22851472 _____ (Malwarebytes ) C:\Users\Point Presenter\Desktop\mbam-setup-2.2.1.1043.exe
2016-06-06 16:12 - 2016-06-06 16:14 - 00000000 ____D C:\Users\Point Presenter\AppData\Local\CyberGhost
2016-06-06 16:11 - 2016-06-06 16:12 - 00000000 ____D C:\Program Files\TAP-Windows
2016-06-06 16:11 - 2016-06-06 16:12 - 00000000 ____D C:\Program Files\CyberGhost 5
2016-06-06 16:11 - 2016-06-06 16:11 - 00001730 _____ C:\Users\Point Presenter\Desktop\CyberGhost 5.lnk
2016-06-06 16:11 - 2016-06-06 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2016-06-06 11:34 - 2016-06-06 11:34 - 00001456 _____ C:\Users\Point Presenter\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-06-05 21:55 - 2016-06-05 21:55 - 00000000 ____D C:\Users\Point Presenter\AppData\Local\Wave Systems Corp
2016-06-05 21:54 - 2016-06-05 21:54 - 00000000 ____D C:\Users\Point Presenter\AppData\Roaming\Wave Systems Corp
2016-06-05 21:22 - 2016-06-05 21:28 - 03701022 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_21.22.01_log.txt
2016-06-05 21:18 - 2016-06-05 21:18 - 00004336 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_21.18.04_log.txt
2016-06-05 21:10 - 2016-06-05 21:10 - 00003160 _____ C:\Windows\System32\Tasks\SidebarExecute
2016-06-05 20:47 - 2016-06-07 09:17 - 00000530 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9ae713fd-adfe-472e-810d-b6962bff01c3.job
2016-06-05 20:47 - 2016-06-07 02:00 - 00000530 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1308d252-d0aa-4cc2-845a-beb5db4a32b8.job
2016-06-05 20:47 - 2016-06-05 20:47 - 00003640 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 1308d252-d0aa-4cc2-845a-beb5db4a32b8
2016-06-05 20:47 - 2016-06-05 20:47 - 00003566 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 9ae713fd-adfe-472e-810d-b6962bff01c3
2016-06-05 20:46 - 2016-06-07 10:44 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-06-05 20:46 - 2016-06-05 20:46 - 00001810 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-06-05 20:46 - 2016-06-05 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-06-05 20:17 - 2016-06-05 20:18 - 00419270 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_20.17.11_log.txt
2016-06-05 20:16 - 2016-06-07 02:00 - 00000000 ____D C:\Users\Point Presenter\AppData\Local\Adobe
2016-06-05 19:56 - 2016-06-05 20:03 - 00003888 _____ C:\Windows\ntbtlog.txt
2016-06-05 19:41 - 2016-06-05 19:42 - 01285596 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_19.41.11_log.txt
2016-06-05 19:38 - 2016-06-05 19:39 - 01440136 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_19.38.09_log.txt
2016-06-05 19:27 - 2016-06-05 19:27 - 00079148 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_19.27.15_log.txt
2016-06-05 19:23 - 2016-06-05 19:23 - 00004336 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_19.23.14_log.txt
2016-06-05 19:21 - 2016-06-05 19:22 - 00212652 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_19.21.05_log.txt
2016-06-05 18:22 - 2016-06-05 18:22 - 00000207 _____ C:\Windows\tweaking.com-regbackup-POINTPRESENTER-Windows-7-Professional-(64-bit).dat
2016-06-05 18:22 - 2016-06-05 18:22 - 00000000 ____D C:\RegBackup
2016-06-05 18:11 - 2016-06-05 18:11 - 00003686 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2016-06-05 18:11 - 2016-06-05 18:11 - 00002165 _____ C:\Users\Point Presenter\Desktop\Tweaking.com - Windows Repair.lnk
2016-06-05 18:11 - 2016-06-05 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-06-05 18:11 - 2016-06-05 18:11 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-06-05 12:44 - 2016-06-05 12:44 - 00050688 _____ (Atribune.org) C:\Users\Point Presenter\Desktop\ATF-Cleaner.exe
2016-06-05 12:34 - 2016-06-05 12:34 - 01610816 _____ (Malwarebytes) C:\Users\Point Presenter\Desktop\JRT.exe
2016-06-05 12:33 - 2016-06-05 12:33 - 00427648 _____ (Bleeping Computer, LLC) C:\Users\Point Presenter\Desktop\unhide.exe
2016-06-05 12:20 - 2016-06-05 12:25 - 21381936 _____ (Tweaking.com) C:\Users\Point Presenter\Desktop\tweaking.com_windows_repair_aio_setup.exe
2016-06-05 09:32 - 2016-06-05 09:33 - 00211260 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_09.32.19_log.txt
2016-06-05 09:27 - 2016-06-05 10:07 - 00000819 _____ C:\Users\Point Presenter\Downloads\Stinger_05062016_092711.html
2016-06-05 09:27 - 2016-06-05 09:27 - 01009388 _____ C:\Users\Point Presenter\Downloads\runtime.dat
2016-06-05 06:45 - 2016-06-05 06:46 - 00213260 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_06.45.33_log.txt
2016-06-05 06:32 - 2016-06-05 06:33 - 00910766 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_06.32.48_log.txt
2016-06-05 06:10 - 2016-06-05 06:11 - 00211332 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_06.10.56_log.txt
2016-06-05 06:10 - 2016-06-05 06:10 - 00211332 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_06.10.05_log.txt
2016-06-05 06:09 - 2016-06-05 06:10 - 00211332 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_06.09.41_log.txt
2016-06-05 00:15 - 2016-06-05 00:15 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\Point Presenter\Desktop\rkill64-22114.exe
2016-06-04 23:53 - 2016-06-04 23:53 - 00145310 _____ C:\TDSSKiller.3.1.0.9_04.06.2016_23.53.01_log.txt
2016-06-04 23:42 - 2016-06-04 23:42 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\Point Presenter\Desktop\rkill64.exe
2016-06-04 01:16 - 2016-06-04 01:17 - 00213884 _____ C:\TDSSKiller.3.1.0.9_04.06.2016_01.16.35_log.txt
2016-06-04 01:15 - 2016-06-04 01:16 - 00213884 _____ C:\TDSSKiller.3.1.0.9_04.06.2016_01.15.18_log.txt
2016-06-04 01:07 - 2016-06-04 01:08 - 00212268 _____ C:\TDSSKiller.3.1.0.9_04.06.2016_01.07.44_log.txt
2016-06-04 01:07 - 2016-06-04 01:07 - 00212268 _____ C:\TDSSKiller.3.1.0.9_04.06.2016_01.07.12_log.txt
2016-06-04 00:50 - 2016-06-04 00:51 - 00214644 _____ C:\TDSSKiller.3.1.0.9_04.06.2016_00.50.38_log.txt
2016-06-02 10:45 - 2016-06-02 10:47 - 00216002 _____ C:\TDSSKiller.3.1.0.9_02.06.2016_10.45.29_log.txt
2016-06-02 00:00 - 2016-06-02 00:03 - 16277288 _____ C:\Users\Point Presenter\Downloads\Glary_Utilities_v5.52.0.73.exe
2016-06-01 23:49 - 2016-06-07 10:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-01 23:49 - 2016-06-02 01:03 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-01 23:49 - 2016-06-01 23:49 - 01193680 _____ (Adobe Systems Incorporated) C:\Users\Point Presenter\Downloads\flashplayer21_xa_install(1).exe
2016-06-01 19:06 - 2016-06-01 19:06 - 00000950 _____ C:\Users\Point Presenter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2016-06-01 19:06 - 2016-06-01 19:06 - 00000942 _____ C:\Users\Point Presenter\Desktop\join.me.lnk
2016-06-01 18:18 - 2016-06-04 23:45 - 00000000 ____D C:\Users\Point Presenter\AppData\Local\join.me.launcher
2016-06-01 16:38 - 2016-06-01 19:06 - 00000000 ____D C:\Users\Point Presenter\AppData\Local\join.me
2016-06-01 16:30 - 2016-06-01 16:33 - 16029456 _____ (LogMeIn, Inc.) C:\Users\Point Presenter\Desktop\join.me.exe
2016-05-29 19:27 - 2016-05-29 19:34 - 00219798 _____ C:\TDSSKiller.3.1.0.9_29.05.2016_19.27.25_log.txt
2016-05-29 12:49 - 2016-05-29 12:49 - 02388240 _____ (Rothenberger & Partner ) C:\Users\Point Presenter\Downloads\RivaFLVPlayerSetup.exe
2016-05-29 12:37 - 2016-05-29 12:37 - 00000000 ____D C:\Users\Point Presenter\dwhelper
2016-05-28 20:47 - 2016-05-28 20:48 - 00002900 _____ C:\Windows\system32\lic2.xml10936
2016-05-28 17:29 - 2016-05-28 17:33 - 41763456 _____ (Skype Technologies S.A.) C:\Users\Point Presenter\Downloads\Skype_v7.24.0.104.exe
2016-05-26 19:51 - 2016-05-26 19:59 - 01991738 _____ C:\TDSSKiller.3.1.0.9_26.05.2016_19.51.40_log.txt
2016-05-26 19:48 - 2016-05-26 19:49 - 00004332 _____ C:\TDSSKiller.3.1.0.9_26.05.2016_19.48.54_log.txt
2016-05-26 18:34 - 2016-05-26 18:34 - 00215328 _____ C:\TDSSKiller.3.1.0.9_26.05.2016_18.34.23_log.txt
2016-05-26 18:33 - 2016-06-05 06:46 - 00000000 ____D C:\Program Files\stinger
2016-05-26 17:26 - 2016-05-26 17:26 - 00214716 _____ C:\TDSSKiller.3.1.0.9_26.05.2016_17.26.21_log.txt
2016-05-26 17:17 - 2016-05-26 17:17 - 00004646 _____ C:\TDSSKiller.3.1.0.9_26.05.2016_17.17.06_log.txt
2016-05-26 17:08 - 2016-05-26 17:09 - 00425610 _____ C:\TDSSKiller.3.1.0.9_26.05.2016_17.08.54_log.txt
2016-05-26 16:59 - 2016-05-26 17:00 - 00217782 _____ C:\TDSSKiller.3.1.0.9_26.05.2016_16.59.36_log.txt
2016-05-25 14:42 - 2016-05-25 14:45 - 00221768 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_14.42.50_log.txt
2016-05-24 22:02 - 2016-05-24 22:03 - 00218256 _____ C:\TDSSKiller.3.1.0.9_24.05.2016_22.02.02_log.txt
2016-05-23 17:22 - 2016-05-23 17:22 - 00001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-05-23 11:46 - 2016-05-23 13:09 - 45645647 _____ C:\Users\Point Presenter\Downloads\brand-rep-bin.zip.0j9b72g.partial
2016-05-20 17:30 - 2016-05-20 18:12 - 00220382 _____ C:\TDSSKiller.3.1.0.9_20.05.2016_17.30.31_log.txt
2016-05-20 17:16 - 2016-05-20 17:27 - 16276912 _____ C:\Users\Point Presenter\Downloads\Glary_Utilities_v5.51.0.71.exe
2016-05-19 15:50 - 2016-05-19 15:51 - 00214246 _____ C:\TDSSKiller.3.1.0.9_19.05.2016_15.50.36_log.txt
2016-05-19 15:29 - 2016-05-19 15:30 - 00424582 _____ C:\TDSSKiller.3.1.0.9_19.05.2016_15.29.34_log.txt
2016-05-19 13:43 - 2016-05-19 13:44 - 00219144 _____ C:\TDSSKiller.3.1.0.9_19.05.2016_13.43.05_log.txt
2016-05-18 14:38 - 2016-06-07 10:48 - 00000000 ____D C:\FRST
2016-05-18 11:34 - 2016-06-06 15:57 - 00023699 _____ C:\Users\Point Presenter\Desktop\DO-DILLY.txt
2016-05-17 21:54 - 2016-05-17 22:00 - 00218688 _____ C:\TDSSKiller.3.1.0.9_17.05.2016_21.54.52_log.txt
2016-05-17 21:46 - 2016-05-17 21:54 - 00429654 _____ C:\TDSSKiller.3.1.0.9_17.05.2016_21.46.02_log.txt
2016-05-17 11:42 - 2016-05-17 11:43 - 00212930 _____ C:\TDSSKiller.3.1.0.9_17.05.2016_11.42.40_log.txt
2016-05-17 11:42 - 2016-05-17 11:42 - 00213018 _____ C:\TDSSKiller.3.1.0.9_17.05.2016_11.42.08_log.txt
2016-05-17 10:54 - 2016-05-17 11:29 - 00000000 ____D C:\Users\Point Presenter\Documents\WP
2016-05-17 09:37 - 2016-05-17 09:37 - 01071089 _____ C:\Users\Point Presenter\Documents\happy-birthday-nikki.psd
2016-05-16 22:12 - 2016-05-16 23:32 - 97228200 _____ (Kaspersky Lab ZAO) C:\Users\Point Presenter\Desktop\KVRT5.exe
2016-05-16 22:01 - 2016-05-16 23:58 - 97228200 _____ (Kaspersky Lab ZAO) C:\Users\Point Presenter\Desktop\KVRT(1).exe
2016-05-16 21:56 - 2016-05-16 21:57 - 00221076 _____ C:\TDSSKiller.3.1.0.9_16.05.2016_21.56.12_log.txt
2016-05-16 21:48 - 2016-05-16 21:50 - 00215730 _____ C:\TDSSKiller.3.1.0.9_16.05.2016_21.48.04_log.txt
2016-05-16 21:47 - 2016-05-16 21:47 - 00143162 _____ C:\TDSSKiller.3.1.0.9_16.05.2016_21.47.15_log.txt
2016-05-16 17:19 - 2016-05-16 17:27 - 09757920 _____ (CyberGhost S.R.L. ) C:\Users\Point Presenter\Downloads\CG_5.5.1.3.exe
2016-05-16 08:37 - 2016-05-16 08:37 - 00036864 _____ C:\Users\Point Presenter\Documents\Amazon Selling Service.msg
2016-05-15 09:50 - 2016-05-15 09:56 - 00215738 _____ C:\TDSSKiller.3.1.0.9_15.05.2016_09.50.46_log.txt
2016-05-15 01:15 - 2016-05-15 01:43 - 00218258 _____ C:\TDSSKiller.3.1.0.9_15.05.2016_01.15.39_log.txt
2016-05-15 01:01 - 2016-05-15 01:04 - 40796160 _____ C:\Users\Point Presenter\Downloads\Skype_v7.23.0.105.msi
2016-05-15 00:57 - 2016-05-15 01:08 - 00426292 _____ C:\TDSSKiller.3.1.0.9_15.05.2016_00.57.04_log.txt
2016-05-14 21:10 - 2016-05-14 21:26 - 15714160 _____ (McAfee Inc) C:\Users\Point Presenter\Desktop\pinatas123.exe
2016-05-14 21:08 - 2016-05-14 21:09 - 00217672 _____ C:\TDSSKiller.3.1.0.9_14.05.2016_21.08.02_log.txt
2016-05-14 20:53 - 2016-05-14 20:55 - 00215750 _____ C:\TDSSKiller.3.1.0.9_14.05.2016_20.53.22_log.txt
2016-05-14 15:53 - 2016-05-14 16:09 - 00015739 _____ C:\Users\Point Presenter\Documents\usadoglist.html
2016-05-14 06:49 - 2016-05-14 06:49 - 00001866 _____ C:\Users\Point Presenter\Documents\doggy-style.css
2016-05-14 06:42 - 2016-05-14 06:42 - 00023949 _____ C:\Users\Point Presenter\Documents\usadoglist.com
2016-05-13 16:05 - 2016-05-13 16:06 - 00215730 _____ C:\TDSSKiller.3.1.0.9_13.05.2016_16.05.37_log.txt
2016-05-13 14:48 - 2016-05-13 16:04 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\05D66E1A.sys
2016-05-13 14:47 - 2016-05-13 14:49 - 00839376 _____ C:\TDSSKiller.3.1.0.9_13.05.2016_14.47.49_log.txt
2016-05-13 14:45 - 2016-05-13 14:45 - 00887308 _____ C:\TDSSKiller.3.1.0.9_13.05.2016_14.45.04_log.txt
2016-05-13 14:41 - 2016-05-13 14:43 - 00219096 _____ C:\TDSSKiller.3.1.0.9_13.05.2016_14.41.49_log.txt
2016-05-13 14:38 - 2016-05-13 14:38 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\372032F16.sys
2016-05-13 14:36 - 2016-05-13 14:36 - 00211816 _____ C:\TDSSKiller.3.1.0.9_13.05.2016_14.36.20_log.txt
2016-05-13 14:10 - 2016-05-13 14:10 - 00004170 _____ C:\TDSSKiller.3.1.0.9_13.05.2016_14.10.34_log.txt
2016-05-13 13:25 - 2016-05-13 13:26 - 00215198 _____ C:\TDSSKiller.3.1.0.9_13.05.2016_13.25.38_log.txt
2016-05-13 13:19 - 2016-05-13 13:21 - 00354710 _____ C:\TDSSKiller.3.1.0.9_13.05.2016_13.19.02_log.txt
2016-05-13 13:18 - 2016-05-13 13:18 - 00212334 _____ C:\TDSSKiller.3.1.0.9_13.05.2016_13.18.12_log.txt
2016-05-13 13:09 - 2016-05-13 13:17 - 00596066 _____ C:\TDSSKiller.3.1.0.9_13.05.2016_13.09.01_log.txt
2016-05-13 12:27 - 2016-05-13 12:27 - 00000000 ____D C:\KVRT_Data
2016-05-13 11:17 - 2016-05-13 12:26 - 96706984 _____ (Kaspersky Lab ZAO) C:\Users\Point Presenter\Desktop\KVRT.exe
2016-05-13 11:14 - 2016-05-13 11:14 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Point Presenter\Desktop\tdsskiller2.exe
2016-05-13 11:13 - 2016-05-13 11:14 - 00214840 _____ C:\TDSSKiller.3.1.0.9_13.05.2016_11.13.33_log.txt
2016-05-13 11:13 - 2016-05-13 11:13 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Point Presenter\Desktop\pinata2222.exe
2016-05-13 11:12 - 2016-05-13 11:12 - 00001062 _____ C:\scan2.txt
2016-05-13 10:40 - 2016-05-13 10:53 - 22851472 _____ (Malwarebytes ) C:\Users\Point Presenter\Desktop\pinatas.exe
2016-05-13 10:35 - 2016-05-13 10:38 - 00421000 _____ C:\TDSSKiller.3.1.0.9_13.05.2016_10.35.09_log.txt
2016-05-13 10:30 - 2016-05-13 10:32 - 00211306 _____ C:\TDSSKiller.3.1.0.9_13.05.2016_10.30.22_log.txt
2016-05-13 09:59 - 2016-05-13 13:54 - 00000000 ____D C:\Users\Point Presenter\Documents\HOSTFORWEB
2016-05-12 19:33 - 2016-05-12 19:34 - 00415676 _____ C:\TDSSKiller.3.1.0.9_12.05.2016_19.33.50_log.txt
2016-05-12 19:30 - 2016-05-12 19:32 - 00621304 _____ C:\TDSSKiller.3.1.0.9_12.05.2016_19.30.25_log.txt
2016-05-12 19:26 - 2016-05-12 19:27 - 00415556 _____ C:\TDSSKiller.3.1.0.9_12.05.2016_19.26.52_log.txt
2016-05-12 18:57 - 2016-05-12 18:59 - 00414606 _____ C:\TDSSKiller.3.1.0.9_12.05.2016_18.57.24_log.txt
2016-05-11 23:46 - 2016-05-12 09:13 - 01456058 _____ C:\TDSSKiller.3.1.0.9_11.05.2016_23.46.04_log.txt
2016-05-11 10:26 - 2016-05-11 10:27 - 00212470 _____ C:\TDSSKiller.3.1.0.9_11.05.2016_10.26.47_log.txt
2016-05-11 10:24 - 2016-05-11 10:24 - 00211288 _____ C:\TDSSKiller.3.1.0.9_11.05.2016_10.24.15_log.txt
2016-05-09 20:05 - 2016-05-10 11:09 - 02035766 _____ C:\Users\Point Presenter\Documents\78-honda-xl500s.psd
2016-05-09 11:14 - 2016-05-20 21:57 - 00001098 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2016-05-09 10:50 - 2016-05-09 11:00 - 16232896 _____ C:\Users\Point Presenter\Downloads\Glary_Utilities_v5.50.0.70.exe
2016-05-09 10:44 - 2016-05-26 20:03 - 00001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malware Hunter.lnk
2016-05-06 12:09 - 2016-05-06 12:09 - 00002178 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk
2016-05-06 12:09 - 2016-05-06 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2016-05-06 12:09 - 2013-04-17 13:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2016-05-06 12:09 - 2013-04-17 13:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2016-05-06 12:06 - 2016-05-06 12:09 - 00000000 ____D C:\Program Files\Bitdefender
2016-05-06 12:06 - 2013-05-28 11:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2016-05-06 12:06 - 2013-04-22 12:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2016-05-06 12:04 - 2016-05-06 12:06 - 10606640 _____ C:\Users\Point Presenter\Desktop\Antivirus_Free_Edition_x64.exe
2016-05-06 12:04 - 2016-05-06 12:04 - 00196944 _____ C:\Users\Point Presenter\Desktop\Antivirus_Free_Edition.exe
2016-05-06 10:22 - 2016-05-06 11:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-05-05 23:24 - 2016-05-05 23:24 - 00209402 _____ C:\TDSSKiller.3.1.0.9_05.05.2016_23.24.27_log.txt
2016-05-05 23:22 - 2016-05-05 23:23 - 00210840 _____ C:\TDSSKiller.3.1.0.9_05.05.2016_23.22.20_log.txt
2016-05-03 17:40 - 2016-05-03 19:39 - 00000000 ____D C:\Users\Point Presenter\AppData\Roaming\FileZilla
2016-05-03 17:40 - 2016-05-03 17:40 - 00002099 _____ C:\Users\Point Presenter\Desktop\FileZilla Client.lnk
2016-05-03 17:40 - 2016-05-03 17:40 - 00000000 ____D C:\Users\Point Presenter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-05-03 17:40 - 2016-05-03 17:40 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2016-05-03 17:39 - 2016-05-03 17:40 - 06292952 _____ (Tim Kosse) C:\Users\Point Presenter\Downloads\FileZilla_3.17.0_win32-setup.exe
2016-05-03 13:12 - 2016-03-31 14:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-03 13:12 - 2016-03-31 13:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-03 13:12 - 2016-03-30 19:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-03 13:12 - 2016-03-30 19:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-03 13:12 - 2016-03-30 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-03 13:12 - 2016-03-30 19:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-03 13:12 - 2016-03-30 19:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-03 13:12 - 2016-03-30 19:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-03 13:12 - 2016-03-30 19:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-03 13:12 - 2016-03-30 19:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-03 13:12 - 2016-03-30 19:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-03 13:12 - 2016-03-30 19:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-03 13:12 - 2016-03-30 19:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-03 13:12 - 2016-03-30 19:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-03 13:12 - 2016-03-30 19:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-03 13:12 - 2016-03-30 19:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-03 13:12 - 2016-03-30 19:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-03 13:12 - 2016-03-30 19:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-03 13:12 - 2016-03-30 19:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-03 13:12 - 2016-03-30 19:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-03 13:12 - 2016-03-30 19:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-03 13:12 - 2016-03-30 19:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-03 13:12 - 2016-03-30 19:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-03 13:12 - 2016-03-30 19:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-03 13:12 - 2016-03-30 18:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-03 13:12 - 2016-03-30 18:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-03 13:12 - 2016-03-30 18:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-03 13:12 - 2016-03-30 18:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-03 13:12 - 2016-03-30 18:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-03 13:12 - 2016-03-30 18:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-03 13:12 - 2016-03-30 18:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-03 13:12 - 2016-03-30 18:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-03 13:12 - 2016-03-30 18:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-03 13:12 - 2016-03-30 18:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-03 13:12 - 2016-03-30 18:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-03 13:12 - 2016-03-30 18:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-03 13:12 - 2016-03-30 18:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-03 13:12 - 2016-03-30 18:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-03 13:12 - 2016-03-30 18:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-03 13:12 - 2016-03-30 18:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-03 13:12 - 2016-03-30 18:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-03 13:12 - 2016-03-30 18:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-03 13:12 - 2016-03-30 18:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-03 13:12 - 2016-03-30 18:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-03 13:12 - 2016-03-30 18:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-03 13:12 - 2016-03-30 18:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-03 13:12 - 2016-03-30 18:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-03 13:12 - 2016-03-30 18:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-03 13:12 - 2016-03-30 18:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-03 13:12 - 2016-03-30 18:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-03 13:12 - 2016-03-30 18:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-03 13:12 - 2016-03-30 18:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-03 13:12 - 2016-03-30 18:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-03 13:12 - 2016-03-30 18:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-03 13:12 - 2016-03-30 18:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-03 13:12 - 2016-03-30 18:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-03 13:12 - 2016-03-30 18:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-03 13:12 - 2016-03-30 18:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-03 13:12 - 2016-03-30 18:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-03 13:12 - 2016-03-30 18:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-03 13:12 - 2016-03-30 18:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-03 13:12 - 2016-03-30 18:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-03 13:12 - 2016-03-30 18:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-03 13:12 - 2016-03-30 18:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-03 13:12 - 2016-03-30 18:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-03 13:12 - 2016-03-30 18:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-03 13:01 - 2016-04-04 13:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-05-03 13:01 - 2016-04-04 13:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-05-03 13:01 - 2016-04-02 08:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-05-03 13:01 - 2016-03-23 09:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-05-03 13:01 - 2016-03-17 13:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-05-03 13:01 - 2016-03-17 13:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-05-03 13:01 - 2016-03-17 13:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-05-03 13:01 - 2016-03-17 13:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-05-03 13:01 - 2016-03-16 13:58 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-03 13:01 - 2016-03-16 13:58 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-03 13:01 - 2016-03-16 13:58 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-03 13:01 - 2016-03-16 13:58 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-03 13:01 - 2016-03-16 13:56 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-03 13:01 - 2016-03-16 13:55 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-03 13:01 - 2016-03-16 13:53 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-03 13:01 - 2016-03-16 13:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-03 13:01 - 2016-03-16 13:53 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-03 13:01 - 2016-03-16 13:53 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-03 13:01 - 2016-03-16 13:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-03 13:01 - 2016-03-16 13:53 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-03 13:01 - 2016-03-16 13:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-03 13:01 - 2016-03-16 13:52 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-03 13:01 - 2016-03-16 13:52 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-03 13:01 - 2016-03-16 13:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-03 13:01 - 2016-03-16 13:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-03 13:01 - 2016-03-16 13:52 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-03 13:01 - 2016-03-16 13:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-03 13:01 - 2016-03-16 13:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-03 13:01 - 2016-03-16 13:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-03 13:01 - 2016-03-16 13:51 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-03 13:01 - 2016-03-16 13:50 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-03 13:01 - 2016-03-16 13:50 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-03 13:01 - 2016-03-16 13:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-05-03 13:01 - 2016-03-16 13:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-03 13:01 - 2016-03-16 13:48 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-03 13:01 - 2016-03-16 13:48 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-03 13:01 - 2016-03-16 13:48 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-03 13:01 - 2016-03-16 13:48 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-03 13:01 - 2016-03-16 13:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-03 13:01 - 2016-03-16 13:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-03 13:01 - 2016-03-16 13:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-03 13:01 - 2016-03-16 13:46 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-03 13:01 - 2016-03-16 13:45 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:37 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-03 13:01 - 2016-03-16 13:37 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-03 13:01 - 2016-03-16 13:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-03 13:01 - 2016-03-16 13:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-03 13:01 - 2016-03-16 13:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-03 13:01 - 2016-03-16 13:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-03 13:01 - 2016-03-16 13:31 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-03 13:01 - 2016-03-16 13:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-03 13:01 - 2016-03-16 13:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-03 13:01 - 2016-03-16 13:31 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-03 13:01 - 2016-03-16 13:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-03 13:01 - 2016-03-16 13:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-03 13:01 - 2016-03-16 13:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-03 13:01 - 2016-03-16 13:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-03 13:01 - 2016-03-16 13:28 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-03 13:01 - 2016-03-16 13:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-03 13:01 - 2016-03-16 13:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-05-03 13:01 - 2016-03-16 13:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-05-03 13:01 - 2016-03-16 13:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-03 13:01 - 2016-03-16 13:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-03 13:01 - 2016-03-16 13:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-03 13:01 - 2016-03-16 13:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-03 13:01 - 2016-03-16 13:24 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 13:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 12:49 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-03 13:01 - 2016-03-16 12:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-03 13:01 - 2016-03-16 12:49 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-03 13:01 - 2016-03-16 12:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-03 13:01 - 2016-03-16 12:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-03 13:01 - 2016-03-16 12:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-03 13:01 - 2016-03-16 12:37 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-03 13:01 - 2016-03-16 12:34 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-03 13:01 - 2016-03-16 12:33 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-03 13:01 - 2016-03-16 12:33 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-03 13:01 - 2016-03-16 12:31 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-03 13:01 - 2016-03-16 12:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-03 13:01 - 2016-03-16 12:26 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-03 13:01 - 2016-03-16 12:26 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-03 13:01 - 2016-03-16 12:26 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-03 13:01 - 2016-03-16 12:26 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-03 13:01 - 2016-03-16 12:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-03 13:01 - 2016-03-16 12:24 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 12:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 12:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-03 13:01 - 2016-03-16 12:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-03 13:01 - 2016-02-12 13:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-05-03 13:01 - 2016-02-12 13:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-05-03 13:01 - 2016-02-12 13:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-05-03 13:01 - 2016-02-12 13:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-05-03 13:01 - 2016-02-12 13:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-05-03 13:01 - 2016-02-12 13:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-05-03 13:01 - 2016-02-12 13:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-05-03 13:01 - 2016-02-12 13:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-05-03 13:01 - 2016-02-12 13:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-05-03 13:01 - 2016-02-12 13:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-05-03 13:01 - 2016-02-12 13:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-05-03 13:01 - 2016-02-12 13:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-05-03 13:01 - 2016-02-12 13:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-05-03 13:01 - 2016-02-12 13:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-05-03 13:01 - 2016-02-12 13:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-05-03 13:01 - 2016-02-12 13:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-05-03 12:59 - 2016-03-15 19:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-05-03 12:59 - 2016-03-15 19:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-05-03 12:59 - 2016-03-15 18:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-05-03 12:58 - 2016-03-29 12:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-03 12:58 - 2016-02-09 04:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-05-03 12:58 - 2016-02-09 04:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-05-03 12:58 - 2016-02-09 04:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-05-03 12:58 - 2016-02-09 04:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-05-03 12:58 - 2016-02-09 04:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-05-03 12:58 - 2016-02-09 04:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-05-03 12:58 - 2016-02-09 04:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-05-03 12:58 - 2016-02-09 04:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-05-03 12:58 - 2016-02-09 04:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-05-03 12:58 - 2016-02-09 04:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-05-03 12:58 - 2015-11-19 09:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-05-03 12:58 - 2015-11-19 09:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-05-03 12:58 - 2015-11-19 09:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-05-03 12:58 - 2015-11-19 09:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-05-03 12:58 - 2015-11-19 09:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-05-03 12:58 - 2015-11-19 09:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-05-03 12:58 - 2015-11-19 09:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-05-03 12:58 - 2015-11-19 09:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-05-03 12:58 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-05-03 12:58 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-05-03 12:58 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-05-03 12:58 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2016-05-03 12:58 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2016-05-03 12:58 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2016-05-03 12:58 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2016-05-03 12:58 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2016-05-03 12:58 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2016-05-03 12:58 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2016-05-03 12:58 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2016-05-03 12:58 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2016-05-03 12:58 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2016-05-03 12:57 - 2016-03-11 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-03 12:57 - 2016-03-11 13:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-03 12:57 - 2016-03-06 13:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-05-03 12:57 - 2016-03-06 13:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-05-03 12:57 - 2016-03-06 13:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-05-03 12:57 - 2016-03-06 13:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-05-03 12:57 - 2016-02-09 04:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-05-03 12:57 - 2016-02-05 13:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-05-03 12:57 - 2016-02-05 13:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-05-03 12:57 - 2016-02-05 13:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-05-03 12:57 - 2016-02-05 13:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-05-03 12:57 - 2016-02-05 13:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-05-03 12:57 - 2016-02-05 13:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-05-03 12:57 - 2016-02-05 13:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-05-03 12:57 - 2016-02-05 12:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-05-03 12:57 - 2016-02-05 12:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-05-03 12:57 - 2016-02-05 12:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-05-03 12:57 - 2016-02-04 20:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-05-03 12:57 - 2016-02-04 13:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-05-03 12:57 - 2016-02-03 13:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-05-03 12:57 - 2016-02-03 13:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-05-03 12:57 - 2016-02-03 13:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-05-03 12:57 - 2016-02-03 13:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-05-03 12:57 - 2016-02-03 13:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-05-03 12:57 - 2016-02-02 13:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-05-03 12:57 - 2016-01-20 19:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-05-03 12:57 - 2016-01-11 14:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-05-03 12:55 - 2016-05-03 12:55 - 00210838 _____ C:\TDSSKiller.3.1.0.9_03.05.2016_12.55.00_log.txt
2016-05-02 10:23 - 2016-06-05 22:06 - 00000000 ____D C:\Users\Point Presenter\Desktop\MISC
2016-04-29 18:02 - 2016-04-29 18:14 - 15796536 _____ C:\Users\Point Presenter\Downloads\Glary_Utilities_v5.49.0.69.exe
2016-04-29 16:41 - 2016-04-29 17:26 - 46436440 _____ C:\Users\Point Presenter\Downloads\Mozilla_Firefox_(64bit)_v46.0.exe
2016-04-28 22:48 - 2016-04-28 22:48 - 00000000 ____D C:\ProgramData\bdch
2016-04-27 18:37 - 2016-04-27 18:50 - 32897512 _____ C:\Users\Point Presenter\Documents\JPEOPLE.psd
2016-04-23 21:30 - 2016-04-23 21:30 - 00210894 _____ C:\TDSSKiller.3.1.0.9_23.04.2016_21.30.09_log.txt
2016-04-23 20:48 - 2016-04-23 20:48 - 00827402 _____ C:\TDSSKiller.3.1.0.9_23.04.2016_20.48.12_log.txt
2016-04-23 20:45 - 2016-04-23 20:46 - 00211158 _____ C:\TDSSKiller.3.1.0.9_23.04.2016_20.45.45_log.txt
2016-04-23 20:45 - 2016-04-23 20:45 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Point Presenter\Desktop\tdsskiller.exe
2016-04-23 20:33 - 2016-04-23 20:33 - 00000000 ____D C:\ProgramData\BDLogging
2016-04-23 20:31 - 2016-04-23 20:32 - 00417508 _____ C:\TDSSKiller.3.1.0.9_23.04.2016_20.31.10_log.txt
2016-04-23 20:19 - 2016-04-23 20:19 - 00210994 _____ C:\TDSSKiller.3.1.0.9_23.04.2016_20.19.18_log.txt
2016-04-23 20:12 - 2016-04-23 20:13 - 00414650 _____ C:\TDSSKiller.3.1.0.9_23.04.2016_20.12.11_log.txt
2016-04-23 20:12 - 2016-04-23 20:12 - 00004166 _____ C:\TDSSKiller.3.1.0.9_23.04.2016_20.12.00_log.txt
2016-04-23 19:52 - 2016-04-23 19:52 - 00003640 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-04-23 19:44 - 2016-06-07 10:47 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-04-23 19:44 - 2016-04-23 19:44 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-04-23 19:32 - 2016-04-23 19:39 - 10314888 _____ C:\Users\Point Presenter\Desktop\bitdefender_windows_dd58f107-27dd-443d-bafb-81603cfbc5cf.exe
2016-04-22 23:29 - 2016-04-22 23:29 - 00000021 _____ C:\Users\Point Presenter\Desktop\kypell-bigpond.net.au
2016-04-22 22:42 - 2016-04-22 22:42 - 00209334 _____ C:\TDSSKiller.3.1.0.9_22.04.2016_22.42.14_log.txt
2016-04-22 22:27 - 2016-04-22 22:29 - 00826598 _____ C:\TDSSKiller.3.1.0.9_22.04.2016_22.27.36_log.txt
2016-04-21 22:14 - 2016-04-21 22:15 - 00211674 _____ C:\TDSSKiller.3.1.0.9_21.04.2016_22.14.08_log.txt
2016-04-19 19:34 - 2016-04-19 19:34 - 01716592 _____ (McAfee Inc.) C:\Users\Point Presenter\Desktop\realprotect.exe
2016-04-19 19:20 - 2016-04-19 19:28 - 00414614 _____ C:\TDSSKiller.3.1.0.9_19.04.2016_19.20.41_log.txt
2016-04-18 12:24 - 2016-05-14 18:55 - 00000000 ____D C:\Users\Point Presenter\AppData\Roaming\WordKutools
2016-04-18 12:24 - 2016-04-18 12:24 - 00000000 ____D C:\Users\Point Presenter\AppData\Local\Microsoft_Corporation
2016-04-18 12:22 - 2016-04-20 08:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kutools for Word
2016-04-18 12:22 - 2016-04-18 12:22 - 00000000 ____D C:\Windows\SysWOW64\addins
2016-04-18 12:22 - 2016-04-18 12:22 - 00000000 ____D C:\Users\Public\Documents\ExtendOffice
2016-04-18 12:22 - 2016-04-18 12:22 - 00000000 ____D C:\Program Files (x86)\ExtendOffice
2016-04-18 12:18 - 2016-04-18 12:19 - 14403136 _____ (ExtendOffice ) C:\Users\Point Presenter\Downloads\WordKutools.exe
2016-04-14 20:41 - 2016-04-14 20:44 - 00211654 _____ C:\TDSSKiller.3.1.0.9_14.04.2016_20.41.28_log.txt
2016-04-14 20:11 - 2016-04-14 20:22 - 01440428 _____ C:\TDSSKiller.3.1.0.9_14.04.2016_20.11.35_log.txt
2016-04-14 20:09 - 2016-04-14 20:10 - 00575500 _____ C:\TDSSKiller.3.1.0.9_14.04.2016_20.09.49_log.txt
2016-04-14 20:07 - 2016-04-14 20:09 - 01531138 _____ C:\TDSSKiller.3.1.0.9_14.04.2016_20.07.13_log.txt
2016-04-14 19:59 - 2016-04-14 20:04 - 00413710 _____ C:\TDSSKiller.3.1.0.9_14.04.2016_19.59.50_log.txt
2016-04-14 19:43 - 2016-04-14 19:43 - 00208772 _____ C:\TDSSKiller.3.1.0.9_14.04.2016_19.43.07_log.txt
2016-04-14 19:42 - 2016-04-14 19:42 - 00413622 _____ C:\TDSSKiller.3.1.0.9_14.04.2016_19.42.14_log.txt
2016-04-14 16:45 - 2016-04-14 16:45 - 00413694 _____ C:\TDSSKiller.3.1.0.9_14.04.2016_16.45.10_log.txt
2016-04-14 08:09 - 2016-04-14 08:10 - 00413694 _____ C:\TDSSKiller.3.1.0.9_14.04.2016_08.09.31_log.txt
2016-04-13 11:41 - 2016-04-13 11:41 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-04-13 11:41 - 2016-04-13 11:41 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-04-11 14:53 - 2016-04-11 14:53 - 09738078 _____ C:\Users\Point Presenter\Desktop\AGSGRASS.psd
2016-04-08 12:24 - 2016-04-08 13:25 - 34593126 _____ C:\Users\Point Presenter\Documents\CHOOSE-A-SIDE.psd
2016-04-08 09:10 - 2016-04-08 09:11 - 15771432 _____ C:\Users\Point Presenter\Desktop\Glary_Utilities_v5.48.0.68.exe
2016-04-08 09:01 - 2016-04-08 09:03 - 00212150 _____ C:\TDSSKiller.3.1.0.9_08.04.2016_09.01.53_log.txt
2016-04-08 08:41 - 2016-04-08 08:41 - 00413984 _____ C:\TDSSKiller.3.1.0.9_08.04.2016_08.41.11_log.txt
2016-04-08 08:41 - 2016-04-08 08:41 - 00000490 _____ C:\TDSSKiller.3.1.0.9_08.04.2016_08.41.07_log.txt
2016-04-08 08:38 - 2016-04-08 08:39 - 00413878 _____ C:\TDSSKiller.3.1.0.9_08.04.2016_08.38.55_log.txt
2016-04-08 08:33 - 2016-04-08 08:35 - 00209098 _____ C:\TDSSKiller.3.1.0.9_08.04.2016_08.33.43_log.txt
2016-04-07 15:00 - 2016-06-05 21:47 - 00000000 ____D C:\Users\Point Presenter\AppData\Local\Citrix
2016-04-07 13:21 - 2016-04-20 08:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shape3D X
2016-04-07 13:21 - 2016-04-07 13:21 - 00001013 _____ C:\Users\Point Presenter\Desktop\Shape3D X.lnk
2016-04-07 13:21 - 2016-04-07 13:21 - 00000000 ____D C:\ProgramData\TEMP
2016-04-07 13:21 - 2016-04-07 13:21 - 00000000 ____D C:\Program Files (x86)\Shape3d X
2016-04-07 12:48 - 2016-04-07 12:55 - 00417964 _____ C:\TDSSKiller.3.1.0.9_07.04.2016_12.48.22_log.txt
2016-04-05 13:48 - 2016-04-05 13:48 - 00395863 _____ C:\Users\Point Presenter\Downloads\unilateral-nda.pdf
2016-04-05 11:17 - 2016-04-05 11:17 - 00000000 ____D C:\Users\Point Presenter\Downloads\bebas
2016-04-05 11:16 - 2016-04-05 11:16 - 00017278 _____ C:\Users\Point Presenter\Downloads\bebas.zip
2016-04-05 10:43 - 2016-04-05 10:43 - 04779725 _____ C:\Users\Point Presenter\Downloads\Sketches-variety-of-flowers-and-leaves-background.zip
2016-04-05 10:15 - 2016-04-05 10:15 - 00071518 _____ C:\Users\Point Presenter\Downloads\shape.psd
2016-04-05 10:02 - 2016-04-05 10:02 - 00000000 ____D C:\Users\Point Presenter\Downloads\Watercolor-mexican-skull
2016-04-05 09:54 - 2016-04-05 09:56 - 15295244 _____ C:\Users\Point Presenter\Downloads\hs-2009-25-e-full_tif.tif
2016-04-05 09:49 - 2016-04-05 09:56 - 31620070 _____ C:\Users\Point Presenter\Downloads\Watercolor-mexican-skull.zip
2016-04-05 09:47 - 2016-04-05 09:47 - 02147809 _____ C:\Users\Point Presenter\Downloads\Floral-sugar-skull.zip
2016-04-05 09:43 - 2016-04-05 09:45 - 13910688 _____ C:\Users\Point Presenter\Downloads\hs-1992-29-b-full_tif.tif
2016-04-05 07:09 - 2016-04-05 07:10 - 00210542 _____ C:\TDSSKiller.3.1.0.9_05.04.2016_07.09.27_log.txt
2016-04-04 20:24 - 2016-04-04 20:24 - 03676289 _____ C:\Users\Point Presenter\Downloads\Puzzle-infographic.zip
2016-04-04 20:24 - 2016-04-04 20:24 - 00000000 ____D C:\Users\Point Presenter\Downloads\Puzzle-infographic
2016-04-04 19:31 - 2016-04-04 19:31 - 00000000 ____D C:\Users\Point Presenter\Downloads\Global-network-science-infographic
2016-04-04 19:30 - 2016-04-04 19:30 - 01288274 _____ C:\Users\Point Presenter\Downloads\Global-network-science-infographic.zip
2016-04-04 19:28 - 2016-04-04 19:28 - 01271875 _____ C:\Users\Point Presenter\Downloads\Round-infographic-template.zip
2016-04-04 19:27 - 2016-04-04 19:29 - 08700587 _____ C:\Users\Point Presenter\Downloads\Vector-infographic-options-design.zip
2016-04-04 12:56 - 2016-04-04 12:56 - 00583779 _____ C:\Users\Point Presenter\Downloads\Product.pdf
2016-04-03 16:41 - 2016-04-03 16:41 - 00283714 _____ C:\Users\Point Presenter\Downloads\129.pdf
2016-04-03 06:27 - 2016-04-03 06:31 - 00417798 _____ C:\TDSSKiller.3.1.0.9_03.04.2016_06.27.58_log.txt
2016-04-03 06:26 - 2016-04-03 06:27 - 00006878 _____ C:\TDSSKiller.3.1.0.9_03.04.2016_06.26.35_log.txt
2016-04-02 12:02 - 2016-04-02 12:02 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-04-01 18:16 - 2016-04-01 18:16 - 00039415 _____ C:\Users\Point Presenter\Downloads\jquery.commonlibraries.js
2016-04-01 13:22 - 2016-04-01 13:22 - 00079535 _____ C:\Users\Point Presenter\Downloads\rts.wordpress.2016-04-01.xml
2016-04-01 07:11 - 2016-04-01 07:54 - 00211148 _____ C:\TDSSKiller.3.1.0.9_01.04.2016_07.11.16_log.txt
2016-03-31 20:52 - 2016-03-31 20:52 - 00000000 ____D C:\Users\Point Presenter\Desktop\Old Firefox Data
2016-03-27 16:53 - 2016-03-27 16:54 - 00415874 _____ C:\TDSSKiller.3.1.0.9_27.03.2016_16.53.38_log.txt
2016-03-27 16:51 - 2016-03-27 16:52 - 00209940 _____ C:\TDSSKiller.3.1.0.9_27.03.2016_16.51.40_log.txt
2016-03-27 16:44 - 2016-03-27 16:45 - 00209922 _____ C:\TDSSKiller.3.1.0.9_27.03.2016_16.44.41_log.txt
2016-03-27 16:41 - 2016-03-27 16:43 - 00216124 _____ C:\TDSSKiller.3.1.0.9_27.03.2016_16.41.28_log.txt
2016-03-27 16:34 - 2016-05-17 12:12 - 00000000 ____D C:\Windows\Minidump
2016-03-25 10:38 - 2016-05-26 20:03 - 00003024 _____ C:\Windows\System32\Tasks\GMHSkipUAC
2016-03-25 10:38 - 2016-05-26 20:03 - 00001218 _____ C:\Users\Public\Desktop\Malware Hunter.lnk
2016-03-25 10:38 - 2016-03-25 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2016-03-25 10:37 - 2016-03-25 10:37 - 00000000 ____D C:\Program Files (x86)\Glarysoft
2016-03-25 09:04 - 2016-03-25 09:17 - 149262376 _____ C:\Users\Point Presenter\Desktop\mhsetup.exe
2016-03-24 18:27 - 2016-03-25 08:15 - 60413606 _____ C:\Users\Point Presenter\Documents\NICA-MOTO-16.psd
2016-03-23 17:45 - 2016-03-23 17:51 - 22851472 _____ (Malwarebytes ) C:\Users\Point Presenter\Downloads\Malwarebytes_Anti_Malware_v2.2.1.1043.exe
2016-03-23 17:45 - 2016-03-23 17:50 - 15610328 _____ C:\Users\Point Presenter\Downloads\Glary_Utilities_v5.47.0.67.exe
2016-03-23 17:44 - 2016-03-23 17:50 - 19377344 _____ (Adobe Systems Incorporated) C:\Users\Point Presenter\Downloads\Adobe_Flash_Player_(IE)_v21.0.0.182.exe
2016-03-22 21:42 - 2016-03-22 21:45 - 15579504 _____ (McAfee Inc) C:\Users\Point Presenter\Desktop\stinger64.exe
2016-03-21 21:25 - 2016-03-21 21:26 - 00214874 _____ C:\TDSSKiller.3.1.0.9_21.03.2016_21.25.21_log.txt
2016-03-20 14:04 - 2016-03-20 14:04 - 00000633 _____ C:\Users\Point Presenter\Desktop\DOMAINS2.txt
2016-03-19 08:57 - 2016-03-19 09:01 - 00830194 _____ C:\TDSSKiller.3.1.0.9_19.03.2016_08.57.50_log.txt
2016-03-19 08:49 - 2016-03-19 08:50 - 00830686 _____ C:\TDSSKiller.3.1.0.9_19.03.2016_08.49.02_log.txt
2016-03-19 07:28 - 2016-03-19 07:30 - 00210564 _____ C:\TDSSKiller.3.1.0.9_19.03.2016_07.28.18_log.txt
2016-03-17 17:42 - 2016-05-17 22:01 - 00000033 _____ C:\Users\Point Presenter\AppData\Roaming\AdobeWLCMCache.dat
2016-03-17 07:39 - 2016-03-17 07:40 - 00417398 _____ C:\TDSSKiller.3.1.0.9_17.03.2016_07.39.23_log.txt
2016-03-17 07:27 - 2016-03-17 07:30 - 00831102 _____ C:\TDSSKiller.3.1.0.9_17.03.2016_07.27.25_log.txt
2016-03-16 08:20 - 2016-03-16 08:21 - 00214012 _____ C:\TDSSKiller.3.1.0.9_16.03.2016_08.20.26_log.txt
2016-03-11 17:08 - 2016-03-11 17:09 - 00000000 ____D C:\Users\Point Presenter\Documents\SR CASITA
2016-03-11 11:53 - 2016-03-11 11:54 - 00214016 _____ C:\TDSSKiller.3.1.0.9_11.03.2016_10.53.46_log.txt
2016-03-10 11:50 - 2016-03-10 11:50 - 00000000 ____D C:\Users\Point Presenter\Desktop\SR Casita

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-07 10:46 - 2016-03-03 17:31 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-07 10:45 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-07 10:44 - 2016-02-17 12:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-07 10:41 - 2016-03-03 17:31 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-07 10:40 - 2016-02-17 13:29 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2896009937-3692183909-1683361069-1000UA.job
2016-06-07 10:25 - 2009-07-14 00:13 - 00772352 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-07 10:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-06-07 10:15 - 2016-02-19 20:13 - 00000000 ____D C:\Users\Point Presenter\AppData\Roaming\Skype
2016-06-07 10:00 - 2016-02-17 12:18 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-07 09:56 - 2016-02-17 12:17 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-07 09:56 - 2016-02-17 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-07 09:14 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-07 09:14 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-06 15:40 - 2016-02-17 13:29 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2896009937-3692183909-1683361069-1000Core.job
2016-06-05 21:58 - 2013-07-31 20:36 - 00000000 ____D C:\Program Files\Windows Live
2016-06-05 21:57 - 2013-07-31 20:21 - 00000000 ____D C:\Program Files\Dell
2016-06-05 21:57 - 2013-07-31 20:20 - 00000000 ____D C:\Program Files (x86)\Dell
2016-06-05 21:56 - 2013-07-31 20:27 - 00000000 ____D C:\ProgramData\Wave Systems Corp
2016-06-05 21:56 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-06-05 21:54 - 2016-02-16 20:55 - 00000000 ____D C:\Users\Point Presenter\AppData\Roaming\Creative
2016-06-05 21:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-06-05 21:21 - 2013-07-31 20:29 - 00000390 __RSH C:\ProgramData\ntuser.pol
2016-06-05 21:15 - 2016-02-16 20:55 - 00127376 _____ C:\Users\Point Presenter\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-05 21:15 - 2009-07-13 23:45 - 00536680 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-05 21:13 - 2016-02-16 20:53 - 00000000 ____D C:\Windows\CSC
2016-06-05 21:08 - 2009-07-13 21:34 - 00000439 _____ C:\Windows\win.ini
2016-06-05 21:05 - 2011-02-10 09:33 - 00772352 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-06-05 18:34 - 2009-07-13 21:34 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_993
2016-06-05 10:20 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Registration
2016-06-05 09:31 - 2016-02-19 11:23 - 00000000 ____D C:\Users\Point Presenter\AppData\Local\ElevatedDiagnostics
2016-06-05 09:29 - 2016-02-17 13:02 - 00001899 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-06-05 08:59 - 2016-02-17 13:02 - 00000000 ____D C:\Program Files\HitmanPro
2016-06-04 23:45 - 2016-02-17 13:08 - 00001156 _____ C:\Windows\system32\.crusader
2016-06-04 23:36 - 2016-03-04 19:57 - 00007590 _____ C:\Users\Point Presenter\AppData\Local\Resmon.ResmonCfg
2016-06-04 01:07 - 2016-02-16 22:32 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2016-06-04 00:59 - 2009-07-14 00:08 - 00029104 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-03 15:55 - 2016-02-17 13:20 - 00000000 ____D C:\Users\Point Presenter\Documents\VENTURES
2016-06-03 12:29 - 2016-02-17 13:19 - 00000000 ____D C:\Users\Point Presenter\Documents\CLIENTS
2016-06-02 10:46 - 2013-07-31 20:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-02 10:43 - 2013-07-31 20:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-02 09:07 - 2016-02-16 20:55 - 00000000 ____D C:\Users\Point Presenter\AppData\Local\VirtualStore
2016-06-02 01:03 - 2013-07-31 20:18 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-02 01:03 - 2013-07-31 20:18 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-30 09:19 - 2016-02-16 21:36 - 00000000 ____D C:\Users\Point Presenter\Documents\PointPRESENTER
2016-05-29 23:44 - 2016-03-03 17:38 - 00002044 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-05-29 23:44 - 2016-03-03 17:38 - 00002042 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-05-29 23:44 - 2016-03-03 17:38 - 00002032 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-05-29 23:44 - 2016-03-03 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-29 12:42 - 2016-02-17 12:58 - 00000000 ____D C:\Users\Point Presenter\Documents\Adobe
2016-05-29 12:42 - 2016-02-16 20:55 - 00000000 ____D C:\Users\Point Presenter\AppData\Roaming\Adobe
2016-05-29 12:37 - 2016-02-16 20:55 - 00000000 ____D C:\Users\Point Presenter
2016-05-28 17:42 - 2016-02-19 20:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-28 17:42 - 2016-02-19 20:13 - 00000000 ____D C:\ProgramData\Skype
2016-05-26 18:56 - 2016-02-17 13:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-05-26 02:04 - 2016-02-16 20:57 - 00000000 ____D C:\Windows\System32\Tasks\Dell
2016-05-23 17:22 - 2016-02-17 11:19 - 00001139 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2016-05-23 17:22 - 2016-02-16 23:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-05-20 21:57 - 2016-02-16 22:32 - 00003344 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2016-05-20 21:57 - 2016-02-16 22:32 - 00003004 _____ C:\Windows\System32\Tasks\GU5SkipUAC
2016-05-20 21:57 - 2016-02-16 22:32 - 00001086 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2016-05-19 15:27 - 2016-02-27 11:39 - 00000000 ____D C:\SUPERDelete
2016-05-19 13:30 - 2016-02-17 12:48 - 11438608 _____ (SurfRight B.V.) C:\Users\Point Presenter\Desktop\HitmanPro_x64.exe
2016-05-13 14:43 - 2016-02-16 21:45 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-05-12 19:20 - 2016-02-16 22:32 - 00000000 ____D C:\Users\Point Presenter\AppData\Roaming\GlarySoft
2016-05-11 10:50 - 2016-02-16 21:29 - 04633146 _____ C:\Users\Point Presenter\Downloads\tdsskiller.zip
2016-05-10 15:36 - 2016-03-03 17:31 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 15:36 - 2016-03-03 17:31 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 15:35 - 2016-02-17 13:29 - 00003938 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2896009937-3692183909-1683361069-1000UA
2016-05-10 15:35 - 2016-02-17 13:29 - 00003542 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2896009937-3692183909-1683361069-1000Core
2016-05-09 11:14 - 2016-02-16 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5

==================== Files in the root of some directories =======

2016-03-17 17:42 - 2016-05-17 22:01 - 0000033 _____ () C:\Users\Point Presenter\AppData\Roaming\AdobeWLCMCache.dat
2016-06-06 11:34 - 2016-06-06 11:34 - 0001456 _____ () C:\Users\Point Presenter\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-03-04 19:57 - 2016-06-04 23:36 - 0007590 _____ () C:\Users\Point Presenter\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Point Presenter\AppData\Local\Temp\libeay32.dll
C:\Users\Point Presenter\AppData\Local\Temp\msvcr120.dll
C:\Users\Point Presenter\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {7d42fbc3-fa56-11e2-ba6e-f01faf2ec29b}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {7d42fbc5-fa56-11e2-ba6e-f01faf2ec29b}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {7d42fbc3-fa56-11e2-ba6e-f01faf2ec29b}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {7d42fbc5-fa56-11e2-ba6e-f01faf2ec29b}
device                  ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{7d42fbc6-fa56-11e2-ba6e-f01faf2ec29b}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{7d42fbc6-fa56-11e2-ba6e-f01faf2ec29b}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {7d42fbc3-fa56-11e2-ba6e-f01faf2ec29b}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {7d42fbc6-fa56-11e2-ba6e-f01faf2ec29b}
description             Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume2
ramdisksdipath          \Recovery\WindowsRE\boot.sdi



LastRegBack: 2016-06-07 02:02

==================== End of FRST.txt ============================

 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 PM

Posted 07 June 2016 - 01:20 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:


HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 O2MDFRDR; \SystemRoot\system32\drivers\O2MDFw7x64.sys [X]
S3 O2MDRRDR; \SystemRoot\system32\drivers\O2MDRw7x64.sys [X]
CustomCLSID: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Point Presenter\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
AlternateDataStreams: C:\Users\Point Presenter\Desktop\adwcleaner_5.119.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\ATF-Cleaner.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\Glary_Utilities_v5.48.0.68.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\GoogleVoiceAndVideoSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\JRT.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\KVRT.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\mbam-setup-2.2.1.1043.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\pinata2222.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\pinatas.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\pinatas123.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\realprotect.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\rkill.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\stinger64.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\tdsskiller.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\tdsskiller2.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\tweaking.com_windows_repair_aio_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\unhide.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\CG_5.5.1.3.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\CreativeCloudSet-Up(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\EIE11_EN-US_WOL_WIN764.EXE:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\FileZilla_3.15.0.2_win64-setup.exe.part:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\Glary_Utilities_v5.45.0.65.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\Glary_Utilities_v5.49.0.69.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\Glary_Utilities_v5.50.0.70.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\Glary_Utilities_v5.51.0.71.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\Glary_Utilities_v5.52.0.73.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\googledrivesync.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\GoogleVoiceAndVideoSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\InstallFreeRARExtractFrog.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\mbam-setup-2.2.0.1024.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\Mozilla_Firefox_(64bit)_v46.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\RivaFLVPlayerSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\SkypeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\Skype_v7.24.0.104.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\tdsskiller.zip:BDU [1]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\WordKutools.exe:BDU [0]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

There could be some remnant items.

Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology


Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

This may take awhile, run it when you know you will not need the computer for an hour or two.
<<<>>>

Please post the log and let me know if the problem persists.

#5 insidesjds

insidesjds
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 07 June 2016 - 02:08 PM

Hi, something strange happened, after opening FRST before I could click on the "fix" button the program real fast closed and reopened and a folder appeared on the desktop named "FRST-OlderVersion", is this normal? I attached a screenshot as well.

 

 

FRST ///////////////////////////////

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-06-2016
Ran by Point Presenter (2016-06-07 13:56:48) Run:1
Running from C:\Users\Point Presenter\Desktop
Loaded Profiles: Point Presenter (Available Profiles: Point Presenter)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:


HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 O2MDFRDR; \SystemRoot\system32\drivers\O2MDFw7x64.sys [X]
S3 O2MDRRDR; \SystemRoot\system32\drivers\O2MDRw7x64.sys [X]
CustomCLSID: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Point Presenter\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
AlternateDataStreams: C:\Users\Point Presenter\Desktop\adwcleaner_5.119.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\ATF-Cleaner.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\Glary_Utilities_v5.48.0.68.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\GoogleVoiceAndVideoSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\JRT.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\KVRT.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\mbam-setup-2.2.1.1043.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\pinata2222.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\pinatas.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\pinatas123.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\realprotect.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\rkill.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\stinger64.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\tdsskiller.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\tdsskiller2.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\tweaking.com_windows_repair_aio_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Desktop\unhide.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\CG_5.5.1.3.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\CreativeCloudSet-Up(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\EIE11_EN-US_WOL_WIN764.EXE:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\FileZilla_3.15.0.2_win64-setup.exe.part:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\Glary_Utilities_v5.45.0.65.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\Glary_Utilities_v5.49.0.69.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\Glary_Utilities_v5.50.0.70.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\Glary_Utilities_v5.51.0.71.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\Glary_Utilities_v5.52.0.73.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\googledrivesync.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\GoogleVoiceAndVideoSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\InstallFreeRARExtractFrog.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\mbam-setup-2.2.0.1024.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\Mozilla_Firefox_(64bit)_v46.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\RivaFLVPlayerSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\SkypeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\Skype_v7.24.0.104.exe:BDU [0]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\tdsskiller.zip:BDU [1]
AlternateDataStreams: C:\Users\Point Presenter\Downloads\WordKutools.exe:BDU [0]

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
O2MDFRDR => service removed successfully
O2MDRRDR => service removed successfully
"HKU\S-1-5-21-2896009937-3692183909-1683361069-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
C:\Users\Point Presenter\Desktop\adwcleaner_5.119.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Desktop\ATF-Cleaner.exe => ":BDU" ADS removed successfully.
"C:\Users\Point Presenter\Desktop\FRST64.exe" => ":BDU" ADS not found.
C:\Users\Point Presenter\Desktop\Glary_Utilities_v5.48.0.68.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Desktop\GoogleVoiceAndVideoSetup.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Desktop\JRT.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Desktop\KVRT.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Desktop\mbam-setup-2.2.1.1043.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Desktop\pinata2222.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Desktop\pinatas.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Desktop\pinatas123.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Desktop\realprotect.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Desktop\rkill.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Desktop\stinger64.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Desktop\tdsskiller.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Desktop\tdsskiller2.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Desktop\tweaking.com_windows_repair_aio_setup.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Desktop\unhide.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Downloads\CG_5.5.1.3.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Downloads\CreativeCloudSet-Up(1).exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Downloads\EIE11_EN-US_WOL_WIN764.EXE => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Downloads\FileZilla_3.15.0.2_win64-setup.exe.part => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Downloads\Glary_Utilities_v5.45.0.65.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Downloads\Glary_Utilities_v5.49.0.69.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Downloads\Glary_Utilities_v5.50.0.70.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Downloads\Glary_Utilities_v5.51.0.71.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Downloads\Glary_Utilities_v5.52.0.73.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Downloads\googledrivesync.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Downloads\GoogleVoiceAndVideoSetup.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Downloads\InstallFreeRARExtractFrog.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Downloads\mbam-setup-2.2.0.1024.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Downloads\Mozilla_Firefox_(64bit)_v46.0.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Downloads\RivaFLVPlayerSetup.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Downloads\SkypeSetup.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Downloads\Skype_v7.24.0.104.exe => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Downloads\tdsskiller.zip => ":BDU" ADS removed successfully.
C:\Users\Point Presenter\Downloads\WordKutools.exe => ":BDU" ADS removed successfully.
EmptyTemp: => 274.5 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 13:57:02 ====

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 PM

Posted 08 June 2016 - 05:59 AM

Delete the folder FRST-OlderVersion it's obsolete.

How is the computer running now?

#7 insidesjds

insidesjds
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 08 June 2016 - 07:08 AM

It's running better than it has in a year. Still not convinced that the issue is resolved.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 PM

Posted 08 June 2016 - 08:47 AM

Download and run the free SUPERAntiSpyware Version 6.0
http://www.superantispyware.com/

Post the log for my review.
==

p.s.
On your C:\ driver I see many logs created by the TDSSKiller tool.
Similart to this one.
C:\TDSSKiller.3.1.0.9_16.03.2016_08.20.26_log.txt
If they still exists delete them.

===

#9 insidesjds

insidesjds
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 08 June 2016 - 09:57 AM

Ok, I deleted the logs and here's the scan results. Normally I get 500 or so results, this time it looks much smaller 50 or so.

 

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/08/2016 at 09:56 AM

Application Version : 6.0.1220
Database Version : 12743

Scan type       : Complete Scan
Total Scan Time : 00:05:51

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 735
Memory threats detected   : 0
Registry items scanned    : 61302
Registry threats detected : 0
File items scanned        : 38872
File threats detected     : 54

Adware.Tracking Cookie
    C:\Users\Point Presenter\AppData\Roaming\Microsoft\Windows\Cookies\K8D6H4XJ.txtC:\Users\Point Presenter\AppData\Roaming\Microsoft\Windows\Cookies\K8D6H4XJ.txt [ /click.email.aclj.org ]
    C:\Users\Point Presenter\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z8PC0VBT.txtC:\Users\Point Presenter\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z8PC0VBT.txt [ /googleadservices.com ]
    C:\Users\Point Presenter\AppData\Roaming\Microsoft\Windows\Cookies\Low\K418V4ID.txtC:\Users\Point Presenter\AppData\Roaming\Microsoft\Windows\Cookies\Low\K418V4ID.txt [ /s.thebrighttag.com ]
    C:\Users\Point Presenter\AppData\Roaming\Microsoft\Windows\Cookies\Low\7L83A4V4.txtC:\Users\Point Presenter\AppData\Roaming\Microsoft\Windows\Cookies\Low\7L83A4V4.txt [ /doubleclick.net ]
    C:\Users\Point Presenter\AppData\Roaming\Microsoft\Windows\Cookies\Low\DGTY1N3T.txtC:\Users\Point Presenter\AppData\Roaming\Microsoft\Windows\Cookies\Low\DGTY1N3T.txt [ /openx.net ]
    C:\Users\Point Presenter\AppData\Roaming\Microsoft\Windows\Cookies\Low\V5O4TVP9.txtC:\Users\Point Presenter\AppData\Roaming\Microsoft\Windows\Cookies\Low\V5O4TVP9.txt [ /taboola.com ]
    C:\Users\Point Presenter\AppData\Roaming\Microsoft\Windows\Cookies\Low\5AOPM4SS.txtC:\Users\Point Presenter\AppData\Roaming\Microsoft\Windows\Cookies\Low\5AOPM4SS.txt [ /adnxs.com ]
    player.ooyala.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LJ7VXPGY ]
    api.content.ad [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    api.content.ad [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .weborama.fr [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .ads.linkedin.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .ads.linkedin.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    ads.stickyadstv.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .fuel451.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    d.adroll.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    sumome.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    www.entrepreneur.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .entrepreneur.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .entrepreneur.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .entrepreneur.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .entrepreneur.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .entrepreneur.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .entrepreneur.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .adnxs.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .fuel451.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .addthis.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .stats.paypal.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    prod.trendemon.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .rlcdn.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .entrepreneur.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .entrepreneur.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .fuel451.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    www.entrepreneur.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .addthis.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .mathtag.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .netseer.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .config.parsely.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .gwallet.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .rlcdn.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .rlcdn.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .paypal.d1.sc.omtrdc.net [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .adnxs.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .addthis.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .bidswitch.net [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .addthis.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    api.content.ad [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .adnxs.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .addthis.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]
    .addthis.com [ C:\USERS\POINT PRESENTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4QNQF8A.DEFAULT-1459475566637\COOKIES.SQLITE ]

============
 End of Log
============
 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 PM

Posted 09 June 2016 - 06:26 AM

Have you seen any indication that the infection is persisting?

Post any message that may help identify the culprit.

#11 insidesjds

insidesjds
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 09 June 2016 - 10:42 AM

Thanks for you help.

 

When running a SuperAntiSpyware this showed up "Adware.JavaCore/NoDNS", but before it could be removed the computer shut down/restarted. Also, some anti-vius softare that I download always seem to be older obsolete versions of the software I was trying to download, see screenshot.

 

 

My other computer has had a keyboard error at the very startup, unable to navigate bios.

 

 

I get this issue on both computers...

 

Rkill 2.8.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/05/2016 09:31:10 PM in x64 mode.
Windows Version: Windows 8.1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Nicole\AppData\Local\Temp\{0A02F6B9-59BF-48A9-8F25-6DB981B4A2B2}\{29D222B1-E1B9-4D63-BAE1-515BC66FFEFE}.exe (PID: 3872) [T-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 06/05/2016 09:31:51 PM
Execution time: 0 hours(s), 0 minute(s), and 40 seconds(s)

 

 

 

Attached Files



#12 insidesjds

insidesjds
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 09 June 2016 - 10:47 AM

Here's a scan result from the other computer, these two machines seem to experience simular symptoms.

dditional scan result of Farbar Recovery Scan Tool (x64) Version:06-06-2016
Ran by Nicole (2016-06-07 10:20:24)
Running from C:\Users\Nicole\Desktop
Windows 8.1 (X64) (2016-06-05 14:51:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2211793518-886193739-2000919548-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2211793518-886193739-2000919548-501 - Limited - Disabled)
Nicole (S-1-5-21-2211793518-886193739-2000919548-1001 - Administrator - Enabled) => C:\Users\Nicole

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{EE691BD9-2B2C-6BFB-6389-ABAF5AD2A4A1}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3215 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Glary Utilities 5.52 (HKLM-x32\...\Glary Utilities 5) (Version: 5.52.0.73 - Glarysoft Ltd)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{8126E380-F9C6-4317-9CEE-9BBDDAB676E5}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.54 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
Inst5675 (Version: 8.00.54 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.54 - Softex Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.9029 - McAfee, Inc.)
Mediatek Bluetooth Stack (HKLM-x32\...\{B39E1237-AB91-4DAE-BB8A-F7EF19C7BA2A}) (Version: 11.0.743.0 - Mediatek)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 46.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 46.0.1 (x64 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.34.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29069 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.1 - Tweaking.com)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02528827-8F82-4E16-8294-2CC0E842719D} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-31] (McAfee, Inc.)
Task: {1B40A6A7-38C3-4F2C-85F3-04EF01694B8A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {2A4E8CD6-82AD-4AD7-90FC-764AFA8A434C} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2016-05-29] (Glarysoft Ltd)
Task: {38BB59D0-F5FD-4957-A360-B4701258C759} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {39297DFA-C86F-4D4B-9D7E-947FBE7A2421} - System32\Tasks\SUPERAntiSpyware Scheduled Task 799cb663-4e6d-4694-a5d1-ca5af510b280 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {457D834D-1BCD-4E78-83DE-6C7C9069DBE9} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {4A703F29-6EE2-4928-A20A-0302601B1C99} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {740D1085-5366-4408-85CD-3162C125D8E9} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {8FE7C14E-9C37-4EA5-8979-2F12B7E04461} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2016-05-29] (Glarysoft Ltd)
Task: {9237BCC2-1656-4A1C-B8CB-65997E48C070} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2013-08-28] ()
Task: {A5FECCC5-B514-4572-B45E-B21E5FCA8898} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {AF9C4DF5-5D95-44A9-81BA-2F82FFAEF4B6} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2013-08-22] (Microsoft Corporation)
Task: {B89CD636-F183-4EA6-A78D-7C4AE2C5CE2B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {C15B1368-1498-4CA5-B524-34A333C11068} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {C281F69D-0BB3-4A38-8090-C692C752FA32} - System32\Tasks\SUPERAntiSpyware Scheduled Task 8f8601eb-67d9-412e-bded-6791163ac356 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {D6A3A52D-FD1D-408C-8967-3F857FD4B568} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {D6D25B84-84C4-49C6-BF68-47E8FD63A950} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2016-04-23] (McAfee, Inc.)
Task: {DAACBF0E-C97C-4213-A287-7757FD6FA500} - \Optimize Start Menu Cache Files-S-1-5-21-2211793518-886193739-2000919548-500 -> No File <==== ATTENTION
Task: {F39E39BD-3B7A-4CC0-9E22-B82AD80741F1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 799cb663-4e6d-4694-a5d1-ca5af510b280.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 8f8601eb-67d9-412e-bded-6791163ac356.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-09-26 12:34 - 2013-09-26 12:34 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2013-09-26 12:28 - 2013-09-26 12:28 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-09-26 12:25 - 2013-09-26 12:25 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-09-26 12:25 - 2013-09-26 12:25 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-06-05 16:51 - 2013-06-05 16:51 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2015-07-03 07:02 - 2015-07-03 07:02 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2016-06-07 10:11 - 2016-06-07 10:12 - 03677248 _____ () C:\Users\Nicole\Desktop\AdwCleaner.exe
2014-05-12 21:23 - 2013-08-05 01:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 16:48 - 2013-08-05 16:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-05-29 19:17 - 2016-05-29 19:17 - 00086992 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Nicole\Desktop\ATF-Cleaner.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\Glary_Utilities_v5.52.0.73.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\JRT.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\mbam-setup-2.2.1.1043.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\Mozilla_Firefox_(64bit)_v46.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\pinatas.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\pinatas123.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\realprotect.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\rkill.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\SUPERAntiSpyware.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\tdsskiller2.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\tweaking.com_windows_repair_aio_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\unhide.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01120175.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01120175.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2016-06-05 20:33 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2211793518-886193739-2000919548-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nicole\Pictures\Family Shots\IMG_3029.JPG
DNS Servers: 172.30.10.1 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1E871547-213B-4832-B785-EE2998D67164}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{B986D49A-AA0C-4FE0-85FD-E6B573FAA9D5}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{5BF4319F-E06F-4564-8CDA-ADBC57420AE2}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{BA5924C6-FE56-4D69-B55B-43788A5CE9FE}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{EB62F6FC-10F5-4DDA-8EC9-91B1053B50D9}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{19070157-0FA0-4FC7-9EBD-C7BEE7A3A26A}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{3EB052A2-3005-4D9F-AE80-21AB60BB218A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{E005E361-D1C9-40EA-AFA9-58E566A5FECE}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{550252D4-17F2-4FE4-BAC8-3182FDDD5B32}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{CD34CEE2-08B6-4B57-99D8-822AF7732D13}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{151B4845-F8F2-4C4F-BAE9-D8A03A815AD2}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{76F2966B-C2AA-41E1-870B-4B2D9E1DDF68}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{66A9B157-F0F5-4E70-A387-451061C93BFD}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{FAAC2B26-37BA-49EB-BEAF-15B0955DC084}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6B424747-7B03-4BAC-AA88-A03D8CAD6D0A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EFA8E3BB-FA55-4007-9D31-7CCD79CA7919}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BE6BF007-4CA8-4C56-9799-965476A88AF2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4ED79660-E531-424C-ACF3-1B83F46F40FB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2771F5F4-1A76-4E68-AB4E-38D1FA821616}] => (Allow) LPort=2869
FirewallRules: [{DC29F3CC-6786-4970-BBCB-3C19B66B5248}] => (Allow) LPort=1900
FirewallRules: [{94B0D489-4A97-4C03-9215-18D345CB4A42}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{325C166E-23A1-423F-9D77-3F9924DE0067}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B7C5CF59-64C6-484D-B01E-32BD689B0E6A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{3A0FD879-36CE-4804-8A63-25972623DDBC}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

==================== Restore Points =========================

05-06-2016 16:44:53 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8168
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Ralink Bluetooth Adapter
Description: Ralink Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Ralink Technology, Corp.
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/07/2016 07:58:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPSmplPass.exe, version: 8.0.0.54, time stamp: 0x5244620d
Faulting module name: autheng.dll, version: 0.0.0.0, time stamp: 0x5244608b
Exception code: 0xc0000005
Fault offset: 0x000000000002fef7
Faulting process id: 0x850
Faulting application start time: 0xHPSmplPass.exe0
Faulting application path: HPSmplPass.exe1
Faulting module path: HPSmplPass.exe2
Report Id: HPSmplPass.exe3
Faulting package full name: HPSmplPass.exe4
Faulting package-relative application ID: HPSmplPass.exe5

Error: (06/06/2016 03:22:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPSmplPass.exe, version: 8.0.0.54, time stamp: 0x5244620d
Faulting module name: autheng.dll, version: 0.0.0.0, time stamp: 0x5244608b
Exception code: 0xc0000005
Fault offset: 0x000000000002fef7
Faulting process id: 0x10fc
Faulting application start time: 0xHPSmplPass.exe0
Faulting application path: HPSmplPass.exe1
Faulting module path: HPSmplPass.exe2
Report Id: HPSmplPass.exe3
Faulting package full name: HPSmplPass.exe4
Faulting package-relative application ID: HPSmplPass.exe5

Error: (06/06/2016 12:03:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1578

Error: (06/06/2016 12:03:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1578

Error: (06/06/2016 12:03:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/06/2016 08:55:14 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (06/06/2016 08:54:14 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (06/06/2016 08:53:14 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (06/06/2016 08:52:14 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (06/06/2016 08:51:14 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014


System errors:
=============
Error: (06/07/2016 09:23:45 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer POINTPRESENTER
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CBF4416E-DBA5-47C4-8602-BD15980C1F64}.
The master browser is stopping or an election is being forced.

Error: (06/07/2016 09:19:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Proxy Service service failed to start due to the following error:
%%1053

Error: (06/07/2016 09:19:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Proxy Service service to connect.

Error: (06/07/2016 09:19:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Personal Firewall Service service failed to start due to the following error:
%%1053

Error: (06/07/2016 09:19:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Personal Firewall Service service to connect.

Error: (06/07/2016 09:14:16 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1053mcpltsvcUnavailable{20966775-18A4-4299-B8E3-772C336B52A7}

Error: (06/07/2016 09:14:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053

Error: (06/07/2016 09:14:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (06/07/2016 09:14:16 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1053mcpltsvcUnavailable{20966775-18A4-4299-B8E3-772C336B52A7}

Error: (06/07/2016 09:14:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053


CodeIntegrity:
===================================
  Date: 2016-06-07 07:56:32.654
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-06-06 15:08:07.515
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-06-06 08:38:17.489
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-06-06 08:34:33.617
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-06-06 08:27:11.819
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-06-05 21:02:28.673
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-06-05 19:34:49.446
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-06-05 19:29:03.844
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD A4-5000 APU with Radeon™ HD Graphics
Percentage of memory in use: 39%
Total physical RAM: 7637.78 MB
Available physical RAM: 4644.03 MB
Total Virtual: 8037.78 MB
Available Virtual: 5173.5 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:914.03 GB) (Free:812.39 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:16 GB) (Free:1.94 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 18B43057)

Partition: GPT.

==================== End of Addition.txt ============================



#13 insidesjds

insidesjds
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 09 June 2016 - 11:04 AM

Also a while back I did get signs of this one...

 

Trojan Artemis



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 PM

Posted 10 June 2016 - 07:12 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {DAACBF0E-C97C-4213-A287-7757FD6FA500} - \Optimize Start Menu Cache Files-S-1-5-21-2211793518-886193739-2000919548-500 -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Nicole\Desktop\ATF-Cleaner.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\Glary_Utilities_v5.52.0.73.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\JRT.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\mbam-setup-2.2.1.1043.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\Mozilla_Firefox_(64bit)_v46.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\pinatas.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\pinatas123.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\realprotect.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\rkill.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\SUPERAntiSpyware.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\tdsskiller2.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\tweaking.com_windows_repair_aio_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\unhide.exe:BDU
C:\Users\Nicole\AppData\Local\Temp\{0A02F6B9-59BF-48A9-8F25-6DB981B4A2B2}

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

After the normal restart run the Rkill tool and include the log in your next reply.

#15 insidesjds

insidesjds
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 10 June 2016 - 08:06 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:09-06-2016
Ran by Point Presenter (2016-06-10 07:59:35) Run:2
Running from C:\Users\Point Presenter\Desktop
Loaded Profiles: Point Presenter (Available Profiles: Point Presenter)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {DAACBF0E-C97C-4213-A287-7757FD6FA500} - \Optimize Start Menu Cache Files-S-1-5-21-2211793518-886193739-2000919548-500 -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Nicole\Desktop\ATF-Cleaner.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\Glary_Utilities_v5.52.0.73.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\JRT.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\mbam-setup-2.2.1.1043.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\Mozilla_Firefox_(64bit)_v46.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\pinatas.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\pinatas123.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\realprotect.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\rkill.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\SUPERAntiSpyware.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\tdsskiller2.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\tweaking.com_windows_repair_aio_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Nicole\Desktop\unhide.exe:BDU
C:\Users\Nicole\AppData\Local\Temp\{0A02F6B9-59BF-48A9-8F25-6DB981B4A2B2}

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAACBF0E-C97C-4213-A287-7757FD6FA500} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-2211793518-886193739-2000919548-500 => key not found.
"C:\Users\Nicole\Desktop\ATF-Cleaner.exe" => ":BDU" ADS not found.
"C:\Users\Nicole\Desktop\Glary_Utilities_v5.52.0.73.exe" => ":BDU" ADS not found.
"C:\Users\Nicole\Desktop\JRT.exe" => ":BDU" ADS not found.
"C:\Users\Nicole\Desktop\mbam-setup-2.2.1.1043.exe" => ":BDU" ADS not found.
"C:\Users\Nicole\Desktop\Mozilla_Firefox_(64bit)_v46.0.exe" => ":BDU" ADS not found.
"C:\Users\Nicole\Desktop\pinatas.exe" => ":BDU" ADS not found.
"C:\Users\Nicole\Desktop\pinatas123.exe" => ":BDU" ADS not found.
"C:\Users\Nicole\Desktop\realprotect.exe" => ":BDU" ADS not found.
"C:\Users\Nicole\Desktop\rkill.exe" => ":BDU" ADS not found.
"C:\Users\Nicole\Desktop\SUPERAntiSpyware.exe" => ":BDU" ADS not found.
"C:\Users\Nicole\Desktop\tdsskiller2.exe" => ":BDU" ADS not found.
"C:\Users\Nicole\Desktop\tweaking.com_windows_repair_aio_setup.exe" => ":BDU" ADS not found.
"C:\Users\Nicole\Desktop\unhide.exe" => "AlternateDataStreams: C:\Users\Nicole\Desktop\unhide.exe:BDU" ADS not found.
"C:\Users\Nicole\AppData\Local\Temp\{0A02F6B9-59BF-48A9-8F25-6DB981B4A2B2}" => not found.
EmptyTemp: => 704.6 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 07:59:51 ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users