Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Windows Computers trying to logon to my router at different times


  • This topic is locked This topic is locked
34 replies to this topic

#1 NoVirusJoe

NoVirusJoe

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 15 June 2016 - 11:17 AM

I am having a very similar problem to the user in this post:  http://www.bleepingcomputer.com/forums/t/614741/windows-7-computer-is-trying-to-logon-to-my-router/

 

However, I am experiencing these multiple failed logins from different computers in my house, at different times. Each time it is the same pattern of 3 dozen or so logins with different usernames, all at about the same time. I have 2 Win7 computers that attempt these logins, and 1 Win8.1 that also does it. I also have a Win10 system (new) that does not do this. I came to this conclusion from the originating IP addresses.

 

When the logins happen, they appear to be in a burst, and a given computer will only attempt these logins every 36 hours or so. My router log is also peppered with DoS attack messages which appear to be from TWC DNS servers (?). Not sure if this is related or not.  

 

I have a new Netgear C7000 router, and I'm new to TWC. I have run Avast anti-virus, Spybot, Malwarebytes, and tdsskiller, all report clean. Also interestingly enough, although these logins go on in the background they do not appear to affect my network performance at all.

 

From Googling some of the weird login names (e.g. TMARDLKT93319) I found the other user's post with the same behavior on this forum. I also found a Python script called RouterHunterBR that apparently tries various router login user/pass combos looking for vulnerabilities.  Here is a link to this script:  https://github.com/jh00nbr/Routerhunter-2.0/blob/master/routerhunter.py   I don't know if a variant of this script could be involved in my problem.

 

I have attached an excerpt from my router log, as well as both logs from FRST64. I would greatly appreciate any help you could provide. Thank you in advance.

 

----------- ROUTER LOG EXCERPT -----------------

 

[user login failure] from source 192.168.1.11 1 Tue Jun 14 19:43:22 2016 0.0.0.0:0 192.168.1.11:0
[DoS attack: TCP- or UDP-based Port Scan] from 209.18.47.62, port 53 1 Tue Jun 14 19:37:56 2016 76.94.202.15:49645 209.18.47.62:53
[DoS attack: TCP- or UDP-based Port Scan] from 209.18.47.62, port 53 1 Tue Jun 14 19:34:50 2016 76.94.202.15:63196 209.18.47.62:53
[DHCP IP: 192.168.1.14] to MAC address 2c:9e:fc:86:ed:73 1 Tue Jun 14 19:34:17 2016 0.0.0.0:0 0.0.0.0:0
[DoS attack: TCP- or UDP-based Port Scan] from 209.18.47.61, port 53 1 Tue Jun 14 19:30:39 2016 76.94.202.15:54665 209.18.47.61:53
[user login failure] from source 192.168.1.11 3 Tue Jun 14 18:47:19 2016 0.0.0.0:0 192.168.1.11:0
[sysadm login failure] from source 192.168.1.11 1 Tue Jun 14 18:47:19 2016 0.0.0.0:0 192.168.1.11:0
[support login failure] from source 192.168.1.11 1 Tue Jun 14 18:47:19 2016 0.0.0.0:0 192.168.1.11:0
[smc login failure] from source 192.168.1.11 1 Tue Jun 14 18:47:19 2016 0.0.0.0:0 192.168.1.11:0
[root login failure] from source 192.168.1.11 3 Tue Jun 14 18:47:19 2016 0.0.0.0:0 192.168.1.11:0
[manager login failure] from source 192.168.1.11 1 Tue Jun 14 18:47:19 2016 0.0.0.0:0 192.168.1.11:0
[login login failure] from source 192.168.1.11 3 Tue Jun 14 18:47:19 2016 0.0.0.0:0 192.168.1.11:0
[customer login failure] from source 192.168.1.11 1 Tue Jun 14 18:47:18 2016 0.0.0.0:0 192.168.1.11:0
[cusadmin login failure] from source 192.168.1.11 1 Tue Jun 14 18:47:18 2016 0.0.0.0:0 192.168.1.11:0
[comcast login failure] from source 192.168.1.11 1 Tue Jun 14 18:47:18 2016 0.0.0.0:0 192.168.1.11:0
[ADSL login failure] from source 192.168.1.11 1 Tue Jun 14 18:47:18 2016 0.0.0.0:0 192.168.1.11:0
[DXDSL login failure] from source 192.168.1.11 1 Tue Jun 14 18:47:18 2016 0.0.0.0:0 192.168.1.11:0
[ZXDSL login failure] from source 192.168.1.11 1 Tue Jun 14 18:47:18 2016 0.0.0.0:0 192.168.1.11:0
[TMARDLKT93319 login failure] from source 192.168.1.11 1 Tue Jun 14 18:47:18 2016 0.0.0.0:0 192.168.1.11:0
[admin login failure] from source 192.168.1.11 25 Tue Jun 14 18:47:18 2016 0.0.0.0:0 192.168.1.11:0
[admin2 login failure] from source 192.168.1.11 2 Tue Jun 14 18:47:16 2016 0.0.0.0:0 192.168.1.11:0
[admim login failure] from source 192.168.1.11 1 Tue Jun 14 18:47:16 2016 0.0.0.0:0 192.168.1.11:0
[adm login failure] from source 192.168.1.11 1 Tue Jun 14 18:47:16 2016 0.0.0.0:0 192.168.1.11:0
[ login failure] from source 192.168.1.11 5 Tue Jun 14 18:47:16 2016 0.0.0.0:0 192.168.1.11:0
[Username login failure] from source 192.168.1.11 1 Tue Jun 14 18:47:16 2016 0.0.0.0:0 192.168.1.11:0
[User login failure] from source 192.168.1.11 2 Tue Jun 14 18:47:16 2016 0.0.0.0:0 192.168.1.11:0
[Administrator login failure] from source 192.168.1.11 2 Tue Jun 14 18:47:16 2016 0.0.0.0:0 192.168.1.11:0
[Admin login failure] from source 192.168.1.11 2 Tue Jun 14 18:47:16 2016 0.0.0.0:0 192.168.1.11:0
[root login failure] from source 192.168.1.11 2 Tue Jun 14 18:47:16 2016 0.0.0.0:0 192.168.1.11:0
[administrator login failure] from source 192.168.1.11 2 Tue Jun 14 18:47:15 2016 0.0.0.0:0 192.168.1.11:0
[Administrator login failure] from source 192.168.1.11 2 Tue Jun 14 18:47:15 2016 0.0.0.0:0 192.168.1.11:0
[Admin login failure] from source 192.168.1.11 2 Tue Jun 14 18:47:15 2016 0.0.0.0:0 192.168.1.11:0
[ login failure] from source 192.168.1.11 1 Tue Jun 14 18:47:15 2016 0.0.0.0:0 192.168.1.11:0
[admin login failure] from source 192.168.1.11 2 Tue Jun 14 18:47:15 2016 0.0.0.0:0 192.168.1.11:0
[DoS attack: TCP- or UDP-based Port Scan] from 209.18.47.62, port 53 1 Tue Jun 14 18:47:06 2016 76.94.202.15:61346 209.18.47.62:53
[DoS attack: SYN Flood] from 107.6.77.98, port 80 1 Tue Jun 14 18:39:27 2016 192.168.1.17:54372 107.6.77.98:80
[DoS attack: SYN Flood] from 162.248.16.30, port 80 1 Tue Jun 14 18:39:17 2016 192.168.1.17:54271 162.248.16.30:80
 
---------------------------- FRST.txt --------------------------------
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-06-2016
Ran by Ben (administrator) on TANAGRA (15-06-2016 08:45:54)
Running from C:\Users\Ben\Downloads\BleepingComputer
Loaded Profiles: Ben (Available Profiles: Ben & Cynde & Avicka & Keyth)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\afwServ.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Flux Software LLC) C:\Users\Ben\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [7405752 2016-06-10] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [75264 2016-04-19] ()
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2770944 2016-05-07] (Dominik Reichl)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\Run: [f.lux] => C:\Users\Ben\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.)
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\MountPoints2: {0ed09d1a-c5a4-11e2-b2e6-782bcb941e2a} - G:\PortaStore.exe
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2016-05-10] (AVAST Software)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-02-03]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-02-03]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{67E51CC1-1563-4066-9399-46A7539A8D48}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{E97F04AE-A847-4E62-9E6D-EEA95B12D165}: [NameServer] 77.234.40.79
 
Internet Explorer:
==================
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-07-03] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2016-05-10] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-03] (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2016-05-10] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKU\S-1-5-21-3214213031-1856194109-730637721-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3214213031-1856194109-730637721-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} 
DPF: HKLM-x32 {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} 
DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\2u6e3jh4.default-1448390260118
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-11-04] (Best Buy)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-03] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-11-04] (Best Buy)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3214213031-1856194109-730637721-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll [No File]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2016-05-10]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\Alwil Software\Avast5\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\Alwil Software\Avast5\SafePrice\FF [2016-05-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\Alwil Software\Avast5\SafePrice\FF
 
Chrome: 
=======
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Atari - Lunar Lander) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aheampccjiggeiflpcjolbabpohbpclg [2015-06-16]
CHR Extension: (Google Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-20]
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-24]
CHR Extension: (Google Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Video Downloader professional) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-02-04]
CHR Extension: (Avast SafePrice) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-10-31]
CHR Extension: (Google Sheets) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Space Invaders) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghegbciicdkchepaicdacaakfgjgjkdm [2015-06-16]
CHR Extension: (Avast Online Security) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-03]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-02-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-02]
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-02]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-05-27]
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-02]
CHR Extension: (Adblock Plus) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-02]
CHR Extension: (Google Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-02]
CHR Extension: (Video Downloader professional) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-01-09]
CHR Extension: (Google Sheets) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-02]
CHR Extension: (Google Docs Offline) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Avast Online Security) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-04]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-02]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChromeSp.crx [2016-05-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2016-05-10]
StartMenuInternet: Google Chrome.JQYLSHKYCPN5EZQKRGRNCQUTOE - C:\Users\Avicka\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [243296 2016-05-10] (AVAST Software)
R2 avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [370656 2016-05-10] (AVAST Software)
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR)
S3 PonoMusic World 20 Service; C:\Program Files (x86)\J River\PonoMusic World 20\JRService.exe [399664 2015-08-20] (JRiver, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [245760 2011-02-17] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-10] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-10] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [28312 2016-05-10] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [536312 2016-05-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-10] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-07-11] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-10] (AVAST Software)
R0 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24824 2007-06-04] (Cyberlink Co.,Ltd.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir3.sys [33792 2010-06-03] (Hauppauge Computer Works, Inc.)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2016-05-15] (CACE Technologies, Inc.)
S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2015-12-29] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
U4 VBoxAswDrv; \??\C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-15 08:34 - 2016-06-15 08:45 - 00000000 ____D C:\Users\Ben\Downloads\BleepingComputer
2016-06-15 00:12 - 2016-06-15 08:45 - 00000000 ____D C:\FRST
2016-06-14 19:43 - 2016-05-13 15:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-14 19:43 - 2016-05-13 15:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-14 19:43 - 2016-05-13 15:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-14 19:43 - 2016-05-13 15:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-14 19:43 - 2016-05-13 15:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-14 19:43 - 2016-05-13 14:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-14 19:43 - 2016-05-13 14:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-14 19:43 - 2016-05-13 14:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-14 19:43 - 2016-05-13 14:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-14 19:43 - 2016-05-13 14:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-14 19:43 - 2016-05-12 10:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-14 19:43 - 2016-05-12 10:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-14 19:43 - 2016-05-12 10:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-14 19:43 - 2016-05-12 10:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-14 19:43 - 2016-05-12 10:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-14 19:43 - 2016-05-12 10:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-14 19:43 - 2016-05-12 10:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-14 19:43 - 2016-05-12 10:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-14 19:43 - 2016-05-12 10:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-14 19:43 - 2016-05-12 08:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-14 19:43 - 2016-05-12 08:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-14 19:43 - 2016-05-12 07:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-14 19:43 - 2016-05-12 07:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-14 19:43 - 2016-05-12 07:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-14 19:43 - 2016-05-12 07:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-14 19:43 - 2016-05-12 07:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-14 19:43 - 2016-05-12 07:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-14 19:43 - 2016-05-12 07:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-14 19:43 - 2016-05-12 07:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-14 19:43 - 2016-05-12 07:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-14 19:43 - 2016-05-12 06:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-14 19:43 - 2016-05-12 06:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-14 19:43 - 2016-05-12 06:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-14 19:43 - 2016-05-11 10:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-14 19:43 - 2016-05-11 10:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-14 19:43 - 2016-05-11 10:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-14 19:43 - 2016-05-11 10:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-14 19:43 - 2016-05-11 08:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-14 19:43 - 2016-05-11 08:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-14 19:43 - 2016-05-11 08:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-14 19:43 - 2016-05-11 08:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-14 19:43 - 2016-05-11 08:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-14 19:43 - 2016-05-11 08:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-14 19:43 - 2016-05-11 07:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-14 19:42 - 2016-05-23 16:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-14 19:42 - 2016-05-23 15:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-14 19:42 - 2016-05-21 10:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-14 19:42 - 2016-05-21 09:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-14 19:42 - 2016-05-20 15:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-14 19:42 - 2016-05-20 15:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-14 19:42 - 2016-05-20 15:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-14 19:42 - 2016-05-20 15:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-14 19:42 - 2016-05-20 15:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-14 19:42 - 2016-05-20 15:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-14 19:42 - 2016-05-20 15:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-14 19:42 - 2016-05-20 15:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-14 19:42 - 2016-05-20 15:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-14 19:42 - 2016-05-20 15:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-14 19:42 - 2016-05-20 15:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-14 19:42 - 2016-05-20 14:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-14 19:42 - 2016-05-20 14:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-14 19:42 - 2016-05-20 14:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-14 19:42 - 2016-05-20 14:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-14 19:42 - 2016-05-20 14:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-14 19:42 - 2016-05-20 14:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-14 19:42 - 2016-05-20 14:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-14 19:42 - 2016-05-20 14:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-14 19:42 - 2016-05-20 14:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-14 19:42 - 2016-05-20 14:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-14 19:42 - 2016-05-20 14:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-14 19:42 - 2016-05-20 14:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-14 19:42 - 2016-05-20 14:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-14 19:42 - 2016-05-20 14:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-14 19:42 - 2016-05-20 14:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-14 19:42 - 2016-05-20 14:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-14 19:42 - 2016-05-20 14:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-14 19:42 - 2016-05-20 14:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-14 19:42 - 2016-05-20 14:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-14 19:42 - 2016-05-20 14:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-14 19:42 - 2016-05-20 14:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-14 19:42 - 2016-05-20 14:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-14 19:42 - 2016-05-20 14:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-14 19:42 - 2016-05-20 14:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-14 19:42 - 2016-05-20 14:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-14 19:42 - 2016-05-20 14:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-14 19:42 - 2016-05-20 14:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-14 19:42 - 2016-05-20 14:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-14 19:42 - 2016-05-20 14:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-14 19:42 - 2016-05-20 14:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-14 19:42 - 2016-05-20 14:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-14 19:42 - 2016-05-20 14:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-14 19:42 - 2016-05-20 14:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-14 19:42 - 2016-05-20 14:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-14 19:42 - 2016-05-20 14:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-14 19:42 - 2016-05-20 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-14 19:42 - 2016-05-20 14:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-14 19:42 - 2016-05-20 14:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-14 19:42 - 2016-05-20 14:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-14 19:42 - 2016-05-20 14:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-14 19:42 - 2016-05-20 14:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-14 19:42 - 2016-05-20 14:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-14 19:42 - 2016-05-20 14:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-14 19:42 - 2016-05-20 14:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-14 19:42 - 2016-05-20 14:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-14 19:42 - 2016-05-20 13:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-14 19:42 - 2016-05-20 13:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-14 19:42 - 2016-05-20 13:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-14 19:42 - 2016-05-20 13:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-14 19:42 - 2016-05-20 13:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-14 19:42 - 2016-05-20 13:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-11 21:45 - 2016-06-11 21:52 - 00000151 _____ C:\Users\Ben\Documents\ArrisModem.txt
2016-06-11 21:12 - 2016-06-11 21:12 - 00227338 _____ C:\Users\Ben\Downloads\Arris_DG1670A_AWG_Modem_Router.pdf
2016-06-11 16:37 - 2016-06-11 16:39 - 00208696 _____ C:\TDSSKiller.3.1.0.9_11.06.2016_16.37.02_log.txt
2016-06-11 16:25 - 2016-06-15 08:22 - 00476936 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-11 12:06 - 2016-06-11 12:06 - 00131808 _____ C:\Users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-11 11:58 - 2016-06-11 11:58 - 00018186 _____ C:\Users\Ben\Documents\cc_20160611_115812.reg
2016-06-11 11:38 - 2016-06-11 11:38 - 06893008 _____ (Piriform Ltd) C:\Users\Ben\Downloads\ccsetup518.exe
2016-06-10 08:34 - 2016-06-10 08:34 - 02854758 _____ C:\Users\Ben\Downloads\gccc36_1nl.pdf
2016-06-07 21:26 - 2016-06-07 21:26 - 11351885 _____ C:\Users\Ben\Downloads\fios-qgr-userguide140925.pdf
2016-05-27 23:00 - 2016-05-27 23:00 - 00000140 _____ C:\Users\Ben\Documents\GambobLimeric.txt
2016-05-25 19:46 - 2016-05-25 19:46 - 25430664 _____ (J. River, Inc.) C:\Users\Ben\Downloads\PonoMusicWorld.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-15 08:46 - 2016-01-19 19:49 - 00000000 ____D C:\Users\Ben\AppData\Roaming\KeePass
2016-06-15 08:37 - 2015-02-03 20:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-15 08:36 - 2015-10-14 18:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-15 08:34 - 2009-07-13 21:45 - 00022656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-15 08:34 - 2009-07-13 21:45 - 00022656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-15 08:30 - 2009-07-13 22:13 - 00753288 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-15 08:30 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-06-15 08:29 - 2011-06-24 20:55 - 00000000 ____D C:\Users\Ben\Documents\Outlook Files
2016-06-15 08:28 - 2015-02-03 20:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-15 08:22 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-15 01:00 - 2013-08-14 00:14 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 00:54 - 2011-06-14 18:50 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-14 23:39 - 2016-02-21 16:13 - 00000000 ____D C:\Users\Ben\Downloads\Axanar
2016-06-14 22:16 - 2015-03-20 18:24 - 00000000 ____D C:\Users\Ben\AppData\Roaming\vlc
2016-06-14 21:57 - 2011-06-14 22:53 - 00000000 ___HD C:\lviewpro
2016-06-14 08:26 - 2016-05-05 22:48 - 00000000 ____D C:\Users\Ben\Documents\db
2016-06-11 16:41 - 2011-06-14 17:05 - 00000000 ____D C:\Users\Ben\AppData\Local\VirtualStore
2016-06-11 11:41 - 2015-05-30 15:21 - 00000788 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-06-10 18:52 - 2014-04-10 20:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-09 22:57 - 2016-05-15 18:03 - 00002068 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2016-06-09 22:57 - 2016-05-15 18:03 - 00002050 _____ C:\Users\Public\Desktop\NETGEAR Genie.lnk
2016-06-09 22:57 - 2016-03-16 23:01 - 00001224 _____ C:\Users\Ben\Desktop\Paint.lnk
2016-06-09 22:57 - 2016-03-02 23:15 - 00001143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-09 22:57 - 2016-03-02 23:15 - 00001125 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-06-09 22:57 - 2016-01-19 19:20 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2016-06-09 22:57 - 2016-01-19 19:20 - 00001111 _____ C:\Users\Ben\Desktop\KeePass 2.lnk
2016-06-09 22:57 - 2015-11-21 00:23 - 00001320 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2016-06-09 22:57 - 2015-11-07 12:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-09 22:57 - 2015-11-07 12:08 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-06-09 22:57 - 2015-09-20 10:34 - 00001854 _____ C:\Users\Ben\Desktop\My Printer.lnk
2016-06-09 22:57 - 2015-08-14 11:32 - 00002101 _____ C:\Users\Ben\Desktop\MP Navigator EX 5.0.lnk
2016-06-09 22:57 - 2015-07-03 20:59 - 00001036 _____ C:\Users\Public\Desktop\IntelliJ IDEA Community Edition 14.1.4.lnk
2016-06-09 22:57 - 2015-03-20 18:24 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-06-09 22:57 - 2015-02-14 16:27 - 00002105 _____ C:\Users\Public\Desktop\PonoMusic World 20.lnk
2016-06-09 22:57 - 2015-02-03 20:45 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-09 22:57 - 2015-02-03 20:45 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-09 22:57 - 2015-01-30 16:45 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-09 22:57 - 2015-01-30 16:45 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-09 22:57 - 2014-11-22 15:50 - 00001937 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2016-06-09 22:57 - 2014-10-26 13:49 - 00001397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-06-09 22:57 - 2014-10-26 13:49 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-06-09 22:57 - 2014-04-10 20:20 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-09 22:57 - 2014-03-14 20:17 - 00002509 _____ C:\Users\Public\Desktop\Skype.lnk
2016-06-09 22:57 - 2014-01-06 22:07 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2016-06-09 22:57 - 2013-08-04 12:31 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-06-09 22:57 - 2012-10-02 22:51 - 00002075 _____ C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2016-06-09 22:57 - 2012-10-02 22:50 - 00002340 _____ C:\Users\Public\Desktop\Canon MG6200 series On-screen Manual.lnk
2016-06-09 22:57 - 2012-09-16 15:03 - 00000942 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-06-09 22:57 - 2012-07-28 13:18 - 00002200 _____ C:\Users\Public\Desktop\Play Jewel Quest II.lnk
2016-06-09 22:57 - 2012-07-01 12:25 - 00001598 _____ C:\Users\Ben\Desktop\DISK STATION.lnk
2016-06-09 22:57 - 2012-02-16 00:35 - 00000855 _____ C:\Users\Ben\Desktop\eclipse.exe - Shortcut.lnk
2016-06-09 22:57 - 2011-10-14 15:28 - 00000983 _____ C:\Users\Public\Desktop\Beyond Compare 3.lnk
2016-06-09 22:57 - 2011-10-08 18:52 - 00001160 _____ C:\Users\Public\Desktop\Synology Assistant.lnk
2016-06-09 22:57 - 2011-08-09 22:10 - 00000351 _____ C:\Users\Ben\Desktop\Network - Shortcut.lnk
2016-06-09 22:57 - 2011-08-01 21:51 - 00002090 _____ C:\Users\Public\Desktop\I SPY Spooky Mansion Deluxe.lnk
2016-06-09 22:57 - 2011-06-24 20:46 - 00003011 _____ C:\Users\Ben\Desktop\Microsoft Outlook 2010.lnk
2016-06-09 22:57 - 2011-06-16 22:24 - 00001311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2016-06-09 22:57 - 2011-06-16 22:23 - 00001380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2016-06-09 22:57 - 2011-06-16 13:36 - 00000596 _____ C:\Users\Ben\Desktop\JDev.lnk
2016-06-09 22:57 - 2011-06-14 22:04 - 00000953 _____ C:\Users\Ben\Desktop\Ben.lnk
2016-06-09 22:57 - 2011-06-14 20:49 - 00001448 _____ C:\Users\Ben\Desktop\Command Prompt.lnk
2016-06-09 22:57 - 2011-06-14 20:48 - 00000967 _____ C:\Users\Public\Desktop\Programmer's Notepad.lnk
2016-06-09 22:57 - 2011-06-14 17:05 - 00001395 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-09 22:57 - 2011-05-26 18:38 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-06-09 22:57 - 2011-05-26 18:38 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-06-09 22:57 - 2011-05-26 17:00 - 00002144 _____ C:\Users\Public\Desktop\Roxio Creator Starter.lnk
2016-06-09 22:57 - 2011-05-26 16:53 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
2016-06-09 22:57 - 2009-07-13 22:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-06-09 22:57 - 2009-07-13 21:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-06-09 22:57 - 2009-07-13 21:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-06-09 22:57 - 2009-07-13 21:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-06-09 22:57 - 2009-07-13 21:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-06-09 22:57 - 2009-07-13 21:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-06-09 22:22 - 2014-04-10 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-09 22:22 - 2014-04-10 20:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-09 21:29 - 2013-05-21 12:06 - 00000000 ____D C:\Users\Ben\AppData\Local\NETGEARGenie
2016-06-05 13:07 - 2012-07-08 13:26 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-06-01 19:05 - 2014-10-26 13:49 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-05-28 16:29 - 2011-09-01 09:03 - 00131808 _____ C:\Users\Avicka\AppData\Local\GDIPFONTCACHEV1.DAT
 
==================== Files in the root of some directories =======
 
2015-12-31 00:23 - 2015-12-31 00:23 - 0001476 _____ () C:\Users\Ben\AppData\Local\recently-used.xbel
2011-07-23 10:14 - 2011-07-23 10:14 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2011-06-19 15:41 - 2011-06-19 15:41 - 0000252 _____ () C:\ProgramData\FastPics.log
2012-09-30 16:38 - 2012-09-30 16:38 - 0000343 _____ () C:\ProgramData\lxed.log
2011-09-15 16:45 - 2012-02-24 10:10 - 0000923 _____ () C:\ProgramData\lxedDiagnostics.log
2011-06-19 15:48 - 2012-09-29 22:30 - 0132552 _____ () C:\ProgramData\lxedJSW.log
2011-06-19 15:39 - 2012-09-30 16:38 - 0086814 _____ () C:\ProgramData\lxedscan.log
2011-07-23 10:14 - 2011-07-23 10:14 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2012-02-03 00:11 - 2016-02-10 22:30 - 0001415 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-05-11 16:18 - 2012-05-11 16:18 - 1637508 _____ () C:\ProgramData\SPL301A.tmp
2011-12-18 00:45 - 2011-12-18 00:45 - 32492537 _____ () C:\ProgramData\SPL953F.tmp
2011-11-10 18:45 - 2011-11-10 18:45 - 0145666 _____ () C:\ProgramData\SPLFF55.tmp
2011-06-19 15:38 - 2011-06-19 15:38 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Some files in TEMP:
====================
C:\Users\Avicka\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Cynde\AppData\Local\Temp\InstallPlugin.exe
C:\Users\Cynde\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-07 20:59
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 PM

Posted 20 June 2016 - 11:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/617402 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 NoVirusJoe

NoVirusJoe
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 20 June 2016 - 10:04 PM

Thank you HelpBot for letting me know I haven't been forgotten!

 

I will try to make my problem description more clear. In summary I believe I have two different problems, I am unsure if they are related.

 

==========> PROBLEM #1: I have 4 different desktop computers in my house. 2xWin7, 1xWin8.1, and 1xWin10. At different times of day, the 2xWin7 computers, and the 1xWin8.1 computer, attempt to login to my router using a combination of different usernames (and presumably passwords). The Win10 computer does not exhibit this behavior, but it is new and may not have been affected yet by whatever is causing this problem. Each time a given computer performs these logins (approximately every 24-26 hours), it performs roughly three dozen logins, and it is always the identical pattern of usernames.

 

Obviously debugging this problem on different computers will be alot of work, so my hope is to focus on one computer, my primary computer. If we can get to the bottom of this problem there, I am hoping we can apply the same solution to the other systems, since the behavior is identical in each case. 

 

What is particularly interesting is the pattern of usernames, which are always in the same order:

 

- user

- sysadm

- support

- smc

- root

- manager

 

etc.

 

Rather than cutting/pasting my router log, which loses formatting and is hard to read, I have attached a screenshot, FailedRouterLoginsBen.jpg, which should be easier to read. If you look at the screenshot, there are many other curious usernames (ASDL, DXDSL, TMARDLKT93319) that are attempted. It even tries username " " (yes a blank) and it tries it 5 times. When it gets to user admin, it tries 25 times. Always the same pattern of behavior, which makes me wonder if it's some type of diagnostic tool. It seems like if something was really trying to break in it would vary the frequency, number of attempts, and usernames. But that's just a theory on my part. This is why I mentioned the RouterHunterBR script that I found, it's almost like it's something like this that's running in the background or something.

 

==========> PROBLEM #2: Semi-continuous DoS attacks on my router from different IP addresses. Sometimes it is the TWC DNS servers, which makes no sense to me. But there is a suspicious setting that might have something to do with this. I have a Netgear C7000-100NAS, On the WAN Setup page, there is a checkbox setting "Disable port scan and DoS Protection". This came new with the setting checked, meaning that this was disabled. I did some research, and found people indicating that this should definitely be un-checked - meaning I do not want to disable this protection. (I hate the confusing double-negative wording with these settings!!) But I am wondering if this setting is somehow not working properly, and causing "fake" DoS attack warnings. I have attached two more screenshots, illustrating the DoS attacks (DoSAttacks.jpg) and the settings (DoS-Settings.jpg).

 

 

I have spent numerous hours Googling these problems and really am stumped about how to proceed. Your help will be sincerely appreciated, thank you.

 

Per HelpBot's request, I acquired a fresh copy of FRST64.exe and re-ran it. Output of FRST.txt is below, and I have attached Addition.txt per the instructions.

 

========================= START OF FRST.txt =======================================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2016 01
Ran by Ben (administrator) on TANAGRA (20-06-2016 19:50:33)
Running from C:\Users\Ben\Downloads\BleepingComputer
Loaded Profiles: Ben (Available Profiles: Ben & Cynde & Avicka & Keyth)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\afwServ.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Flux Software LLC) C:\Users\Ben\AppData\Local\FluxSoftware\Flux\flux.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [7405752 2016-06-10] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [75264 2016-04-19] ()
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2770944 2016-05-07] (Dominik Reichl)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\Run: [f.lux] => C:\Users\Ben\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.)
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\MountPoints2: {0ed09d1a-c5a4-11e2-b2e6-782bcb941e2a} - G:\PortaStore.exe
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2016-05-10] (AVAST Software)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-02-03]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-02-03]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{67E51CC1-1563-4066-9399-46A7539A8D48}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{E97F04AE-A847-4E62-9E6D-EEA95B12D165}: [NameServer] 77.234.40.79
 
Internet Explorer:
==================
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-07-03] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2016-05-10] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-03] (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2016-05-10] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKU\S-1-5-21-3214213031-1856194109-730637721-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3214213031-1856194109-730637721-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} 
DPF: HKLM-x32 {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} 
DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\2u6e3jh4.default-1448390260118
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-16] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-11-04] (Best Buy)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-03] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-11-04] (Best Buy)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3214213031-1856194109-730637721-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll [No File]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2016-05-10]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\Alwil Software\Avast5\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\Alwil Software\Avast5\SafePrice\FF [2016-05-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\Alwil Software\Avast5\SafePrice\FF
 
Chrome: 
=======
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Atari - Lunar Lander) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aheampccjiggeiflpcjolbabpohbpclg [2015-06-16]
CHR Extension: (Google Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-20]
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-24]
CHR Extension: (Google Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Video Downloader professional) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-02-04]
CHR Extension: (Avast SafePrice) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-10-31]
CHR Extension: (Google Sheets) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Space Invaders) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghegbciicdkchepaicdacaakfgjgjkdm [2015-06-16]
CHR Extension: (Avast Online Security) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-03]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-02-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-02]
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-02]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-05-27]
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-02]
CHR Extension: (Adblock Plus) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-02]
CHR Extension: (Google Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-02]
CHR Extension: (Video Downloader professional) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-01-09]
CHR Extension: (Google Sheets) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-02]
CHR Extension: (Google Docs Offline) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Avast Online Security) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-04]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-02]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChromeSp.crx [2016-05-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2016-05-10]
StartMenuInternet: Google Chrome.JQYLSHKYCPN5EZQKRGRNCQUTOE - C:\Users\Avicka\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [243296 2016-05-10] (AVAST Software)
R2 avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [370656 2016-05-10] (AVAST Software)
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR)
S3 PonoMusic World 20 Service; C:\Program Files (x86)\J River\PonoMusic World 20\JRService.exe [399664 2015-08-20] (JRiver, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [245760 2011-02-17] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-10] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-10] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [28312 2016-05-10] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [536312 2016-05-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-10] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-07-11] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-10] (AVAST Software)
R0 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24824 2007-06-04] (Cyberlink Co.,Ltd.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir3.sys [33792 2010-06-03] (Hauppauge Computer Works, Inc.)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2016-05-15] (CACE Technologies, Inc.)
S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2015-12-29] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
U4 VBoxAswDrv; \??\C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-19 18:05 - 2016-06-19 18:05 - 10196965 _____ C:\Users\Ben\Downloads\Paramount_Pictures_Corporation_v_Axanar_Productions_Inc_et_al__cacdce-15-09938__0026.0.pdf
2016-06-16 20:26 - 2016-06-16 20:26 - 27831432 _____ C:\Users\Ben\Downloads\fuu_-win-mg6200-2_2-ea7.exe
2016-06-16 20:22 - 2016-06-16 20:22 - 18615880 _____ C:\Users\Ben\Downloads\mp68-win-mg6200-1_02-ejs.exe
2016-06-16 20:22 - 2016-06-16 20:22 - 16526928 _____ C:\Users\Ben\Downloads\xp68-win-mg6200-5_56a-ejs.exe
2016-06-15 21:43 - 2016-06-15 22:03 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Wireshark
2016-06-15 21:41 - 2016-06-15 21:41 - 00001752 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-06-15 21:41 - 2016-06-15 21:41 - 00001740 _____ C:\Users\Public\Desktop\Wireshark.lnk
2016-06-15 21:40 - 2016-06-15 21:41 - 00000000 ____D C:\Program Files\Wireshark
2016-06-15 21:40 - 2016-06-15 21:40 - 00001593 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-06-15 21:32 - 2016-06-15 21:33 - 47578216 _____ (Wireshark development team) C:\Users\Ben\Downloads\Wireshark-win64-2.0.4.exe
2016-06-15 17:18 - 2016-05-18 09:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 17:18 - 2016-05-18 09:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 08:34 - 2016-06-20 19:50 - 00000000 ____D C:\Users\Ben\Downloads\BleepingComputer
2016-06-15 00:12 - 2016-06-20 19:50 - 00000000 ____D C:\FRST
2016-06-14 19:43 - 2016-05-13 15:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-14 19:43 - 2016-05-13 15:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-14 19:43 - 2016-05-13 15:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-14 19:43 - 2016-05-13 15:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-14 19:43 - 2016-05-13 15:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-14 19:43 - 2016-05-13 14:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-14 19:43 - 2016-05-13 14:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-14 19:43 - 2016-05-13 14:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-14 19:43 - 2016-05-13 14:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-14 19:43 - 2016-05-13 14:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-14 19:43 - 2016-05-12 10:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-14 19:43 - 2016-05-12 10:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-14 19:43 - 2016-05-12 10:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-14 19:43 - 2016-05-12 10:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-14 19:43 - 2016-05-12 10:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-14 19:43 - 2016-05-12 10:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-14 19:43 - 2016-05-12 10:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-14 19:43 - 2016-05-12 10:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-14 19:43 - 2016-05-12 10:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-14 19:43 - 2016-05-12 08:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-14 19:43 - 2016-05-12 08:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-14 19:43 - 2016-05-12 07:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-14 19:43 - 2016-05-12 07:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-14 19:43 - 2016-05-12 07:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-14 19:43 - 2016-05-12 07:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-14 19:43 - 2016-05-12 07:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-14 19:43 - 2016-05-12 07:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-14 19:43 - 2016-05-12 07:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-14 19:43 - 2016-05-12 07:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-14 19:43 - 2016-05-12 07:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-14 19:43 - 2016-05-12 06:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-14 19:43 - 2016-05-12 06:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-14 19:43 - 2016-05-12 06:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-14 19:43 - 2016-05-11 10:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-14 19:43 - 2016-05-11 10:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-14 19:43 - 2016-05-11 10:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-14 19:43 - 2016-05-11 10:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-14 19:43 - 2016-05-11 08:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-14 19:43 - 2016-05-11 08:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-14 19:43 - 2016-05-11 08:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-14 19:43 - 2016-05-11 08:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-14 19:43 - 2016-05-11 08:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-14 19:43 - 2016-05-11 08:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-14 19:43 - 2016-05-11 07:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-14 19:42 - 2016-05-23 16:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-14 19:42 - 2016-05-23 15:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-14 19:42 - 2016-05-21 10:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-14 19:42 - 2016-05-21 09:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-14 19:42 - 2016-05-20 15:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-14 19:42 - 2016-05-20 15:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-14 19:42 - 2016-05-20 15:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-14 19:42 - 2016-05-20 15:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-14 19:42 - 2016-05-20 15:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-14 19:42 - 2016-05-20 15:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-14 19:42 - 2016-05-20 15:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-14 19:42 - 2016-05-20 15:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-14 19:42 - 2016-05-20 15:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-14 19:42 - 2016-05-20 15:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-14 19:42 - 2016-05-20 15:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-14 19:42 - 2016-05-20 14:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-14 19:42 - 2016-05-20 14:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-14 19:42 - 2016-05-20 14:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-14 19:42 - 2016-05-20 14:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-14 19:42 - 2016-05-20 14:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-14 19:42 - 2016-05-20 14:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-14 19:42 - 2016-05-20 14:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-14 19:42 - 2016-05-20 14:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-14 19:42 - 2016-05-20 14:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-14 19:42 - 2016-05-20 14:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-14 19:42 - 2016-05-20 14:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-14 19:42 - 2016-05-20 14:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-14 19:42 - 2016-05-20 14:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-14 19:42 - 2016-05-20 14:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-14 19:42 - 2016-05-20 14:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-14 19:42 - 2016-05-20 14:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-14 19:42 - 2016-05-20 14:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-14 19:42 - 2016-05-20 14:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-14 19:42 - 2016-05-20 14:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-14 19:42 - 2016-05-20 14:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-14 19:42 - 2016-05-20 14:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-14 19:42 - 2016-05-20 14:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-14 19:42 - 2016-05-20 14:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-14 19:42 - 2016-05-20 14:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-14 19:42 - 2016-05-20 14:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-14 19:42 - 2016-05-20 14:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-14 19:42 - 2016-05-20 14:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-14 19:42 - 2016-05-20 14:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-14 19:42 - 2016-05-20 14:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-14 19:42 - 2016-05-20 14:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-14 19:42 - 2016-05-20 14:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-14 19:42 - 2016-05-20 14:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-14 19:42 - 2016-05-20 14:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-14 19:42 - 2016-05-20 14:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-14 19:42 - 2016-05-20 14:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-14 19:42 - 2016-05-20 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-14 19:42 - 2016-05-20 14:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-14 19:42 - 2016-05-20 14:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-14 19:42 - 2016-05-20 14:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-14 19:42 - 2016-05-20 14:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-14 19:42 - 2016-05-20 14:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-14 19:42 - 2016-05-20 14:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-14 19:42 - 2016-05-20 14:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-14 19:42 - 2016-05-20 14:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-14 19:42 - 2016-05-20 14:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-14 19:42 - 2016-05-20 13:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-14 19:42 - 2016-05-20 13:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-14 19:42 - 2016-05-20 13:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-14 19:42 - 2016-05-20 13:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-14 19:42 - 2016-05-20 13:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-14 19:42 - 2016-05-20 13:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-11 21:45 - 2016-06-11 21:52 - 00000151 _____ C:\Users\Ben\Documents\ArrisModem.txt
2016-06-11 21:12 - 2016-06-11 21:12 - 00227338 _____ C:\Users\Ben\Downloads\Arris_DG1670A_AWG_Modem_Router.pdf
2016-06-11 16:37 - 2016-06-11 16:39 - 00208696 _____ C:\TDSSKiller.3.1.0.9_11.06.2016_16.37.02_log.txt
2016-06-11 16:25 - 2016-06-15 08:22 - 00476936 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-11 12:06 - 2016-06-11 12:06 - 00131808 _____ C:\Users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-11 11:58 - 2016-06-11 11:58 - 00018186 _____ C:\Users\Ben\Documents\cc_20160611_115812.reg
2016-06-11 11:38 - 2016-06-11 11:38 - 06893008 _____ (Piriform Ltd) C:\Users\Ben\Downloads\ccsetup518.exe
2016-06-10 08:34 - 2016-06-10 08:34 - 02854758 _____ C:\Users\Ben\Downloads\gccc36_1nl.pdf
2016-06-07 21:26 - 2016-06-07 21:26 - 11351885 _____ C:\Users\Ben\Downloads\fios-qgr-userguide140925.pdf
2016-05-27 23:00 - 2016-05-27 23:00 - 00000140 _____ C:\Users\Ben\Documents\GambobLimeric.txt
2016-05-25 19:46 - 2016-05-25 19:46 - 25430664 _____ (J. River, Inc.) C:\Users\Ben\Downloads\PonoMusicWorld.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-20 19:37 - 2015-02-03 20:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-20 19:37 - 2015-02-03 20:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-20 19:36 - 2015-10-14 18:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-20 18:59 - 2009-07-13 21:45 - 00022656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-20 18:59 - 2009-07-13 21:45 - 00022656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-20 18:52 - 2011-06-24 20:55 - 00000000 ____D C:\Users\Ben\Documents\Outlook Files
2016-06-20 18:50 - 2009-07-13 22:13 - 00753288 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-20 18:50 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-06-20 18:44 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-19 21:28 - 2015-03-20 18:24 - 00000000 ____D C:\Users\Ben\AppData\Roaming\vlc
2016-06-19 17:40 - 2012-07-08 13:26 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-06-19 10:50 - 2016-01-19 19:49 - 00000000 ____D C:\Users\Ben\AppData\Roaming\KeePass
2016-06-17 16:42 - 2015-02-03 20:45 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 16:42 - 2015-02-03 20:45 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-16 22:36 - 2015-10-14 18:52 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-16 22:36 - 2012-04-04 15:27 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-16 22:36 - 2011-06-18 00:07 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-16 20:25 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-06-15 21:40 - 2016-01-13 04:25 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-15 19:04 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-06-15 17:24 - 2016-05-05 22:48 - 00000000 ____D C:\Users\Ben\Documents\db
2016-06-15 01:00 - 2013-08-14 00:14 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 00:54 - 2011-06-14 18:50 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-14 23:39 - 2016-02-21 16:13 - 00000000 ____D C:\Users\Ben\Downloads\Axanar
2016-06-14 21:57 - 2011-06-14 22:53 - 00000000 ___HD C:\lviewpro
2016-06-13 19:31 - 2011-06-14 17:25 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-11 16:41 - 2011-06-14 17:05 - 00000000 ____D C:\Users\Ben\AppData\Local\VirtualStore
2016-06-11 11:41 - 2015-05-30 15:21 - 00000788 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-06-10 18:52 - 2014-04-10 20:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-09 22:57 - 2016-05-15 18:03 - 00002068 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2016-06-09 22:57 - 2016-05-15 18:03 - 00002050 _____ C:\Users\Public\Desktop\NETGEAR Genie.lnk
2016-06-09 22:57 - 2016-03-16 23:01 - 00001224 _____ C:\Users\Ben\Desktop\Paint.lnk
2016-06-09 22:57 - 2016-03-02 23:15 - 00001143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-09 22:57 - 2016-03-02 23:15 - 00001125 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-06-09 22:57 - 2016-01-19 19:20 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2016-06-09 22:57 - 2016-01-19 19:20 - 00001111 _____ C:\Users\Ben\Desktop\KeePass 2.lnk
2016-06-09 22:57 - 2015-11-21 00:23 - 00001320 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2016-06-09 22:57 - 2015-11-07 12:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-09 22:57 - 2015-11-07 12:08 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-06-09 22:57 - 2015-09-20 10:34 - 00001854 _____ C:\Users\Ben\Desktop\My Printer.lnk
2016-06-09 22:57 - 2015-08-14 11:32 - 00002101 _____ C:\Users\Ben\Desktop\MP Navigator EX 5.0.lnk
2016-06-09 22:57 - 2015-07-03 20:59 - 00001036 _____ C:\Users\Public\Desktop\IntelliJ IDEA Community Edition 14.1.4.lnk
2016-06-09 22:57 - 2015-03-20 18:24 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-06-09 22:57 - 2015-02-14 16:27 - 00002105 _____ C:\Users\Public\Desktop\PonoMusic World 20.lnk
2016-06-09 22:57 - 2015-01-30 16:45 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-09 22:57 - 2015-01-30 16:45 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-09 22:57 - 2014-11-22 15:50 - 00001937 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2016-06-09 22:57 - 2014-10-26 13:49 - 00001397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-06-09 22:57 - 2014-10-26 13:49 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-06-09 22:57 - 2014-04-10 20:20 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-09 22:57 - 2014-03-14 20:17 - 00002509 _____ C:\Users\Public\Desktop\Skype.lnk
2016-06-09 22:57 - 2014-01-06 22:07 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2016-06-09 22:57 - 2013-08-04 12:31 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-06-09 22:57 - 2012-10-02 22:51 - 00002075 _____ C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2016-06-09 22:57 - 2012-10-02 22:50 - 00002340 _____ C:\Users\Public\Desktop\Canon MG6200 series On-screen Manual.lnk
2016-06-09 22:57 - 2012-09-16 15:03 - 00000942 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-06-09 22:57 - 2012-07-28 13:18 - 00002200 _____ C:\Users\Public\Desktop\Play Jewel Quest II.lnk
2016-06-09 22:57 - 2012-07-01 12:25 - 00001598 _____ C:\Users\Ben\Desktop\DISK STATION.lnk
2016-06-09 22:57 - 2012-02-16 00:35 - 00000855 _____ C:\Users\Ben\Desktop\eclipse.exe - Shortcut.lnk
2016-06-09 22:57 - 2011-10-14 15:28 - 00000983 _____ C:\Users\Public\Desktop\Beyond Compare 3.lnk
2016-06-09 22:57 - 2011-10-08 18:52 - 00001160 _____ C:\Users\Public\Desktop\Synology Assistant.lnk
2016-06-09 22:57 - 2011-08-09 22:10 - 00000351 _____ C:\Users\Ben\Desktop\Network - Shortcut.lnk
2016-06-09 22:57 - 2011-08-01 21:51 - 00002090 _____ C:\Users\Public\Desktop\I SPY Spooky Mansion Deluxe.lnk
2016-06-09 22:57 - 2011-06-24 20:46 - 00003011 _____ C:\Users\Ben\Desktop\Microsoft Outlook 2010.lnk
2016-06-09 22:57 - 2011-06-16 22:24 - 00001311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2016-06-09 22:57 - 2011-06-16 22:23 - 00001380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2016-06-09 22:57 - 2011-06-16 13:36 - 00000596 _____ C:\Users\Ben\Desktop\JDev.lnk
2016-06-09 22:57 - 2011-06-14 22:04 - 00000953 _____ C:\Users\Ben\Desktop\Ben.lnk
2016-06-09 22:57 - 2011-06-14 20:49 - 00001448 _____ C:\Users\Ben\Desktop\Command Prompt.lnk
2016-06-09 22:57 - 2011-06-14 20:48 - 00000967 _____ C:\Users\Public\Desktop\Programmer's Notepad.lnk
2016-06-09 22:57 - 2011-06-14 17:05 - 00001395 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-09 22:57 - 2011-05-26 18:38 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-06-09 22:57 - 2011-05-26 18:38 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-06-09 22:57 - 2011-05-26 17:00 - 00002144 _____ C:\Users\Public\Desktop\Roxio Creator Starter.lnk
2016-06-09 22:57 - 2011-05-26 16:53 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
2016-06-09 22:57 - 2009-07-13 22:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-06-09 22:57 - 2009-07-13 21:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-06-09 22:57 - 2009-07-13 21:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-06-09 22:57 - 2009-07-13 21:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-06-09 22:57 - 2009-07-13 21:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-06-09 22:57 - 2009-07-13 21:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-06-09 22:22 - 2014-04-10 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-09 22:22 - 2014-04-10 20:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-09 21:29 - 2013-05-21 12:06 - 00000000 ____D C:\Users\Ben\AppData\Local\NETGEARGenie
2016-06-01 19:05 - 2014-10-26 13:49 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-05-28 16:29 - 2011-09-01 09:03 - 00131808 _____ C:\Users\Avicka\AppData\Local\GDIPFONTCACHEV1.DAT
 
==================== Files in the root of some directories =======
 
2015-12-31 00:23 - 2015-12-31 00:23 - 0001476 _____ () C:\Users\Ben\AppData\Local\recently-used.xbel
2011-07-23 10:14 - 2011-07-23 10:14 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2011-06-19 15:41 - 2011-06-19 15:41 - 0000252 _____ () C:\ProgramData\FastPics.log
2012-09-30 16:38 - 2012-09-30 16:38 - 0000343 _____ () C:\ProgramData\lxed.log
2011-09-15 16:45 - 2012-02-24 10:10 - 0000923 _____ () C:\ProgramData\lxedDiagnostics.log
2011-06-19 15:48 - 2012-09-29 22:30 - 0132552 _____ () C:\ProgramData\lxedJSW.log
2011-06-19 15:39 - 2012-09-30 16:38 - 0086814 _____ () C:\ProgramData\lxedscan.log
2011-07-23 10:14 - 2011-07-23 10:14 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2012-02-03 00:11 - 2016-02-10 22:30 - 0001415 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-05-11 16:18 - 2012-05-11 16:18 - 1637508 _____ () C:\ProgramData\SPL301A.tmp
2011-12-18 00:45 - 2011-12-18 00:45 - 32492537 _____ () C:\ProgramData\SPL953F.tmp
2011-11-10 18:45 - 2011-11-10 18:45 - 0145666 _____ () C:\ProgramData\SPLFF55.tmp
2011-06-19 15:38 - 2011-06-19 15:38 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Some files in TEMP:
====================
C:\Users\Avicka\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Cynde\AppData\Local\Temp\InstallPlugin.exe
C:\Users\Cynde\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-17 10:35
 
==================== End of FRST.txt ============================Attached File  FailedRouterLoginsBen.jpg   276.14KB   0 downloadsAttached File  DosAttacks.jpg   179.15KB   0 downloadsAttached File  DoS-Settings.jpg   104.11KB   0 downloadsAttached File  Addition.txt   41.5KB   1 downloads

 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,160 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:50 PM

Posted 22 June 2016 - 01:37 PM

Greetings NoVirusJoe and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Spybot - Search & Destroy

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
C:\ProgramData\Best Buy pc app
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-3214213031-1856194109-730637721-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3214213031-1856194109-730637721-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-11-04] (Best Buy)
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-11-04] (Best Buy)
FF Plugin HKU\S-1-5-21-3214213031-1856194109-730637721-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll [No File]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2016-05-10]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\Alwil Software\Avast5\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\Alwil Software\Avast5\SafePrice\FF [2016-05-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\Alwil Software\Avast5\SafePrice\FF
CHR Extension: (Avast SafePrice) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-10-31]
U4 AvastVBoxSvc; "C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe" [X]
U4 VBoxAswDrv; \??\C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [X]
2012-05-11 16:18 - 2012-05-11 16:18 - 1637508 _____ () C:\ProgramData\SPL301A.tmp
2011-12-18 00:45 - 2011-12-18 00:45 - 32492537 _____ () C:\ProgramData\SPL953F.tmp
2011-11-10 18:45 - 2011-11-10 18:45 - 0145666 _____ () C:\ProgramData\SPLFF55.tmp
C:\Users\Avicka\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Cynde\AppData\Local\Temp\InstallPlugin.exe
C:\Users\Cynde\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Adware Removal Tool by TSA

--------------------
  • Downlaod Adware Removal Tool and save it to your Desktop
  • Richt click on the icon and select Run as administrator
  • Select Yes, I agree
  • Click Scan
  • If objects are found click OK
  • Review the log and uncheck any items you want to keep (somewhat uncommon)
  • Click Clean
  • If requested click OK to close any open browsers
  • Click OK after the cleaning process has Successfully Finished
  • Click Save this Result and save the file onto your Desktop as ART.txt
  • Confirm the file was successfully saved
  • Click Finished then close the browser that will open
  • Copy and paste ART.txt in your reply
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed you will see Pending. Please check elements you don't want to remove above the progress bar
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click on Cleaning
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
===================================================

Running Chkdsk /r From Command Prompt with Report

--------------------
  • Close any open programs
  • Click Start, type cmd, then press the Shift, Ctrl, + Enter keys at the same time
  • An Administrator Command Prompt window should open
  • Copy and paste the following after the Command Prompt and press Enter

CMD /C ECHO Y|CHKDSK /R C: /R | SHUTDOWN /R /T 10

  • Please allow the system to reboot on its own and run the program. This may take a bit of time
  • When completed your system will automatically reboot
  • Press the windows key Windows_Logo_key.gif + R on your keyboard at the same time
  • Type powershell.exe and press Enter
  • Copy and paste the following after the Command Prompt and press Enter

get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername match "wininit"} | fl timecreated, message | out-file Desktop\CHKDSKResults.txt

  • A document named CHKDSKResults.txt will be created on your Desktop
  • Copy and paste the contents of the document in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Program uninstall?
  • Fixlog
  • Adware Removal Tool report
  • AdwCleaner report
  • chkdsk information
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 NoVirusJoe

NoVirusJoe
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 23 June 2016 - 12:17 AM

Hi Gary,

 

My name is Ben. Thank you so very much for your help!!!

 

I tried to follow your instructions to the letter, I ran into a couple of issues. Here is a brief summary of everything you wanted me to do:

 

1) Program Uninstall?  -  Spybot successfully uninstalled

2) Fixlog.txt - copy and pasted below

3) Adware Removal Tool Report - copy and pasted below

4) AdwCleaner Report - copy and pasted below

5) Chkdsk /r - this is where things went south. I copy/pasted the command:

 

CMD /C ECHO Y|CHKDSK /R C: /R | SHUTDOWN /R /T 10

 

into an administrator command prompt, and I got an immediate popup: "Windows will shutdown in less than a minute". Which it did (I looked carefully for any error messages from the command, there were none). PC rebooted normally, I logged in, and waited. I am familiar with chkdsk, but unfamiliar with running it this way. It seems like it skipped the chkdsk and just went right to the SHUTDOWN command. Please let me know if I should run the chkdsk command on its own instead or if I did something else wrong.

 

I continued with the instructions, using powershell, but got an error running the powershell command. I took a screenshot, which appears like a syntax error. I thought I was very careful copy/pasting the command, perhaps I made a mistake?  I have attached the screenshot to this reply.Attached File  powershell-error.jpg   79.46KB   0 downloads

 

6) System Summary - zipped and attached to this reply.Attached File  Summary.zip   61.03KB   1 downloads

 

7) Update on computer behavior - I just completed the above steps, but I will be watchful for changes.

 

As I originally reported, I actually had 2 problems:

 

(1) Multiple logins to my router from different computers - still happening, although it's been over 24 hours since this happened on my computer (my son's computer just did a few minutes ago, but I hope you'll agree it's best to work on one computer at a time!)

 

(2) DoS attacks - greatly reduced, but this is maybe something I did. I apologize, but before I heard from you, last night I selected the setting "Disable Port Scan and DoS Protection" in my router screen (restoring this setting to factory default), and this seems to have eliminated most of the "fake" DoS attacks from IPs like my ISP DNS servers. I did this because my Netgear router C7000 as well as other similar Netgear routers do not implement this feature well, something I learned from several different groups. I am still getting "teardrop" DoS attacks and a few others, but they are greatly reduced. If you want me to put my router back how it was when I reported this, I will do so.

 

Other than the DoS setting on the router, I haven't changed any settings on my computer or the other computers, and won't change anything else until I hear from you.

 

THANK YOU AGAIN GARY FOR YOUR HELP!!! 

 

============ fixlog.txt =================

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by Ben (2016-06-22 20:27:41) Run:1
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben (Available Profiles: Ben & Cynde & Avicka & Keyth)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
C:\ProgramData\Best Buy pc app
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-3214213031-1856194109-730637721-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3214213031-1856194109-730637721-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-11-04] (Best Buy)
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-11-04] (Best Buy)
FF Plugin HKU\S-1-5-21-3214213031-1856194109-730637721-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll [No File]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2016-05-10]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\Alwil Software\Avast5\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\Alwil Software\Avast5\SafePrice\FF [2016-05-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\Alwil Software\Avast5\SafePrice\FF
CHR Extension: (Avast SafePrice) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-10-31]
U4 AvastVBoxSvc; "C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe" [X]
U4 VBoxAswDrv; \??\C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [X]
2012-05-11 16:18 - 2012-05-11 16:18 - 1637508 _____ () C:\ProgramData\SPL301A.tmp
2011-12-18 00:45 - 2011-12-18 00:45 - 32492537 _____ () C:\ProgramData\SPL953F.tmp
2011-11-10 18:45 - 2011-11-10 18:45 - 0145666 _____ () C:\ProgramData\SPLFF55.tmp
C:\Users\Avicka\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Cynde\AppData\Local\Temp\InstallPlugin.exe
C:\Users\Cynde\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found. 
C:\ProgramData\Best Buy pc app => moved successfully
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. 
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value removed successfully
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => key not found. 
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
"HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0" => key removed successfully
"C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll" => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0" => key removed successfully
C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll => not found.
"HKU\S-1-5-21-3214213031-1856194109-730637721-1002\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin" => key removed successfully
C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\wrc@avast.com => value removed successfully
 
"C:\Program Files\Alwil Software\Avast5\WebRep\FF" folder move:
 
Could not move "C:\Program Files\Alwil Software\Avast5\WebRep\FF" => Scheduled to move on reboot.
 
HKLM\Software\Mozilla\Firefox\Extensions\\sp@avast.com => value removed successfully
 
"C:\Program Files\Alwil Software\Avast5\SafePrice\FF" folder move:
 
Could not move "C:\Program Files\Alwil Software\Avast5\SafePrice\FF" => Scheduled to move on reboot.
 
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\wrc@avast.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\sp@avast.com => value removed successfully
C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => moved successfully
AvastVBoxSvc => service could not remove
VBoxAswDrv => service could not remove
C:\ProgramData\SPL301A.tmp => moved successfully
C:\ProgramData\SPL953F.tmp => moved successfully
C:\ProgramData\SPLFF55.tmp => moved successfully
C:\Users\Avicka\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\Cynde\AppData\Local\Temp\InstallPlugin.exe => moved successfully
C:\Users\Cynde\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => moved successfully
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-06-22 20:31:48)
 
"C:\Program Files\Alwil Software\Avast5\WebRep\FF" => Could not move
"C:\Program Files\Alwil Software\Avast5\SafePrice\FF" => Could not move
 
==== End of Fixlog 20:31:49 ====
 
 
============ ART.txt ===============
 
[-] Deleted ->> File ->> C:\Program Files (x86)\Synology\Assistant\ffmpeg\qt-faststart.exe
 
============ AdwCleaner[C1].txt ==============
 
# AdwCleaner v5.200 - Logfile created 22/06/2016 at 20:50:38
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-22.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Ben - TANAGRA
# Running from : C:\Users\Ben\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\GamesBar
[-] Folder Deleted : C:\Users\Ben\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\Ben\AppData\Roaming\iWin
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Avicka\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Avicka\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1125 bytes] - [22/06/2016 20:50:38]
C:\AdwCleaner\AdwCleaner[S1].txt - [1158 bytes] - [22/06/2016 20:47:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1271 bytes] ##########
 

 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,160 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:50 PM

Posted 23 June 2016 - 08:39 AM

Hi Ben,

Thanks for the detailed work on your part and the explanation.
 

Please let me know if I should run the chkdsk command on its own instead or if I did something else wrong.

No, you didn't do anything wrong and yes run chkdsk the way you are familiar with.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 NoVirusJoe

NoVirusJoe
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 24 June 2016 - 10:50 AM

Hi Gary,

 

Sorry if my reply is a bit tardy - I ran the chkdsk /r command last night - and it took over 6 hours to complete!

 

I didn't see anything alarming as it was running, but upon reboot, I tried the powershell command again to get the log, and got the same syntax error that I posted a screenshot of in my last post. Here is the error, copy/pasted from the powershell window. I tried making the window wider, in case there was some kind of problem with a misplaced line break, but the same error occurs:

 

PS C:\Users\Ben> get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername match "wininit"} |
 fl timecreated, message | out-file Desktop\CHKDSKResults.txt
Unexpected token 'match' in expression or statement.
At line:1 char:91
+ get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername match <<<<  "wininit"} | fl time
created, message | out-file Desktop\CHKDSKResults.txt
    + CategoryInfo          : ParserError: (match:String) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken
 
Unfortunately I'm not familiar with powershell. Is there a different command you'd like me to try to get the chkdsk log?
 
Thanks again for your help!
Ben


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,160 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:50 PM

Posted 24 June 2016 - 10:54 AM

Hi Ben,

Not tardy at all.

I will have to check that command again. We can do it this way.

===================================================

CHKDSK /R Event Viewer logs

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type eventvwr.msc and press Enter
  • On the left side double click Windows logs to expand it
  • Left click on Application
  • Under Actions on the right side click Filter Current Log...
  • In Event Level: check Critical and Warning
  • In Event Sources click the down arrow the check the following:

Chkdsk
Wininit
Winlogon

  • Click the down arrow again to close the drop down list
  • Click OK
  • Click Save Filtered Log File As...
  • Save the file on your Desktop as EventVwr
  • If necessary simply click OK on the Display Information window
  • Upload the EventVwr file here
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Uploaded Event Viewer log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 NoVirusJoe

NoVirusJoe
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 24 June 2016 - 11:07 AM

Hi Gary,

 

Thanks for the super-quick response! I obtained the event viewer log as requested, and posted it to the malware sample link as per your post.

 

Thanks!

Ben



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,160 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:50 PM

Posted 24 June 2016 - 11:11 AM

Thanks Ben, the report looks good.

Can you update me on computer/internet activity behavior?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 NoVirusJoe

NoVirusJoe
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 24 June 2016 - 11:24 AM

Hi Gary,

 

Wow! First rate service! I greatly appreciate your prompt responses.

 

Unfortunately the failed router logins are still happening from my computer to the router. Here is another screenshot from my router logs. For reference, my PC name is Tanagra, my IP is 192.168.1.11:Attached File  FailedRouterLoginsBen2.jpg   162.63KB   0 downloads

 

Some things to keep in mind:

 

- My router login time is one hour behind, presumably due to an incorrect daylight savings time setting (I live in CA, so while the logs says 23:40 for example, it's really 00:40). I can't for the life of me figure out how to set the router's time, so I'm learning to live with it.

 

- Based on the time this happened, this must have been just after the chkdsk command completed and my computer rebooted. I was already asleep when this happened.

 

- The failed logins are still exhibiting the identical behavior as previously. Note the admin login near the bottom of the screenshot - this particular one is always performed 25 times in a row (the value in the second column). In each case, it is the same sequence of usernames, and the same number of attempts.

 

- I prefer screenshots since I find them easier to read (nicely formatted table), but if you'd prefer cut/paste, I can do that, although the output is uglier (IMHO).

 

Thank you again for your prompt attention, Gary!

 

Ben

 

 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,160 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:50 PM

Posted 24 June 2016 - 11:43 AM

Thanks, we aim to please!

We need to do some more digging.

Please do these things.

===================================================

Running Combofix in Vista/7

--------------------
  • Please download ComboFix and save it to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Note: If after disabling Combofix warns you an Antivirus program is still running ignore the warning and run Combofix.
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouse click while the program is running or it may stall.
  • Patiently allow the program to run. At times it may appear nothing is happening
  • Copy and paste the report in your reply
  • If Combofix fails to run completely stop and let me know
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • If you receive a warning you are running a 32 bit version, ignore the warning and click Yes to continue anywar
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Run a fresh FRST scan with Addition.txt checked and post both logs.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • RogueKiller log
  • aswMBR log
  • FRST reports (2)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 NoVirusJoe

NoVirusJoe
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 25 June 2016 - 12:15 AM

Hi Gary,

 

Well, it appears we are getting into the dark side now. (please forgive my drama, but I'm in unknown territory here)

 

1) ComboFix - the first time I ran this, it seemed to be okay, but I got some weird popups at the end, for example: "Warning! Unable to create a backup of the current registry file C:\Windows\system32\config\SOFTWARE ! continue restoration of this file? YES/NO"  I decided to click NO, and got several more popups like this, and clicked NO each time. Then at the end the report indicated that I had Windows Defender enabled (I always forget about this one) SO, I disabled Windows Defender, and my Avast, and ran it again, this time without the popups. I rebooted and re-enabled AVAST and Windows Defender afterwards. The log is below. I also have the log from the first failed attempt, please let me know if you want that one.

 

2) RogueKiller - this did not go quite according to your instructions, but it seemed intuitive enough. It found 6 threats, but your instructions did not indicate what I should do about this. So I thought it best if I stopped here. I have attached screenshots of the threat summary screen Attached File  RK-summary.jpg   62.65KB   0 downloads as well as a report JSON screen Attached File  RK-report.jpg   90.84KB   0 downloads  I have also copy/pasted the report below.

 

Sorry I didn't go further - I just want to be sure where we are, if I should fix the threats from RogueKiller or continue. I haven't run the aswMBR step yet, I'll await your go-ahead.

 

Thanks Gary for your help!!

 

 

====================== ComboFix.txt =======================================

 

 

ComboFix 16-06-01.01 - Ben 06/24/2016  20:53:33.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8174.6506 [GMT -7:00]
Running from: c:\users\Ben\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2016-05-25 to 2016-06-25  )))))))))))))))))))))))))))))))
.
.
2016-06-25 04:03 . 2016-06-25 04:03 -------- d-----w- c:\users\Keyth\AppData\Local\temp
2016-06-25 04:03 . 2016-06-25 04:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-06-25 04:03 . 2016-06-25 04:03 -------- d-----w- c:\users\Cynde\AppData\Local\temp
2016-06-25 04:03 . 2016-06-25 04:03 -------- d-----w- c:\users\Avicka\AppData\Local\temp
2016-06-25 01:06 . 2016-05-26 20:28 11895896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7FAB024E-6884-44E9-BBEA-EE164A3892A1}\mpengine.dll
2016-06-23 03:47 . 2016-06-23 03:55 -------- d-----w- C:\AdwCleaner
2016-06-23 03:36 . 2016-06-23 03:36 290304 ----a-w- c:\windows\SysWow64\subinacl.exe
2016-06-23 03:36 . 2016-06-23 03:36 -------- d-----w- c:\program files (x86)\Adware Removal Tool by TSA
2016-06-16 04:43 . 2016-06-16 05:03 -------- d-----w- c:\users\Ben\AppData\Roaming\Wireshark
2016-06-16 04:40 . 2016-06-16 04:41 -------- d-----w- c:\program files\Wireshark
2016-06-16 00:18 . 2016-05-18 16:10 312832 ----a-w- c:\windows\SysWow64\gdi32.dll
2016-06-16 00:18 . 2016-05-18 16:09 405504 ----a-w- c:\windows\system32\gdi32.dll
2016-06-15 07:12 . 2016-06-23 03:31 -------- d-----w- C:\FRST
2016-05-27 19:19 . 2016-05-27 19:19 225976 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-06-17 05:36 . 2012-04-04 22:27 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-06-17 05:36 . 2011-06-18 07:07 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-06-15 07:54 . 2011-06-15 01:50 142482544 ----a-w- c:\windows\system32\MRT.exe
2016-06-14 02:31 . 2011-06-15 00:25 484008 ------w- c:\windows\system32\MpSigStub.exe
2016-06-11 01:52 . 2014-04-11 03:20 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-16 01:03 . 2013-05-21 19:06 369168 ----a-w- c:\windows\system32\wpcap.dll
2016-05-16 01:03 . 2013-05-21 19:06 35344 ----a-w- c:\windows\system32\drivers\npf.sys
2016-05-16 01:03 . 2013-05-21 19:06 106000 ----a-w- c:\windows\system32\packet.dll
2016-05-11 06:17 . 2016-05-11 06:17 398152 ----a-w- c:\windows\system32\aswBoot.exe
2016-05-11 06:17 . 2014-05-03 03:10 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-05-11 06:17 . 2014-01-03 16:10 166432 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-05-11 06:17 . 2013-03-16 22:29 287528 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-05-11 06:17 . 2013-03-16 22:29 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-05-11 06:17 . 2012-03-25 20:06 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-05-11 06:17 . 2011-06-15 03:13 465792 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-05-11 06:17 . 2011-06-15 03:12 107792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-05-11 06:17 . 2016-05-11 06:17 52184 ----a-w- c:\windows\avastSS.scr
2016-05-11 06:16 . 2016-03-03 06:14 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-05-11 06:16 . 2011-06-15 03:12 1070904 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-05-11 06:16 . 2016-05-11 06:16 28312 ----a-w- c:\windows\system32\drivers\aswNetNd6.sys
2016-05-11 06:16 . 2016-02-12 03:38 536312 ----a-w- c:\windows\system32\drivers\aswNetSec.sys
2016-04-14 13:49 . 2016-05-11 02:47 603648 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2016-04-14 13:21 . 2016-05-11 02:47 647680 ----a-w- c:\windows\system32\d3d10level9.dll
2016-04-09 07:02 . 2016-05-11 02:46 631176 ----a-w- c:\windows\system32\winresume.efi
2016-04-09 07:01 . 2016-05-11 02:46 706280 ----a-w- c:\windows\system32\winload.efi
2016-04-09 07:01 . 2016-05-11 02:46 5546216 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-04-09 07:01 . 2016-05-11 02:47 986344 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2016-04-09 07:01 . 2016-05-11 02:47 264936 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2016-04-09 06:59 . 2016-05-11 02:46 3998952 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2016-04-09 06:59 . 2016-05-11 02:46 3943144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2016-04-09 06:59 . 2016-05-11 02:46 1732864 ----a-w- c:\windows\system32\ntdll.dll
2016-04-09 06:58 . 2016-05-11 02:46 362496 ----a-w- c:\windows\system32\wow64win.dll
2016-04-09 06:58 . 2016-05-11 02:46 243712 ----a-w- c:\windows\system32\wow64.dll
2016-04-09 06:58 . 2016-05-11 02:46 215552 ----a-w- c:\windows\system32\winsrv.dll
2016-04-09 06:58 . 2016-05-11 02:46 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2016-04-09 06:58 . 2016-05-11 02:46 503808 ----a-w- c:\windows\system32\srcore.dll
2016-04-09 06:58 . 2016-05-11 02:46 50176 ----a-w- c:\windows\system32\srclient.dll
2016-04-09 06:58 . 2016-05-11 02:46 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2016-04-09 06:57 . 2016-05-11 02:46 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2016-04-09 06:57 . 2016-05-11 02:46 419840 ----a-w- c:\windows\system32\KernelBase.dll
2016-04-09 06:57 . 2016-05-11 02:46 1163264 ----a-w- c:\windows\system32\kernel32.dll
2016-04-09 06:57 . 2016-05-11 02:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2016-04-09 06:57 . 2016-05-11 02:47 144384 ----a-w- c:\windows\system32\cdd.dll
2016-04-09 06:57 . 2016-05-11 02:46 880640 ----a-w- c:\windows\system32\advapi32.dll
2016-04-09 06:57 . 2016-05-11 02:46 6656 ----a-w- c:\windows\system32\apisetschema.dll
2016-04-09 06:57 . 2016-05-11 02:46 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 59904 ----a-w- c:\windows\system32\appidapi.dll
2016-04-09 06:57 . 2016-05-11 02:46 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 34816 ----a-w- c:\windows\system32\appidsvc.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 1314112 ----a-w- c:\windows\SysWow64\ntdll.dll
2016-04-09 06:54 . 2016-05-11 02:46 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2016-04-09 06:54 . 2016-05-11 02:46 275456 ----a-w- c:\windows\SysWow64\KernelBase.dll
2016-04-09 06:54 . 2016-05-11 02:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2016-04-09 06:54 . 2016-05-11 02:46 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2016-04-09 06:54 . 2016-05-11 02:46 644096 ----a-w- c:\windows\SysWow64\advapi32.dll
2016-04-09 06:54 . 2016-05-11 02:46 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2016-04-09 06:54 . 2016-05-11 02:46 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-04-09 06:54 . 2016-05-11 02:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-06-01 8722136]
"f.lux"="c:\users\Ben\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2016-03-09 611584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2016-06-10 7405752]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-16 452016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
"ProductUpdater"="c:\program files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe" [2016-04-19 75264]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2016-05-07 2770944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" blrun
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"InstantBurn"=c:\progra~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
"BDRegion"=c:\program files (x86)\Cyberlink\Shared Files\brs.exe
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"<NO NAME>"=
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x]
R3 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R3 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
R3 PonoMusic World 20 Service;PonoMusic World 20 Service;c:\program files (x86)\J River\PonoMusic World 20\JRService.exe;c:\program files (x86)\J River\PonoMusic World 20\JRService.exe [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 CLBStor;CLBStor;c:\windows\system32\DRIVERS\CLBStor.sys;c:\windows\SYSNATIVE\DRIVERS\CLBStor.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswNetSec;aswNetSec;c:\windows\system32\drivers\aswNetSec.sys;c:\windows\SYSNATIVE\drivers\aswNetSec.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;Avast Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe;c:\program files\Alwil Software\Avast5\afwServ.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S3 aswNetNd6;Avast Firewall NDIS6 Helper;c:\windows\system32\DRIVERS\aswNetNd6.sys;c:\windows\SYSNATIVE\DRIVERS\aswNetNd6.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-06-17 23:38 1245848 ----a-w- c:\program files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-05-03 14:41 287416 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2016-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 05:36]
.
2016-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 04:10]
.
2016-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 04:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-05-11 06:17 920784 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-15 2779024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: dell.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{E97F04AE-A847-4E62-9E6D-EEA95B12D165}: NameServer = 77.234.40.79
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\2u6e3jh4.default-1448390260118\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Best Buy pc app - c:\programdata\{4B62EC4D-2A7F-43B3-85D9-7E90DFD2694A}\Best Buy pc app Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_192_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_192_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_192_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_192_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.22"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-06-24  21:05:24
ComboFix-quarantined-files.txt  2016-06-25 04:05
ComboFix2.txt  2016-06-25 03:39
.
Pre-Run: 715,957,592,064 bytes free
Post-Run: 715,619,115,008 bytes free
.
- - End Of File - - A1C5A85DCA902DD67E397DD962C95153
A36C5E4F47E84449FF07ED3517B43A31
 
 
====================== RogueKiller log ================================
 
RogueKiller V12.3.5.0 [Jun 22 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ben [Administrator]
Started from : C:\Users\Ben\Desktop\RogueKiller.exe
Mode : Scan -- Date : 06/24/2016 21:39:54
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AvastVBoxSvc ("C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe") -> Found
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VBoxAswDrv (\??\C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys) -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3214213031-1856194109-730637721-1002\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3214213031-1856194109-730637721-1002\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3214213031-1856194109-730637721-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3214213031-1856194109-730637721-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST31500341AS ATA Device +++++
--- User ---
[MBR] 25556700d2ed9faebf239a1147845f27
[BSP] 3bb64745850212c01e431ad4d890e53b : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1416796 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2901600256 | Size: 14001 MB [Error reading VBR! ([83] An attempt was made to move the file pointer before the beginning of the file. )]
User != LL1 ... KO!
--- LL1 ---
[MBR] 25556700d2ed9faebf239a1147845f27
[BSP] 3bb64745850212c01e431ad4d890e53b : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1416796 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2901600256 | Size: 14001 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User != LL2 ... KO!
--- LL2 ---
[MBR] 25556700d2ed9faebf239a1147845f27
[BSP] 3bb64745850212c01e431ad4d890e53b : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1416796 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2901600256 | Size: 14001 MB[Invalid]
 
+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,160 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:50 PM

Posted 25 June 2016 - 12:56 PM

Greetings Ben,

Thank you for adjusting to the RogueKiller steps. It looks like they have changed the program and I will update my instructions accordingly.

I would like you to post the first Combofix report if you could please.

Please complete the aswMBR steps and then we will go from there.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 NoVirusJoe

NoVirusJoe
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 25 June 2016 - 08:43 PM

Hello Again Gary,
 
Thank you for your continued diligence and patience working with me on this problem!
 
Below please find:
 
1) The first Combofix report, run with Avast Internet Security disabled but Windows Defender enabled.
 
2) aswMBR log - a couple of notes here:
 
- I had my Avast Internet Security disabled, and Windows Defender disabled
- When I ran aswMBR, it did not ask to download Avast antivirus engine defs. Perhaps because I already have Avast Internet Security? Maybe it used its defs?
- This looks like a slightly newer version of the program than the screen shots posted, there is an option box at the bottom (default Quick Scan) and there are other scan options. I ran with Quick Scan.
- I have saved the MBR.dat file, per directions
 
3) Per your most recent request for logs, I ran FRST again, and have copy/pasted the FRST.txt log, and attached Addition.txt
 
An update on computer performance: My computer performed the failed router logins again this afternoon, before I ran the above scans. It looks like the router logins correspond to the time I booted my computer. Also, I know it's not yet time to talk about other computers in the house, but my daughter has been away for the past week. She turned her computer on today, and her computer did the router login attempts as well roughly the time she booted her computer - same pattern, same usernames and number of attempts. Maybe this thing is running each time an "infected" computer is booted? I hadn't considered this previously. I will ask others in the house to log each time they boot their computer and see if there is a correspondence with the failed router logins in the router log.
 
Let me know if you would like more router screen shots of the logins. They are pretty much the same thing. It seems though that this thing is kind of dumb. Always trying the same usernames, in the same order, and the same number of times per username. It really almost seems like a drone or something, not very smart. It just keeps pecking away. I shudder to think what would happen though if it actually logged in to the router. Maybe it's just looking for some people that don't ever change their router's login info.
 
I so appreciate your help, Gary. THANK YOU!
 
====================== ComboFix1.txt =======================================
 
ComboFix 16-06-01.01 - Ben 06/24/2016  20:12:58.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8174.6418 [GMT -7:00]
Running from: c:\users\Ben\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\wpcap.dll
c:\windows\TEMP\SafeZone Installer\installer.exe . . . . Failed to delete
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2016-05-25 to 2016-06-25  )))))))))))))))))))))))))))))))
.
.
2016-06-25 03:20 . 2016-06-25 03:20 -------- d-----w- c:\users\Keyth\AppData\Local\temp
2016-06-25 03:20 . 2016-06-25 03:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-06-25 01:06 . 2016-05-26 20:28 11895896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7FAB024E-6884-44E9-BBEA-EE164A3892A1}\mpengine.dll
2016-06-23 03:47 . 2016-06-23 03:55 -------- d-----w- C:\AdwCleaner
2016-06-23 03:36 . 2016-06-23 03:36 290304 ----a-w- c:\windows\SysWow64\subinacl.exe
2016-06-23 03:36 . 2016-06-23 03:36 -------- d-----w- c:\program files (x86)\Adware Removal Tool by TSA
2016-06-16 04:43 . 2016-06-16 05:03 -------- d-----w- c:\users\Ben\AppData\Roaming\Wireshark
2016-06-16 04:40 . 2016-06-16 04:41 -------- d-----w- c:\program files\Wireshark
2016-06-16 00:18 . 2016-05-18 16:10 312832 ----a-w- c:\windows\SysWow64\gdi32.dll
2016-06-16 00:18 . 2016-05-18 16:09 405504 ----a-w- c:\windows\system32\gdi32.dll
2016-06-15 07:12 . 2016-06-23 03:31 -------- d-----w- C:\FRST
2016-05-27 19:19 . 2016-05-27 19:19 225976 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-06-17 05:36 . 2012-04-04 22:27 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-06-17 05:36 . 2011-06-18 07:07 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-06-15 07:54 . 2011-06-15 01:50 142482544 ----a-w- c:\windows\system32\MRT.exe
2016-06-14 02:31 . 2011-06-15 00:25 484008 ------w- c:\windows\system32\MpSigStub.exe
2016-06-11 01:52 . 2014-04-11 03:20 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-16 01:03 . 2013-05-21 19:06 369168 ----a-w- c:\windows\system32\wpcap.dll
2016-05-16 01:03 . 2013-05-21 19:06 35344 ----a-w- c:\windows\system32\drivers\npf.sys
2016-05-16 01:03 . 2013-05-21 19:06 106000 ----a-w- c:\windows\system32\packet.dll
2016-05-11 06:17 . 2016-05-11 06:17 398152 ----a-w- c:\windows\system32\aswBoot.exe
2016-05-11 06:17 . 2014-05-03 03:10 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-05-11 06:17 . 2014-01-03 16:10 166432 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-05-11 06:17 . 2013-03-16 22:29 287528 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-05-11 06:17 . 2013-03-16 22:29 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-05-11 06:17 . 2012-03-25 20:06 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-05-11 06:17 . 2011-06-15 03:13 465792 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-05-11 06:17 . 2011-06-15 03:12 107792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-05-11 06:17 . 2016-05-11 06:17 52184 ----a-w- c:\windows\avastSS.scr
2016-05-11 06:16 . 2016-03-03 06:14 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-05-11 06:16 . 2011-06-15 03:12 1070904 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-05-11 06:16 . 2016-05-11 06:16 28312 ----a-w- c:\windows\system32\drivers\aswNetNd6.sys
2016-05-11 06:16 . 2016-02-12 03:38 536312 ----a-w- c:\windows\system32\drivers\aswNetSec.sys
2016-04-14 13:49 . 2016-05-11 02:47 603648 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2016-04-14 13:21 . 2016-05-11 02:47 647680 ----a-w- c:\windows\system32\d3d10level9.dll
2016-04-09 07:02 . 2016-05-11 02:46 631176 ----a-w- c:\windows\system32\winresume.efi
2016-04-09 07:01 . 2016-05-11 02:46 706280 ----a-w- c:\windows\system32\winload.efi
2016-04-09 07:01 . 2016-05-11 02:46 5546216 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-04-09 07:01 . 2016-05-11 02:47 986344 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2016-04-09 07:01 . 2016-05-11 02:47 264936 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2016-04-09 06:59 . 2016-05-11 02:46 3998952 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2016-04-09 06:59 . 2016-05-11 02:46 3943144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2016-04-09 06:59 . 2016-05-11 02:46 1732864 ----a-w- c:\windows\system32\ntdll.dll
2016-04-09 06:58 . 2016-05-11 02:46 362496 ----a-w- c:\windows\system32\wow64win.dll
2016-04-09 06:58 . 2016-05-11 02:46 243712 ----a-w- c:\windows\system32\wow64.dll
2016-04-09 06:58 . 2016-05-11 02:46 215552 ----a-w- c:\windows\system32\winsrv.dll
2016-04-09 06:58 . 2016-05-11 02:46 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2016-04-09 06:58 . 2016-05-11 02:46 503808 ----a-w- c:\windows\system32\srcore.dll
2016-04-09 06:58 . 2016-05-11 02:46 50176 ----a-w- c:\windows\system32\srclient.dll
2016-04-09 06:58 . 2016-05-11 02:46 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2016-04-09 06:57 . 2016-05-11 02:46 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2016-04-09 06:57 . 2016-05-11 02:46 419840 ----a-w- c:\windows\system32\KernelBase.dll
2016-04-09 06:57 . 2016-05-11 02:46 1163264 ----a-w- c:\windows\system32\kernel32.dll
2016-04-09 06:57 . 2016-05-11 02:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2016-04-09 06:57 . 2016-05-11 02:47 144384 ----a-w- c:\windows\system32\cdd.dll
2016-04-09 06:57 . 2016-05-11 02:46 880640 ----a-w- c:\windows\system32\advapi32.dll
2016-04-09 06:57 . 2016-05-11 02:46 6656 ----a-w- c:\windows\system32\apisetschema.dll
2016-04-09 06:57 . 2016-05-11 02:46 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 59904 ----a-w- c:\windows\system32\appidapi.dll
2016-04-09 06:57 . 2016-05-11 02:46 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 34816 ----a-w- c:\windows\system32\appidsvc.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-09 06:57 . 2016-05-11 02:46 1314112 ----a-w- c:\windows\SysWow64\ntdll.dll
2016-04-09 06:54 . 2016-05-11 02:46 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2016-04-09 06:54 . 2016-05-11 02:46 275456 ----a-w- c:\windows\SysWow64\KernelBase.dll
2016-04-09 06:54 . 2016-05-11 02:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2016-04-09 06:54 . 2016-05-11 02:46 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2016-04-09 06:54 . 2016-05-11 02:46 644096 ----a-w- c:\windows\SysWow64\advapi32.dll
2016-04-09 06:54 . 2016-05-11 02:46 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2016-04-09 06:54 . 2016-05-11 02:46 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-04-09 06:54 . 2016-05-11 02:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2016-04-09 06:54 . 2016-05-11 02:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-06-01 8722136]
"f.lux"="c:\users\Ben\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2016-03-09 611584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2016-06-10 7405752]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-16 452016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
"ProductUpdater"="c:\program files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe" [2016-04-19 75264]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2016-05-07 2770944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" blrun
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"InstantBurn"=c:\progra~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
"BDRegion"=c:\program files (x86)\Cyberlink\Shared Files\brs.exe
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"<NO NAME>"=
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x]
R3 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R3 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
R3 PonoMusic World 20 Service;PonoMusic World 20 Service;c:\program files (x86)\J River\PonoMusic World 20\JRService.exe;c:\program files (x86)\J River\PonoMusic World 20\JRService.exe [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 CLBStor;CLBStor;c:\windows\system32\DRIVERS\CLBStor.sys;c:\windows\SYSNATIVE\DRIVERS\CLBStor.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswNetSec;aswNetSec;c:\windows\system32\drivers\aswNetSec.sys;c:\windows\SYSNATIVE\drivers\aswNetSec.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;Avast Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe;c:\program files\Alwil Software\Avast5\afwServ.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S3 aswNetNd6;Avast Firewall NDIS6 Helper;c:\windows\system32\DRIVERS\aswNetNd6.sys;c:\windows\SYSNATIVE\DRIVERS\aswNetNd6.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-06-17 23:38 1245848 ----a-w- c:\program files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-05-03 14:41 287416 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2016-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 05:36]
.
2016-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 04:10]
.
2016-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 04:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-05-11 06:17 920784 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-15 2779024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: dell.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{E97F04AE-A847-4E62-9E6D-EEA95B12D165}: NameServer = 77.234.40.79
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\2u6e3jh4.default-1448390260118\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Best Buy pc app - c:\programdata\{4B62EC4D-2A7F-43B3-85D9-7E90DFD2694A}\Best Buy pc app Setup.exe
AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{4B62EC4D-2A7F-43B3-85D9-7E90DFD2694A}\Best Buy pc app Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_192_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_192_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_192_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_192_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.22"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Completion time: 2016-06-24  20:39:22 - machine was rebooted
ComboFix-quarantined-files.txt  2016-06-25 03:39
.
Pre-Run: 716,210,757,632 bytes free
Post-Run: 715,831,263,232 bytes free
.
- - End Of File - - B303C2EA47064D88A3F954B02C970553
A36C5E4F47E84449FF07ED3517B43A31
 
 

====================== aswMBR.txt =======================================
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-06-25 17:48:51
-----------------------------
17:48:51.216    OS Version: Windows x64 6.1.7601 Service Pack 1
17:48:51.216    Number of processors: 8 586 0x2A07
17:48:51.216    ComputerName: TANAGRA  UserName: Ben
17:48:53.057    Initialize success
17:48:53.088    VM: initialized successfully
17:48:53.088    VM: Intel CPU supported virtualized 
17:49:04.267    VM: supported disk I/O ataport.SYS
17:49:06.076    AVAST engine defs: 16062501
17:49:28.805    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:49:28.805    Disk 0 Vendor: ST31500341AS CC4G Size: 1430799MB BusType: 11
17:49:28.883    VM: Disk 0 MBR read successfully
17:49:28.883    Disk 0 MBR scan
17:49:28.883    Disk 0 Windows 7 default MBR code
17:49:28.883    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      1416796 MB offset 2048
17:49:28.899    Disk 0 default boot code
17:49:28.930    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        14001 MB offset 2901600256
17:49:28.961    Disk 0 scanning C:\Windows\system32\drivers
17:49:38.711    Service scanning
17:49:55.294    Modules scanning
17:49:55.294    Disk 0 trace - called modules:
17:49:55.310    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
17:49:55.310    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b91790]
17:49:55.325    3 CLASSPNP.SYS[fffff8800194d43f] -> nt!IofCallDriver -> [0xfffffa8007950520]
17:49:55.325    5 ACPI.sys[fffff88000f897a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80077bd1f0]
17:50:00.364    AVAST engine scan C:\Windows
17:50:05.403    AVAST engine scan C:\Windows\system32
17:52:33.479    AVAST engine scan C:\Windows\system32\drivers
17:52:47.987    AVAST engine scan C:\Users\Ben
17:55:44.204    AVAST engine scan C:\ProgramData
18:04:43.061    Disk 0 statistics 4650507/0/18 @ 3.04 MB/s
18:04:43.061    Scan finished successfully
18:05:18.800    Disk 0 MBR has been saved successfully to "C:\Users\Ben\Desktop\MBR.dat"
18:05:18.800    The log file has been saved successfully to "C:\Users\Ben\Desktop\aswMBR.txt"
 
 

======================= FRST.txt =======================================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by Ben (administrator) on TANAGRA (25-06-2016 18:13:50)
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben (Available Profiles: Ben & Cynde & Avicka & Keyth)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\afwServ.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Flux Software LLC) C:\Users\Ben\AppData\Local\FluxSoftware\Flux\flux.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [7405752 2016-06-10] (AVAST Software)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [75264 2016-04-19] ()
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2770944 2016-05-07] (Dominik Reichl)
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\Run: [f.lux] => C:\Users\Ben\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.)
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2016-05-10] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{67E51CC1-1563-4066-9399-46A7539A8D48}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{E97F04AE-A847-4E62-9E6D-EEA95B12D165}: [NameServer] 77.234.40.79
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3214213031-1856194109-730637721-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-07-03] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2016-05-10] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-03] (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2016-05-10] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} 
DPF: HKLM-x32 {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} 
DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\2u6e3jh4.default-1448390260118
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-16] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-03] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Atari - Lunar Lander) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aheampccjiggeiflpcjolbabpohbpclg [2015-06-16]
CHR Extension: (Google Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-20]
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-24]
CHR Extension: (Google Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Video Downloader professional) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-02-04]
CHR Extension: (Google Sheets) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Space Invaders) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghegbciicdkchepaicdacaakfgjgjkdm [2015-06-16]
CHR Extension: (Avast Online Security) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-03]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-02-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-02]
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-02]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-06-21]
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-02]
CHR Extension: (Adblock Plus) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-02]
CHR Extension: (Google Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-02]
CHR Extension: (Video Downloader professional) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-01-09]
CHR Extension: (Google Sheets) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-02]
CHR Extension: (Google Docs Offline) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Avast Online Security) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-04]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-02]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChromeSp.crx [2016-05-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2016-05-10]
StartMenuInternet: Google Chrome.JQYLSHKYCPN5EZQKRGRNCQUTOE - C:\Users\Avicka\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [243296 2016-05-10] (AVAST Software)
R2 avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [370656 2016-05-10] (AVAST Software)
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR)
S3 PonoMusic World 20 Service; C:\Program Files (x86)\J River\PonoMusic World 20\JRService.exe [399664 2015-08-20] (JRiver, Inc.)
S3 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [245760 2011-02-17] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-10] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-10] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [28312 2016-05-10] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [536312 2016-05-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-10] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-07-11] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-10] (AVAST Software)
R0 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24824 2007-06-04] (Cyberlink Co.,Ltd.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir3.sys [33792 2010-06-03] (Hauppauge Computer Works, Inc.)
S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2015-12-29] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-06-24] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-25 18:13 - 2016-06-25 18:14 - 00021084 _____ C:\Users\Ben\Desktop\FRST.txt
2016-06-25 18:05 - 2016-06-25 18:05 - 00002186 _____ C:\Users\Ben\Desktop\aswMBR.txt
2016-06-25 18:05 - 2016-06-25 18:05 - 00000512 _____ C:\Users\Ben\Desktop\MBR.dat
2016-06-25 16:39 - 2016-06-25 16:39 - 05198336 _____ (AVAST Software) C:\Users\Ben\Desktop\aswMBR.exe
2016-06-24 23:20 - 2016-06-24 23:35 - 00746719 _____ C:\Users\Ben\Documents\WalkLikeAGiant.pptx
2016-06-24 21:18 - 2016-06-24 21:18 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-06-24 21:17 - 2016-06-24 21:50 - 00000000 ____D C:\ProgramData\RogueKiller
2016-06-24 20:10 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2016-06-24 20:10 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2016-06-24 20:10 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-06-24 20:10 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-06-24 20:10 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-06-24 20:10 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2016-06-24 20:10 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2016-06-24 20:10 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2016-06-24 20:09 - 2016-06-24 21:05 - 00000000 ____D C:\Qoobox
2016-06-24 20:09 - 2016-06-24 20:37 - 00000000 ____D C:\Windows\erdnt
2016-06-24 10:27 - 2016-06-24 23:49 - 00000873 _____ C:\Users\Ben\Desktop\TrekReaction.txt
2016-06-22 20:47 - 2016-06-22 20:55 - 00000000 ____D C:\AdwCleaner
2016-06-22 20:36 - 2016-06-22 20:36 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-06-22 20:36 - 2016-06-22 20:36 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-06-22 20:00 - 2016-06-22 20:00 - 00000085 _____ C:\Windows\wininit.ini
2016-06-19 18:05 - 2016-06-19 18:05 - 10196965 _____ C:\Users\Ben\Downloads\Paramount_Pictures_Corporation_v_Axanar_Productions_Inc_et_al__cacdce-15-09938__0026.0.pdf
2016-06-16 20:26 - 2016-06-16 20:26 - 27831432 _____ C:\Users\Ben\Downloads\fuu_-win-mg6200-2_2-ea7.exe
2016-06-16 20:22 - 2016-06-16 20:22 - 18615880 _____ C:\Users\Ben\Downloads\mp68-win-mg6200-1_02-ejs.exe
2016-06-16 20:22 - 2016-06-16 20:22 - 16526928 _____ C:\Users\Ben\Downloads\xp68-win-mg6200-5_56a-ejs.exe
2016-06-15 21:43 - 2016-06-15 22:03 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Wireshark
2016-06-15 21:41 - 2016-06-15 21:41 - 00001752 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-06-15 21:41 - 2016-06-15 21:41 - 00001740 _____ C:\Users\Public\Desktop\Wireshark.lnk
2016-06-15 21:40 - 2016-06-15 21:41 - 00000000 ____D C:\Program Files\Wireshark
2016-06-15 21:40 - 2016-06-15 21:40 - 00001593 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-06-15 21:32 - 2016-06-15 21:33 - 47578216 _____ (Wireshark development team) C:\Users\Ben\Downloads\Wireshark-win64-2.0.4.exe
2016-06-15 17:18 - 2016-05-18 09:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 17:18 - 2016-05-18 09:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 08:34 - 2016-06-25 16:38 - 00000000 ____D C:\Users\Ben\Downloads\BleepingComputer
2016-06-15 00:12 - 2016-06-25 18:13 - 00000000 ____D C:\FRST
2016-06-15 00:08 - 2016-06-22 20:27 - 02387456 _____ (Farbar) C:\Users\Ben\Desktop\FRST64.exe
2016-06-14 19:43 - 2016-05-13 15:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-14 19:43 - 2016-05-13 15:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-14 19:43 - 2016-05-13 15:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-14 19:43 - 2016-05-13 15:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-14 19:43 - 2016-05-13 15:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-14 19:43 - 2016-05-13 14:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-14 19:43 - 2016-05-13 14:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-14 19:43 - 2016-05-13 14:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-14 19:43 - 2016-05-13 14:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-14 19:43 - 2016-05-13 14:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-14 19:43 - 2016-05-12 10:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-14 19:43 - 2016-05-12 10:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-14 19:43 - 2016-05-12 10:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-14 19:43 - 2016-05-12 10:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-14 19:43 - 2016-05-12 10:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-14 19:43 - 2016-05-12 10:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-14 19:43 - 2016-05-12 10:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-14 19:43 - 2016-05-12 10:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-14 19:43 - 2016-05-12 10:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-14 19:43 - 2016-05-12 10:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-14 19:43 - 2016-05-12 08:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-14 19:43 - 2016-05-12 08:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-14 19:43 - 2016-05-12 08:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-14 19:43 - 2016-05-12 07:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-14 19:43 - 2016-05-12 07:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-14 19:43 - 2016-05-12 07:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-14 19:43 - 2016-05-12 07:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-14 19:43 - 2016-05-12 07:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-14 19:43 - 2016-05-12 07:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-14 19:43 - 2016-05-12 07:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-14 19:43 - 2016-05-12 07:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-14 19:43 - 2016-05-12 07:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-14 19:43 - 2016-05-12 06:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-14 19:43 - 2016-05-12 06:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-14 19:43 - 2016-05-12 06:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-14 19:43 - 2016-05-11 10:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-14 19:43 - 2016-05-11 10:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-14 19:43 - 2016-05-11 10:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-14 19:43 - 2016-05-11 10:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-14 19:43 - 2016-05-11 08:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-14 19:43 - 2016-05-11 08:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-14 19:43 - 2016-05-11 08:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-14 19:43 - 2016-05-11 08:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-14 19:43 - 2016-05-11 08:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-14 19:43 - 2016-05-11 08:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-14 19:43 - 2016-05-11 07:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-14 19:42 - 2016-05-23 16:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-14 19:42 - 2016-05-23 15:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-14 19:42 - 2016-05-21 10:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-14 19:42 - 2016-05-21 09:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-14 19:42 - 2016-05-20 15:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-14 19:42 - 2016-05-20 15:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-14 19:42 - 2016-05-20 15:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-14 19:42 - 2016-05-20 15:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-14 19:42 - 2016-05-20 15:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-14 19:42 - 2016-05-20 15:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-14 19:42 - 2016-05-20 15:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-14 19:42 - 2016-05-20 15:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-14 19:42 - 2016-05-20 15:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-14 19:42 - 2016-05-20 15:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-14 19:42 - 2016-05-20 15:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-14 19:42 - 2016-05-20 14:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-14 19:42 - 2016-05-20 14:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-14 19:42 - 2016-05-20 14:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-14 19:42 - 2016-05-20 14:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-14 19:42 - 2016-05-20 14:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-14 19:42 - 2016-05-20 14:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-14 19:42 - 2016-05-20 14:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-14 19:42 - 2016-05-20 14:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-14 19:42 - 2016-05-20 14:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-14 19:42 - 2016-05-20 14:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-14 19:42 - 2016-05-20 14:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-14 19:42 - 2016-05-20 14:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-14 19:42 - 2016-05-20 14:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-14 19:42 - 2016-05-20 14:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-14 19:42 - 2016-05-20 14:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-14 19:42 - 2016-05-20 14:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-14 19:42 - 2016-05-20 14:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-14 19:42 - 2016-05-20 14:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-14 19:42 - 2016-05-20 14:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-14 19:42 - 2016-05-20 14:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-14 19:42 - 2016-05-20 14:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-14 19:42 - 2016-05-20 14:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-14 19:42 - 2016-05-20 14:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-14 19:42 - 2016-05-20 14:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-14 19:42 - 2016-05-20 14:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-14 19:42 - 2016-05-20 14:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-14 19:42 - 2016-05-20 14:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-14 19:42 - 2016-05-20 14:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-14 19:42 - 2016-05-20 14:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-14 19:42 - 2016-05-20 14:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-14 19:42 - 2016-05-20 14:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-14 19:42 - 2016-05-20 14:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-14 19:42 - 2016-05-20 14:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-14 19:42 - 2016-05-20 14:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-14 19:42 - 2016-05-20 14:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-14 19:42 - 2016-05-20 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-14 19:42 - 2016-05-20 14:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-14 19:42 - 2016-05-20 14:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-14 19:42 - 2016-05-20 14:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-14 19:42 - 2016-05-20 14:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-14 19:42 - 2016-05-20 14:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-14 19:42 - 2016-05-20 14:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-14 19:42 - 2016-05-20 14:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-14 19:42 - 2016-05-20 14:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-14 19:42 - 2016-05-20 14:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-14 19:42 - 2016-05-20 13:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-14 19:42 - 2016-05-20 13:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-14 19:42 - 2016-05-20 13:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-14 19:42 - 2016-05-20 13:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-14 19:42 - 2016-05-20 13:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-14 19:42 - 2016-05-20 13:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-11 21:45 - 2016-06-11 21:52 - 00000151 _____ C:\Users\Ben\Documents\ArrisModem.txt
2016-06-11 21:12 - 2016-06-11 21:12 - 00227338 _____ C:\Users\Ben\Downloads\Arris_DG1670A_AWG_Modem_Router.pdf
2016-06-11 16:37 - 2016-06-11 16:39 - 00208696 _____ C:\TDSSKiller.3.1.0.9_11.06.2016_16.37.02_log.txt
2016-06-11 16:25 - 2016-06-15 08:22 - 00476936 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-11 12:06 - 2016-06-11 12:06 - 00131808 _____ C:\Users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-11 11:58 - 2016-06-11 11:58 - 00018186 _____ C:\Users\Ben\Documents\cc_20160611_115812.reg
2016-06-11 11:38 - 2016-06-11 11:38 - 06893008 _____ (Piriform Ltd) C:\Users\Ben\Downloads\ccsetup518.exe
2016-06-10 08:34 - 2016-06-10 08:34 - 02854758 _____ C:\Users\Ben\Downloads\gccc36_1nl.pdf
2016-06-07 21:26 - 2016-06-07 21:26 - 11351885 _____ C:\Users\Ben\Downloads\fios-qgr-userguide140925.pdf
2016-05-27 23:00 - 2016-05-27 23:00 - 00000140 _____ C:\Users\Ben\Documents\GambobLimeric.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-25 18:12 - 2009-07-13 22:13 - 00753288 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-25 18:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-06-25 18:07 - 2015-02-03 20:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-25 18:07 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-25 17:46 - 2011-06-24 20:55 - 00000000 ____D C:\Users\Ben\Documents\Outlook Files
2016-06-25 17:37 - 2015-02-03 20:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-25 17:36 - 2015-10-14 18:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-25 17:34 - 2009-07-13 21:45 - 00022656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-25 17:34 - 2009-07-13 21:45 - 00022656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-24 21:03 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
2016-06-24 09:34 - 2016-01-19 19:49 - 00000000 ____D C:\Users\Ben\AppData\Roaming\KeePass
2016-06-23 08:25 - 2013-03-13 19:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-23 08:25 - 2013-03-13 19:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-23 01:26 - 2013-03-13 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-22 20:01 - 2014-10-26 13:49 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-22 19:16 - 2012-07-08 13:26 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-06-21 23:06 - 2015-03-20 18:24 - 00000000 ____D C:\Users\Ben\AppData\Roaming\vlc
2016-06-21 22:51 - 2015-03-20 18:24 - 00001072 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-06-17 16:42 - 2015-02-03 20:45 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 16:42 - 2015-02-03 20:45 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-16 22:36 - 2015-10-14 18:52 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-16 22:36 - 2012-04-04 15:27 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-16 22:36 - 2011-06-18 00:07 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-16 20:25 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-06-15 21:40 - 2016-01-13 04:25 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-15 19:04 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-06-15 17:24 - 2016-05-05 22:48 - 00000000 ____D C:\Users\Ben\Documents\db
2016-06-15 01:00 - 2013-08-14 00:14 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 00:54 - 2011-06-14 18:50 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-14 23:39 - 2016-02-21 16:13 - 00000000 ____D C:\Users\Ben\Downloads\Axanar
2016-06-14 21:57 - 2011-06-14 22:53 - 00000000 ____D C:\lviewpro
2016-06-13 19:31 - 2011-06-14 17:25 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-11 16:41 - 2011-06-14 17:05 - 00000000 ____D C:\Users\Ben\AppData\Local\VirtualStore
2016-06-11 11:41 - 2015-05-30 15:21 - 00000788 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-06-10 18:52 - 2014-04-10 20:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-09 22:57 - 2016-05-15 18:03 - 00002068 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2016-06-09 22:57 - 2016-05-15 18:03 - 00002050 _____ C:\Users\Public\Desktop\NETGEAR Genie.lnk
2016-06-09 22:57 - 2016-03-16 23:01 - 00001224 _____ C:\Users\Ben\Desktop\Paint.lnk
2016-06-09 22:57 - 2016-03-02 23:15 - 00001143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-09 22:57 - 2016-03-02 23:15 - 00001125 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-06-09 22:57 - 2016-01-19 19:20 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2016-06-09 22:57 - 2016-01-19 19:20 - 00001111 _____ C:\Users\Ben\Desktop\KeePass 2.lnk
2016-06-09 22:57 - 2015-11-21 00:23 - 00001320 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2016-06-09 22:57 - 2015-11-07 12:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-09 22:57 - 2015-11-07 12:08 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-06-09 22:57 - 2015-09-20 10:34 - 00001854 _____ C:\Users\Ben\Desktop\My Printer.lnk
2016-06-09 22:57 - 2015-08-14 11:32 - 00002101 _____ C:\Users\Ben\Desktop\MP Navigator EX 5.0.lnk
2016-06-09 22:57 - 2015-07-03 20:59 - 00001036 _____ C:\Users\Public\Desktop\IntelliJ IDEA Community Edition 14.1.4.lnk
2016-06-09 22:57 - 2015-02-14 16:27 - 00002105 _____ C:\Users\Public\Desktop\PonoMusic World 20.lnk
2016-06-09 22:57 - 2015-01-30 16:45 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-09 22:57 - 2015-01-30 16:45 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-09 22:57 - 2014-11-22 15:50 - 00001937 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2016-06-09 22:57 - 2014-04-10 20:20 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-09 22:57 - 2014-03-14 20:17 - 00002509 _____ C:\Users\Public\Desktop\Skype.lnk
2016-06-09 22:57 - 2014-01-06 22:07 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2016-06-09 22:57 - 2013-08-04 12:31 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-06-09 22:57 - 2012-10-02 22:51 - 00002075 _____ C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2016-06-09 22:57 - 2012-10-02 22:50 - 00002340 _____ C:\Users\Public\Desktop\Canon MG6200 series On-screen Manual.lnk
2016-06-09 22:57 - 2012-09-16 15:03 - 00000942 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-06-09 22:57 - 2012-07-28 13:18 - 00002200 _____ C:\Users\Public\Desktop\Play Jewel Quest II.lnk
2016-06-09 22:57 - 2012-07-01 12:25 - 00001598 _____ C:\Users\Ben\Desktop\DISK STATION.lnk
2016-06-09 22:57 - 2012-02-16 00:35 - 00000855 _____ C:\Users\Ben\Desktop\eclipse.exe - Shortcut.lnk
2016-06-09 22:57 - 2011-10-14 15:28 - 00000983 _____ C:\Users\Public\Desktop\Beyond Compare 3.lnk
2016-06-09 22:57 - 2011-10-08 18:52 - 00001160 _____ C:\Users\Public\Desktop\Synology Assistant.lnk
2016-06-09 22:57 - 2011-08-09 22:10 - 00000351 _____ C:\Users\Ben\Desktop\Network - Shortcut.lnk
2016-06-09 22:57 - 2011-08-01 21:51 - 00002090 _____ C:\Users\Public\Desktop\I SPY Spooky Mansion Deluxe.lnk
2016-06-09 22:57 - 2011-06-24 20:46 - 00003011 _____ C:\Users\Ben\Desktop\Microsoft Outlook 2010.lnk
2016-06-09 22:57 - 2011-06-16 22:24 - 00001311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2016-06-09 22:57 - 2011-06-16 22:23 - 00001380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2016-06-09 22:57 - 2011-06-16 13:36 - 00000596 _____ C:\Users\Ben\Desktop\JDev.lnk
2016-06-09 22:57 - 2011-06-14 22:04 - 00000953 _____ C:\Users\Ben\Desktop\Ben.lnk
2016-06-09 22:57 - 2011-06-14 20:49 - 00001448 _____ C:\Users\Ben\Desktop\Command Prompt.lnk
2016-06-09 22:57 - 2011-06-14 20:48 - 00000967 _____ C:\Users\Public\Desktop\Programmer's Notepad.lnk
2016-06-09 22:57 - 2011-06-14 17:05 - 00001395 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-09 22:57 - 2011-05-26 18:38 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-06-09 22:57 - 2011-05-26 18:38 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-06-09 22:57 - 2011-05-26 17:00 - 00002144 _____ C:\Users\Public\Desktop\Roxio Creator Starter.lnk
2016-06-09 22:57 - 2011-05-26 16:53 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
2016-06-09 22:57 - 2009-07-13 22:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-06-09 22:57 - 2009-07-13 21:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-06-09 22:57 - 2009-07-13 21:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-06-09 22:57 - 2009-07-13 21:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-06-09 22:57 - 2009-07-13 21:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-06-09 22:57 - 2009-07-13 21:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-06-09 22:22 - 2014-04-10 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-09 22:22 - 2014-04-10 20:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-09 21:29 - 2013-05-21 12:06 - 00000000 ____D C:\Users\Ben\AppData\Local\NETGEARGenie
2016-05-28 16:29 - 2011-09-01 09:03 - 00131808 _____ C:\Users\Avicka\AppData\Local\GDIPFONTCACHEV1.DAT
 
==================== Files in the root of some directories =======
 
2015-12-31 00:23 - 2015-12-31 00:23 - 0001476 _____ () C:\Users\Ben\AppData\Local\recently-used.xbel
2011-07-23 10:14 - 2011-07-23 10:14 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2011-06-19 15:41 - 2011-06-19 15:41 - 0000252 _____ () C:\ProgramData\FastPics.log
2012-09-30 16:38 - 2012-09-30 16:38 - 0000343 _____ () C:\ProgramData\lxed.log
2011-09-15 16:45 - 2012-02-24 10:10 - 0000923 _____ () C:\ProgramData\lxedDiagnostics.log
2011-06-19 15:48 - 2012-09-29 22:30 - 0132552 _____ () C:\ProgramData\lxedJSW.log
2011-06-19 15:39 - 2012-09-30 16:38 - 0086814 _____ () C:\ProgramData\lxedscan.log
2011-07-23 10:14 - 2011-07-23 10:14 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2012-02-03 00:11 - 2016-02-10 22:30 - 0001415 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2011-06-19 15:38 - 2011-06-19 15:38 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Some files in TEMP:
====================
C:\Users\Ben\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-17 10:35
 
==================== End of FRST.txt ============================
 
Attached File  Addition.txt   38.84KB   1 downloads
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by Ben (2016-06-25 18:14:33)
Running from C:\Users\Ben\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-06-15 00:05:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3214213031-1856194109-730637721-500 - Administrator - Disabled)
Avicka (S-1-5-21-3214213031-1856194109-730637721-1004 - Limited - Enabled) => C:\Users\Avicka
Ben (S-1-5-21-3214213031-1856194109-730637721-1002 - Administrator - Enabled) => C:\Users\Ben
Cynde (S-1-5-21-3214213031-1856194109-730637721-1003 - Administrator - Enabled) => C:\Users\Cynde
Guest (S-1-5-21-3214213031-1856194109-730637721-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3214213031-1856194109-730637721-1298 - Limited - Enabled)
Keyth (S-1-5-21-3214213031-1856194109-730637721-1296 - Limited - Enabled) => C:\Users\Keyth

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version: - )
Avast Internet Security (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software)
Best Buy pc app (x32 Version: 3.5.1.1 - Best Buy) Hidden
Beyond Compare Version 3.3.2 (HKLM-x32\...\BeyondCompare3_is1) (Version: - Scooter Software)
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version: - )
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version: - )
Canon Easy-PhotoPrint Pro (HKLM-x32\...\Easy-PhotoPrint Pro) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG6200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series) (Version: - Canon Inc.)
Canon MG6200 series User Registration (HKLM-x32\...\Canon MG6200 series User Registration) (Version: - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Clickie (HKLM\...\Clickie) (Version: 1.2.1.10 - David Defoort)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
f.lux (HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\Flux) (Version: - )
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
IntelliJ IDEA Community Edition 14.1.4 (HKLM-x32\...\IntelliJ IDEA Community Edition 14.1.4) (Version: 141.1532.4 - JetBrains s.r.o.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
KeePass Password Safe 2.33 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.33 - Dominik Reichl)
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 9.01.1124.01 - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.43 - WildTangent)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.15.07 - NETGEAR Inc.)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PonoMusic World 20 (HKLM-x32\...\PonoMusic World 20) (Version: 20 - J. River, Inc.)
Programmer's Notepad 2 (HKLM-x32\...\{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1) (Version: 2.2.0.2240 - Simon Steele)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Scholastic's I SPY Spooky Mansion Deluxe (HKLM-x32\...\Scholastic's I SPY Spooky Mansion Deluxe) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
ViewSonic Monitor Drivers (HKLM-x32\...\{B4FEA924-630D-11D4-B78E-005004566E4D}) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Wireshark 2.0.4 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.4 - The Wireshark developer community, hxxps://www.wireshark.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1D83ABD3-ACB2-461F-A19A-E5B9ED835B63} - System32\Tasks\{7A723158-CE66-49AC-AB3F-5ECE244748F3} => Chrome.exe hxxp://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsBing
Task: {32F23E9F-7211-4D43-8883-EFEDD0C798CA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {3DA2E337-220B-4FD3-8F5A-FEDD087790A1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {5D124E45-2DEB-4DA2-9D63-7BE89F1E95BF} - System32\Tasks\{69158909-CB12-4DA4-9896-AB4E248B0762} => C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [2016-04-20] (Microsoft Corporation)
Task: {79AE6FD3-9292-48F3-A9A5-61E6789D1B42} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {833E8C63-F5BC-4F9D-BB02-7700241D0754} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {B4840013-D8B2-4D66-91BC-90D109933E42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B5E7635C-9374-43A8-AC3A-060351989C25} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2016-05-10] (AVAST Software)
Task: {C8C3E282-7109-4DA9-BD11-E78379406525} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {CDB969D7-983C-4A63-8492-95287EAD98D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-16] (Adobe Systems Incorporated)
Task: {CF7E5A75-3D0E-4B32-AE2E-3C69380824C5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd)
Task: {E5C49F62-10CE-4BB3-AC91-B55D1C7A8EBF} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {EFC82527-4CCF-456A-B7A1-082DA494E04B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F03BDF77-3D63-4459-9158-F472C991B25B} - System32\Tasks\SafeZone scheduled Autoupdate 1456985704 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {F86104A4-8EE9-42E5-AAF4-AB0390905AF0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-06-19 15:39 - 2009-11-04 08:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeddrpp.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-11-17 08:35 - 2010-11-17 08:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2015-10-14 20:33 - 2016-04-19 13:56 - 00075264 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2016-05-10 23:17 - 2016-05-10 23:17 - 00123344 _____ () C:\Program Files\Alwil Software\Avast5\log.dll
2016-05-10 23:17 - 2016-05-10 23:17 - 00135816 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
2016-06-25 16:21 - 2016-06-25 16:21 - 02948608 _____ () C:\Program Files\Alwil Software\Avast5\defs\16062501\algo.dll
2016-05-10 23:17 - 2016-05-10 23:17 - 00309912 _____ () C:\Program Files\Alwil Software\Avast5\browser_pass.dll
2016-05-10 23:17 - 2016-05-10 23:17 - 00479680 _____ () C:\Program Files\Alwil Software\Avast5\ffl2.dll
2010-11-24 20:44 - 2010-11-24 20:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2015-12-29 13:12 - 2015-12-29 13:12 - 40539648 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7888 more sites.

IE trusted site: HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3214213031-1856194109-730637721-1002\...\123simsen.com -> www.123simsen.com

There are 7888 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2016-06-24 20:34 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3214213031-1856194109-730637721-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{38F5F2C1-159A-4EA5-AC31-14E96ADE9625}] => (Allow) svchost.exe
FirewallRules: [{13BEE217-5BBF-461A-A89F-D197FD3412FD}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{C3E67BD8-3DCF-465D-84FC-CD635B554212}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{417CCC8E-69E4-4A05-A72C-1CCA66FDC91F}] => (Allow) LPort=2869
FirewallRules: [{5AE9F75D-5FA4-4833-BC8F-E95006FDEAA4}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{F8AE2F17-E0A3-40D6-93D1-F686410A740D}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{6CE91CA0-9799-4EF0-88ED-77520AE28A46}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{E31D2A3E-2E1E-4DF1-B0E0-EC7611E89C80}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{9DF531E1-910A-4958-B971-1BB33EED8BD8}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [TCP Query User{D0F31148-FC50-4E96-A87A-9CF7242861E6}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{A32D6B56-30D9-4022-8306-A0DA7D9B2CD8}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{55E887CC-A83A-4D0E-AAAB-60AA1A022277}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{7C3BBBB3-7CCB-4F4C-8780-AA4C04B75302}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{29D138E6-4D78-441F-97AC-7F6874818A13}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{BF240A13-8012-42BC-8533-27B316087868}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{61AA77DA-A89A-4E6D-A123-88874D7161A1}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{D2CD63C1-5BF4-45DB-87B4-296AA4E9705C}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{F57AC1F0-E4F2-4C00-BA5E-1D5E0D48A158}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{B88B53CF-A521-44F6-89AB-021166766CFA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4F2D034F-5FC9-4607-BE42-9629FDCB242A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BBA6A128-DC4A-48F8-9D7A-DEFF93AC0B55}C:\program files (x86)\j river\ponomusic world 20\ponomusic world 20.exe] => (Allow) C:\program files (x86)\j river\ponomusic world 20\ponomusic world 20.exe
FirewallRules: [UDP Query User{47A5EE00-046D-45A4-BBBC-451E36E50BDF}C:\program files (x86)\j river\ponomusic world 20\ponomusic world 20.exe] => (Allow) C:\program files (x86)\j river\ponomusic world 20\ponomusic world 20.exe
FirewallRules: [TCP Query User{D7DD9BE6-F649-4A06-8C9C-FBB83B2E35C3}C:\program files (x86)\j river\ponomusic world 20\ponomusic world 20.exe] => (Allow) C:\program files (x86)\j river\ponomusic world 20\ponomusic world 20.exe
FirewallRules: [UDP Query User{3C66963F-B32A-41EF-BDD4-A2F7D5698254}C:\program files (x86)\j river\ponomusic world 20\ponomusic world 20.exe] => (Allow) C:\program files (x86)\j river\ponomusic world 20\ponomusic world 20.exe
FirewallRules: [TCP Query User{3086E826-1242-4FD2-85CC-2FB54A0B2C9C}C:\program files (x86)\jetbrains\intellij idea community edition 14.1.4\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea community edition 14.1.4\bin\idea.exe
FirewallRules: [UDP Query User{62B8E9E5-C034-4049-B18B-71C632A716B8}C:\program files (x86)\jetbrains\intellij idea community edition 14.1.4\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea community edition 14.1.4\bin\idea.exe
FirewallRules: [TCP Query User{A57ECCC7-DA4F-4F11-9A2F-94B07DE99670}C:\program files\java\jdk1.8.0_45\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_45\bin\java.exe
FirewallRules: [UDP Query User{00702815-5C0B-43E9-8E42-A5D15AA6B78B}C:\program files\java\jdk1.8.0_45\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_45\bin\java.exe
FirewallRules: [TCP Query User{5FA0CBE3-8928-4FFC-99AE-004C497857CB}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{CA798D5C-5388-471B-8030-5043FF0BB383}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{D844E760-D501-4E1D-B462-1D02A47EF109}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-05-2016 19:46:30 Windows Update
10-05-2016 23:18:35 Device Driver Package Install: Avast Network Service
11-05-2016 01:37:20 Windows Update
15-05-2016 18:01:01 Removed NETGEAR Powerline Utility
16-05-2016 23:23:39 Windows Update
20-05-2016 14:09:59 Windows Update
24-05-2016 20:03:14 Windows Update
31-05-2016 20:39:27 Windows Update
07-06-2016 19:46:58 Windows Update
11-06-2016 15:49:54 Before removal of "Boott! s" - suspect rootkit
14-06-2016 19:41:00 Windows Update
15-06-2016 00:50:22 Windows Update
15-06-2016 21:40:28 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
15-06-2016 22:13:24 Windows Update
21-06-2016 08:13:34 Windows Update
22-06-2016 20:27:53 Restore Point Created by FRST
23-06-2016 01:24:59 Windows Update

==================== Faulty Device Manager Devices =============

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: DW1501 Wireless-N WLAN Half-Mini Card
Description: DW1501 Wireless-N WLAN Half-Mini Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/22/2016 08:27:52 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {2173e7c4-aa34-4fd8-bf89-e2bd8de48be0}

Error: (05/10/2016 11:18:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Avast! Firewall Driver.

System Error:
The system cannot find the file specified.
.

Error: (05/10/2016 07:23:12 PM) (Source: MsiInstaller) (EventID: 1024) (User: TANAGRA)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F104E4700}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/01/2016 09:36:04 AM) (Source: SDFSSvc.exe) (EventID: 0) (User: )
Description: The service process could not connect to the service controller

Error: (04/11/2016 08:29:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.11065.1000, time stamp: 0x5646e5d2
Faulting module name: aeinv.dll, version: 10.0.11065.1000, time stamp: 0x566b1cbf
Exception code: 0xc0000005
Fault offset: 0x0000000000017e5f
Faulting process id: 0x350
Faulting application start time: 0xCompatTelRunner.exe0
Faulting application path: CompatTelRunner.exe1
Faulting module path: CompatTelRunner.exe2
Report Id: CompatTelRunner.exe3

Error: (03/10/2016 09:33:22 PM) (Source: MsiInstaller) (EventID: 1024) (User: TANAGRA)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5C00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (03/02/2016 11:12:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: wwanapi.dll, version: 6.1.7600.16385, time stamp: 0x4a5be0a8
Exception code: 0xc0000005
Fault offset: 0x00000000000333eb
Faulting process id: 0xae0
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (03/02/2016 10:55:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CNMNSST.exe, version: 1.1.0.7, time stamp: 0x4d315039
Faulting module name: CNMNPPM.DLL, version: 3.1.1.10, time stamp: 0x4fd99e4e
Exception code: 0xc0000005
Fault offset: 0x000444d2
Faulting process id: 0xca4
Faulting application start time: 0xCNMNSST.exe0
Faulting application path: CNMNSST.exe1
Faulting module path: CNMNSST.exe2
Report Id: CNMNSST.exe3

Error: (02/17/2016 08:59:44 PM) (Source: MsiInstaller) (EventID: 1024) (User: TANAGRA)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5B00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (02/11/2016 08:45:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CNMNSST.exe, version: 1.1.0.7, time stamp: 0x4d315039
Faulting module name: CNMNPPM.DLL, version: 3.1.1.10, time stamp: 0x4fd99e4e
Exception code: 0xc0000005
Fault offset: 0x000444d2
Faulting process id: 0xdbc
Faulting application start time: 0xCNMNSST.exe0
Faulting application path: CNMNSST.exe1
Faulting module path: CNMNSST.exe2
Report Id: CNMNSST.exe3


System errors:
=============
Error: (06/24/2016 09:18:57 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/24/2016 09:03:25 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/24/2016 09:02:59 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/24/2016 09:02:59 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/24/2016 09:00:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/24/2016 08:56:42 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (06/24/2016 08:56:42 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (06/24/2016 08:56:42 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (06/24/2016 08:20:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/24/2016 08:20:15 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


CodeIntegrity:
===================================
Date: 2016-06-24 21:02:59.312
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-06-24 21:02:59.265
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-06-24 21:02:59.218
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-06-24 21:02:59.171
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-06-24 20:19:48.903
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-06-24 20:19:48.856
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 8174.45 MB
Available physical RAM: 6326.3 MB
Total Virtual: 16347.07 MB
Available Virtual: 14450.99 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:1383.59 GB) (Free:666.42 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:6.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 2EA1361C)
Partition 1: (Active) - (Size=1383.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Edited by Oh My!, 25 June 2016 - 09:10 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users