Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot turn Windows 7 Firewall on.


  • This topic is locked This topic is locked
3 replies to this topic

#1 plucky_amateur

plucky_amateur

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 12 August 2016 - 06:50 PM

I have reason to believe I have suffered an intrusion from a skilled hacker.  In any event, the Windows Firewall page in the control panel colors both public and home networks in red, meaning turned off.  This page is unresponsive to clicks anywhere in the page.  In services.msc the Windows Firewall service is marked as started.  The Farbar logs:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-08-2016 01
Ran by HP (administrator) on HP-PC (12-08-2016 16:35:57)
Running from C:\jdb\tech\security\hacking&phishing
Loaded Profiles: HP (Available Profiles: HP)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(IVPN Limited) C:\Program Files\IVPN Client\IVPN Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
(Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dominik Reichl) C:\Program Files (x86)\security\KeePass\KeePass.exe
(RaMMicHaeL) C:\Users\HP\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(IVPN Limited) C:\Program Files\IVPN Client\IVPN Client.exe
(The OpenVPN Project) C:\Program Files\IVPN Client\OpenVPN\x86\openvpn.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074088 2015-09-03] (The Eraser Project)
HKLM\...\Run: [IVPN Client Runtime Warmup] => C:\Program Files\IVPN Client\IVPN Client.exe [819712 2016-02-10] (IVPN Limited)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-05] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\security\KeePass\KeePass.exe [1960448 2013-04-05] (Dominik Reichl)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2631120 2016-07-28] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-4114162118-3736916806-3957086004-1000\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\security\KeePass\KeePass.exe [1960448 2013-04-05] (Dominik Reichl)
HKU\S-1-5-21-4114162118-3736916806-3957086004-1000\...\Run: [7 Taskbar Tweaker] => C:\Users\HP\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [380416 2015-12-04] (RaMMicHaeL)
HKU\S-1-5-21-4114162118-3736916806-3957086004-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5770192 2016-08-04] (SecureMix LLC)
HKU\S-1-5-21-4114162118-3736916806-3957086004-1000\...\MountPoints2: {e4d2ac46-f523-11e5-afc2-00248114dba9} - F:\iStudio.exe
HKU\S-1-5-21-4114162118-3736916806-3957086004-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr.exe - Shortcut (2).lnk [2016-02-07]
ShortcutTarget: taskmgr.exe - Shortcut (2).lnk -> C:\Windows\System32\taskmgr.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2B5F79EB-4F74-42FC-91C8-82C2D33FEE94}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F7D3C0BA-D479-4BCC-AF84-AC18D9E11B04}: [DhcpNameServer] 10.22.16.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4114162118-3736916806-3957086004-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-4114162118-3736916806-3957086004-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-4114162118-3736916806-3957086004-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-4114162118-3736916806-3957086004-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-02-06] (AO Kaspersky Lab)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-28] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-02-06] (AO Kaspersky Lab)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-28] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-02-06] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-02-06] (AO Kaspersky Lab)

FireFox:
========
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\ygvgs2i6.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp:/www.ucomics.com
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\ygvgs2i6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-08-11]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-08-10]

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-02-11]
CHR Extension: (Google Slides) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-06]
CHR Extension: (Google Docs) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-06]
CHR Extension: (Google Drive) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-06]
CHR Extension: (Adguard AdBlocker) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-08-11]
CHR Extension: (YouTube) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-06]
CHR Extension: (Google Search) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-06]
CHR Extension: (Kaspersky Protection) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-02-06]
CHR Extension: (Google Docs Offline) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Coupons at Checkout) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2016-03-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-11]
CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-06]
CHR Extension: (Chrome Media Router) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-11]
CHR Extension: (Privacy Badger) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2016-08-11]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

Opera:
=======
OPR Extension: (cleanPages) - C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgpkcoplbemkfoacdhpjhgdokcagnhkg [2016-02-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2016-02-06] (Kaspersky Lab ZAO)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S4 Desktop Rover Service; C:\Program Files (x86)\system utilities\desktop rover\roversvc.exe [163840 2010-04-05] (Neslo Software, Inc.) [File not signed]
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4351440 2016-08-04] (SecureMix LLC)
R2 IVPN Client; C:\Program Files\IVPN Client\IVPN Service.exe [32256 2016-02-10] (IVPN Limited) [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [750032 2016-07-28] (Malwarebytes Corporation)
S4 MouseWithoutBordersSvc; C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [30320 2015-09-22] (Microsoft)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG) [File not signed]
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [75360 2016-08-04] ()
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33248 2015-05-28] (SecureMix LLC)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [77728 2016-03-01] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2016-02-06] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [237480 2016-08-10] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [943536 2016-08-10] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [49240 2016-08-10] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2016-02-06] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
U5 UnlockerDriver5; C:\Program Files (x86)\system utilities\unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-12 16:34 - 2016-08-12 16:35 - 00000000 ____D C:\FRST
2016-08-11 15:57 - 2016-07-08 08:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-11 15:57 - 2016-07-08 08:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-11 15:57 - 2016-07-08 08:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-11 15:57 - 2016-07-08 08:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-11 15:57 - 2016-07-08 08:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-11 15:57 - 2016-07-08 08:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-11 15:57 - 2016-07-08 08:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-11 15:57 - 2016-07-08 08:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-11 15:57 - 2016-07-08 08:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-11 15:57 - 2016-07-08 08:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-11 15:57 - 2016-07-08 08:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-11 15:57 - 2016-07-08 08:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-11 15:57 - 2016-07-08 08:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-11 15:57 - 2016-07-08 08:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-11 15:57 - 2016-07-08 08:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-11 15:57 - 2016-07-08 08:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-11 15:57 - 2016-07-08 08:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-11 15:57 - 2016-07-08 08:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-11 15:57 - 2016-07-08 08:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-11 15:57 - 2016-07-08 08:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-11 15:57 - 2016-07-08 08:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-11 15:57 - 2016-07-08 08:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-11 15:57 - 2016-07-08 08:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-11 15:57 - 2016-07-08 08:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-11 15:57 - 2016-07-08 08:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-11 15:57 - 2016-07-08 08:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-11 15:57 - 2016-07-08 08:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-11 15:57 - 2016-07-08 08:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-11 15:57 - 2016-07-08 08:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-11 15:57 - 2016-07-08 08:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-11 15:57 - 2016-07-08 08:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-11 15:57 - 2016-07-08 08:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-11 15:57 - 2016-07-08 08:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-11 15:57 - 2016-07-08 08:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-11 15:57 - 2016-07-08 08:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-11 15:57 - 2016-07-08 08:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-11 15:57 - 2016-07-08 07:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-11 15:57 - 2016-07-08 07:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-11 15:57 - 2016-07-08 07:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-11 15:57 - 2016-07-08 07:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-11 15:57 - 2016-07-08 07:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-11 15:57 - 2016-07-08 07:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-11 15:57 - 2016-05-12 06:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-08-11 15:57 - 2016-05-12 06:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-08-11 15:57 - 2016-05-12 06:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-08-11 15:57 - 2016-05-11 10:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-08-11 15:57 - 2016-05-11 10:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-08-11 15:57 - 2016-05-11 10:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-08-11 15:57 - 2016-05-11 08:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-08-11 15:57 - 2016-05-11 08:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-08-11 15:57 - 2016-05-11 08:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-08-11 15:57 - 2016-05-11 08:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-08-11 15:57 - 2016-05-11 08:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-08-11 15:57 - 2016-05-11 07:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-08-11 15:57 - 2016-04-14 06:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-08-11 15:57 - 2016-04-14 06:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-08-11 15:57 - 2016-04-09 00:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-08-11 15:57 - 2016-04-09 00:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-08-11 15:57 - 2016-04-09 00:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-08-11 15:57 - 2016-04-08 23:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-08-11 15:57 - 2016-04-08 23:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-08-11 15:57 - 2016-04-08 23:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-08-11 15:57 - 2016-04-08 23:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-08-11 15:57 - 2016-04-08 23:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-08-11 15:57 - 2016-04-08 23:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-08-11 15:57 - 2016-04-08 23:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-08-11 15:57 - 2016-04-08 23:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-08-11 15:57 - 2016-04-08 23:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-08-11 15:57 - 2016-04-08 23:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 22:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-08-11 15:57 - 2016-04-08 22:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-08-11 15:57 - 2016-04-08 22:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-08-11 15:57 - 2016-04-08 22:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-08-11 15:57 - 2016-04-08 22:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-08-11 15:57 - 2016-04-08 22:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-08-11 15:57 - 2016-04-08 22:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-08-11 15:57 - 2016-04-08 22:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-08-11 15:57 - 2016-04-08 22:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-08-11 15:57 - 2016-04-08 22:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-08-11 15:57 - 2016-04-08 22:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 22:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 22:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-08-11 15:57 - 2016-04-08 22:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-08-11 15:57 - 2016-03-16 11:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-08-11 15:57 - 2016-03-16 11:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-08-11 15:57 - 2016-03-16 11:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-08-11 15:57 - 2016-03-09 12:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-08-11 15:57 - 2016-03-09 11:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-08-11 15:56 - 2016-06-25 17:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-08-11 15:56 - 2016-06-25 17:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-08-11 15:56 - 2016-06-25 17:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-08-11 15:56 - 2016-06-25 17:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-08-11 15:56 - 2016-06-25 17:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-08-11 15:56 - 2016-06-25 12:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-08-11 15:56 - 2016-06-25 12:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-08-11 15:56 - 2016-06-25 12:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-08-11 15:56 - 2016-06-25 12:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-08-11 15:56 - 2016-06-25 12:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-08-11 15:56 - 2016-05-18 09:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-08-11 15:56 - 2016-05-18 09:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-08-11 15:56 - 2016-05-13 15:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-08-11 15:56 - 2016-05-13 15:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-08-11 15:56 - 2016-05-13 15:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-08-11 15:56 - 2016-05-13 15:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-08-11 15:56 - 2016-05-13 15:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-08-11 15:56 - 2016-05-13 14:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-08-11 15:56 - 2016-05-13 14:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-08-11 15:56 - 2016-05-13 14:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-08-11 15:56 - 2016-05-13 14:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-08-11 15:56 - 2016-05-13 14:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-08-11 15:56 - 2016-05-12 10:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-08-11 15:56 - 2016-05-12 10:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-11 15:56 - 2016-05-12 10:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-08-11 15:56 - 2016-05-12 10:14 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-08-11 15:56 - 2016-05-12 10:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-08-11 15:56 - 2016-05-12 10:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-08-11 15:56 - 2016-05-12 10:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-08-11 15:56 - 2016-05-12 10:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-08-11 15:56 - 2016-05-12 10:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-08-11 15:56 - 2016-05-12 08:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-08-11 15:56 - 2016-05-12 08:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-08-11 15:56 - 2016-05-12 08:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-08-11 15:56 - 2016-05-12 08:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-08-11 15:56 - 2016-05-12 08:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-08-11 15:56 - 2016-05-12 08:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-11 15:56 - 2016-05-12 08:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-08-11 15:56 - 2016-05-12 07:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-08-11 15:56 - 2016-05-12 07:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-08-11 15:56 - 2016-05-12 07:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-08-11 15:56 - 2016-05-12 07:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-08-11 15:56 - 2016-05-12 07:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2016-08-11 15:56 - 2016-05-11 10:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-08-11 15:56 - 2016-05-11 08:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-08-11 15:56 - 2016-04-14 09:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-08-11 15:56 - 2016-04-14 09:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-08-11 15:56 - 2016-04-14 09:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-08-11 15:56 - 2016-04-14 09:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-08-11 15:56 - 2016-04-14 09:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-08-11 15:56 - 2016-04-14 09:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-08-11 15:56 - 2016-04-14 08:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-08-11 15:56 - 2016-04-14 08:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-08-11 15:56 - 2016-04-14 08:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-08-11 15:56 - 2016-04-14 08:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-08-11 15:56 - 2016-04-14 08:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-08-11 15:56 - 2016-04-14 08:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-08-11 15:56 - 2016-04-09 00:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-08-11 15:56 - 2016-04-09 00:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-08-11 15:56 - 2016-04-08 23:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-08-11 15:56 - 2016-04-08 21:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-08-11 15:56 - 2016-04-08 20:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-08-11 15:56 - 2016-03-09 11:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-08-11 15:56 - 2016-03-09 11:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-08-11 15:50 - 2016-07-08 08:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-11 13:44 - 2016-08-11 13:58 - 00000000 ____D C:\Users\HP\AppData\Roaming\Notepad++
2016-08-11 13:44 - 2016-08-11 13:44 - 00001023 _____ C:\Users\Public\Desktop\Notepad++.lnk
2016-08-11 13:44 - 2016-08-11 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-08-11 13:44 - 2016-08-11 13:44 - 00000000 ____D C:\Program Files (x86)\Notepad++
2016-08-11 10:37 - 2016-08-11 10:37 - 00000000 ____D C:\Users\HP\AppData\Local\IVPN_Limited
2016-08-11 10:34 - 2016-08-11 10:34 - 00000000 ____D C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IVPN
2016-08-11 10:34 - 2016-08-11 10:34 - 00000000 ____D C:\Program Files\IVPN Client
2016-08-11 06:50 - 2016-08-11 06:50 - 00000020 _____ C:\Windows\€õá
2016-08-11 06:02 - 2016-08-11 06:50 - 00002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2016-08-11 06:02 - 2016-08-11 06:50 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-08-11 06:02 - 2016-08-11 06:50 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-08-11 06:02 - 2016-08-11 06:02 - 00000000 ____D C:\Windows\en
2016-08-11 06:02 - 2016-08-11 06:02 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-08-11 06:01 - 2016-08-11 06:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-08-11 06:01 - 2014-03-31 21:06 - 00058056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2016-08-11 06:01 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-08-11 06:01 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-08-11 06:01 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-08-11 06:01 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-08-11 06:01 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-08-11 06:01 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-08-11 06:01 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-08-11 06:01 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-08-11 06:00 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-08-11 06:00 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-08-11 06:00 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-08-11 06:00 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2016-08-11 05:59 - 2016-08-11 05:59 - 00002166 _____ C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-08-11 05:59 - 2016-08-11 05:59 - 00002104 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-08-11 05:59 - 2016-08-11 05:59 - 00002104 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-08-11 05:59 - 2016-08-11 05:59 - 00000000 ___RD C:\Users\HP\OneDrive
2016-08-11 05:59 - 2016-08-11 05:59 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-08-11 05:59 - 2016-08-11 05:59 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2016-08-11 00:23 - 2016-08-11 00:23 - 00000000 ____D C:\Users\HP\AppData\Local\CrashDumps
2016-08-11 00:02 - 2016-08-11 00:02 - 36138288 _____ (Microsoft Corporation) C:\Users\HP\Downloads\IE9-WindowsVista-x64-enu.exe
2016-08-10 23:56 - 2016-08-10 23:57 - 55915216 _____ (Microsoft Corporation) C:\Users\HP\Downloads\IE11-Windows6.1-x64-en-us.exe
2016-08-10 23:51 - 2016-08-10 23:51 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-10 22:17 - 2016-08-10 22:17 - 00000000 ____D C:\Program Files\Google
2016-08-10 22:16 - 2016-08-10 22:16 - 00001905 _____ C:\Users\Public\Desktop\GlassWire.lnk
2016-08-10 22:16 - 2016-08-10 22:16 - 00000000 ____D C:\Users\HP\AppData\Local\GlassWire
2016-08-10 22:16 - 2016-08-10 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2016-08-10 22:15 - 2016-08-10 22:16 - 00000000 ____D C:\Program Files (x86)\GlassWire
2016-08-10 22:15 - 2016-08-10 22:15 - 00000000 ____D C:\ProgramData\GlassWire
2016-08-10 22:15 - 2015-05-28 21:30 - 00008657 _____ C:\Windows\system32\Drivers\gwdrv.cat
2016-08-10 22:15 - 2015-05-28 21:15 - 00033248 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-12 16:17 - 2014-11-24 21:09 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-12 15:41 - 2016-02-07 20:01 - 00000000 ____D C:\Users\HP\AppData\Roaming\Skype
2016-08-12 15:38 - 2016-02-06 17:22 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-08-12 13:04 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-08-12 11:42 - 2009-07-13 22:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-12 11:42 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-08-11 22:16 - 2014-11-24 21:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-11 20:51 - 2016-02-07 20:01 - 00000000 ____D C:\ProgramData\Skype
2016-08-11 20:50 - 2016-02-08 17:49 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-11 16:39 - 2009-07-13 21:45 - 00027888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-11 16:39 - 2009-07-13 21:45 - 00027888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-11 16:30 - 2009-07-13 21:45 - 00481752 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-11 16:29 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-11 16:28 - 2016-02-06 23:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-08-11 16:28 - 2016-02-06 23:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-08-11 16:25 - 2016-02-21 15:20 - 00000000 ____D C:\Users\HP\AppData\Local\Eraser 6
2016-08-11 16:25 - 2016-02-11 13:23 - 00000000 ____D C:\Users\HP\AppData\Roaming\KeePass
2016-08-11 16:13 - 2016-02-06 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-08-11 15:41 - 2016-03-19 21:05 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-08-11 09:27 - 2016-02-08 08:14 - 00000000 ____D C:\MEDICAL
2016-08-11 07:23 - 2016-02-07 20:23 - 00007891 _____ C:\Windows\BRRBCOM.INI
2016-08-11 06:49 - 2016-02-11 13:30 - 00001458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-08-11 06:45 - 2016-02-08 11:42 - 00000000 ____D C:\Users\HP\Tracing
2016-08-11 06:05 - 2016-02-11 13:27 - 00000000 ____D C:\Users\HP\AppData\Local\Windows Live
2016-08-11 06:01 - 2016-02-11 13:30 - 00000000 ____D C:\Program Files\Windows Live
2016-08-11 06:01 - 2016-02-11 13:30 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-08-11 05:59 - 2014-11-25 00:21 - 00000000 ____D C:\Users\HP
2016-08-11 00:18 - 2016-04-16 11:22 - 00002259 _____ C:\Users\HP\Desktop\Google Chrome.lnk
2016-08-10 22:29 - 2016-03-19 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-08-10 22:29 - 2016-03-19 21:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-08-10 22:26 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-08-10 22:20 - 2016-02-06 17:22 - 00943536 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-08-10 22:20 - 2015-06-11 20:32 - 00049240 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys
2016-08-10 22:18 - 2016-02-28 08:39 - 00001927 _____ C:\Users\Public\Desktop\Google Web Designer.lnk
2016-08-10 22:18 - 2016-02-28 08:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Web Designer
2016-08-10 22:18 - 2014-11-24 21:09 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-10 22:11 - 2016-02-07 10:51 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-08-10 22:11 - 2014-11-24 21:09 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-10 22:11 - 2014-11-24 21:09 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-10 22:09 - 2016-02-07 10:50 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-10 22:09 - 2010-11-21 00:17 - 00000000 ____D C:\Windows\ShellNew
2016-08-10 22:03 - 2015-07-04 03:18 - 00237480 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-08-10 21:37 - 2016-02-08 08:22 - 00000000 ____D C:\jdb
2016-08-10 21:32 - 2016-02-08 08:38 - 00000000 ____D C:\invest
2016-07-26 14:24 - 2010-11-20 20:27 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2016-02-06 16:04 - 2016-02-06 16:04 - 6871040 _____ () C:\Program Files (x86)\GUT24CF.tmp
2016-04-16 14:25 - 2016-04-16 14:25 - 0000017 _____ () C:\Users\HP\AppData\Local\resmon.resmoncfg

Files to move or delete:
====================
C:\Users\HP\googlewebdesigner_win.exe


Some files in TEMP:
====================
C:\Users\HP\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-12 12:56

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2016 01
Ran by HP (2016-08-12 16:37:33)
Running from C:\jdb\tech\security\hacking&phishing
Windows 7 Professional Service Pack 1 (X64) (2014-11-25 07:21:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4114162118-3736916806-3957086004-500 - Administrator - Disabled)
Guest (S-1-5-21-4114162118-3736916806-3957086004-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4114162118-3736916806-3957086004-1002 - Limited - Enabled)
HP (S-1-5-21-4114162118-3736916806-3957086004-1000 - Administrator - Enabled) => C:\Users\HP

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7+ Taskbar Tweaker v5.1 (HKU\S-1-5-21-4114162118-3736916806-3957086004-1000\...\7 Taskbar Tweaker) (Version: 5.1 - RaMMicHaeL)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-4114162118-3736916806-3957086004-1000\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
ArcSoft PhotoStudio 5 (HKLM-x32\...\{4B9068FE-32D0-4EC5-95D8-9A0FD09DE751}) (Version: - )
Brother MFL-Pro Suite MFC-J450DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3115 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Desktop Rover v4.5.0.1 (HKLM-x32\...\{0216DE3E-4427-49FB-B781-F4A972F7BC8A}) (Version: 4.5.1 - Neslo Software, Inc.)
Eraser 6.2.0.2970 (HKLM\...\{58F37E51-2A83-49F3-9117-6005C63CF399}) (Version: 6.2.2970 - The Eraser Project)
GlassWire 1.2 (remove only) (HKLM-x32\...\GlassWire 1.2) (Version: 1.2.73 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.3.5.0 - Google Inc.)
HP SoftPaq Download Manager (HKLM-x32\...\{B50981AD-95E8-4E4D-912A-7C4B738387CA}) (Version: 3.4.6.0 - Hewlett-Packard Company)
HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
HTML-Kit Tools (HKLM-x32\...\HTMLKitTools_is1) (Version: 1.0 - HTML-Kit.com)
IVPN Client (HKLM\...\IVPN Client) (Version: 2.6 - IVPN Limited)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
KeePass Password Safe 2.22 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: - Dominik Reichl)
LibreOffice 5.1.0.3 (HKLM-x32\...\{2F75F86D-8362-4F49-9536-D87DCBF6ABAE}) (Version: 5.1.0.3 - The Document Foundation)
Malwarebytes Anti-Exploit version 1.8.1.2572 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2572 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Garage Mouse without Borders (HKLM-x32\...\{D3BC954F-D661-474C-B367-30EB6E56542E}) (Version: 2.1.5.1103 - Microsoft Garage)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4114162118-3736916806-3957086004-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU (HKLM-x32\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU (HKLM-x32\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
Nero 7 Essentials (HKLM-x32\...\{C1E544E5-EF3C-4103-A57B-3A499FD91033}) (Version: 7.02.4142 - Nero AG)
NetObjects Fusion Essentials (HKLM-x32\...\{9EC8A91B-DE6A-4AA8-A136-1FAF1ACDF595}) (Version: 13.0 - NetObjects)
NetObjects Fusion Essentials (x32 Version: 13.00.0000.5598 - NetObjects) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Opera 12.18 (HKLM-x32\...\Opera 12.18.1872) (Version: 12.18.1872 - Opera Software ASA)
SeaMonkey 2.39 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.39 (x86 en-US)) (Version: 2.39 - Mozilla)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7255 - Analog Devices)
SyncToy 2.1 (x86) (HKLM-x32\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Vivaldi (HKU\S-1-5-21-4114162118-3736916806-3957086004-1000\...\Vivaldi) (Version: 1.0.435.42 - Vivaldi)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B40F608-CC06-4FC6-BA3D-50EB7E8F0399} - System32\Tasks\{46864459-D446-4675-A58C-E519C99F98AE} => Chrome.exe
Task: {1429DC20-47E7-41AE-862B-2C7672860C3C} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec [Argument = /RestartRecording]
Task: {253E81C4-4343-4D01-A027-23C5EE2F8CF9} - System32\Tasks\{21526027-8D4B-4768-8FE4-062E2609D4E7} => Chrome.exe
Task: {4E84FB8B-54A3-4F6B-A111-20F56B0B8C0D} - System32\Tasks\{913B356A-1229-4B54-B257-335B56EB2608} => Chrome.exe
Task: {61B8EC44-1770-494B-8474-6C80389480A5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {79436D0E-7700-4244-87D6-34C478A99697} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate [Argument = $(Arg0)]
Task: {BDA0FBEC-09F1-4E3D-B5C8-1F8BA3CC7918} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-11] (Google Inc.)
Task: {C6B8EFFE-B1AC-47DA-979F-7DCB2B829320} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec [Argument = /StartRecording]
Task: {D2190BC7-4A2C-4C83-88DF-A442850D66FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-11] (Google Inc.)
Task: {EF3AFF83-73F4-476F-8A98-579E6929236B} - System32\Tasks\{B7D01B4F-4C4D-4EE5-8F12-45DC5F221593} => pcalua.exe -a "C:\Users\HP\Downloads\NetObjects Fusion Essentials 2014.exe" -d C:\Users\HP\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-05-17 15:42 - 2016-05-17 15:42 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-09-22 10:44 - 2015-09-22 10:44 - 00045680 _____ () C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MousewithoutBordersHelper.exe
2015-07-09 00:18 - 2015-07-09 00:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll
2016-02-10 17:09 - 2016-02-10 17:09 - 00077824 _____ () C:\Program Files\IVPN Client\IVPN Firewall Native.dll
2016-02-07 20:21 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-03-31 22:35 - 2014-03-31 22:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
2015-08-04 06:25 - 2015-08-04 06:25 - 00175144 _____ () C:\Program Files\IVPN Client\OpenVPN\x86\liblzo2-2.dll
2015-08-04 06:25 - 2015-08-04 06:25 - 00112736 _____ () C:\Program Files\IVPN Client\OpenVPN\x86\libpkcs11-helper-1.dll
2016-02-07 18:26 - 2016-02-19 19:16 - 00835584 _____ () C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
2016-02-07 18:26 - 2016-02-19 19:16 - 00093696 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
2016-02-07 18:26 - 2016-02-19 19:16 - 00094208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
2016-02-07 18:26 - 2016-02-19 19:16 - 00057344 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
2016-02-07 18:26 - 2016-02-19 19:16 - 00096256 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
2016-02-07 18:26 - 2016-02-19 19:16 - 00062976 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
2016-02-07 18:26 - 2016-02-19 19:16 - 00067072 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
2016-02-07 18:26 - 2016-02-19 19:16 - 00158208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2016-02-07 18:26 - 2016-02-19 19:16 - 00312832 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
2016-02-07 18:26 - 2016-02-19 19:16 - 00038912 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
2016-02-07 18:26 - 2016-02-19 19:16 - 00073728 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
2016-02-07 18:26 - 2016-02-19 19:16 - 00101888 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4114162118-3736916806-3957086004-1000\...\microsoft.com -> hxxp://*.windowsupdate.microsoft.com
IE trusted site: HKU\S-1-5-21-4114162118-3736916806-3957086004-1000\...\windowsupdate.com -> hxxp://windowsupdate.com
IE trusted site: HKU\S-1-5-21-4114162118-3736916806-3957086004-1000\...\windowsupdate.com -> hxxps://windowsupdate.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4114162118-3736916806-3957086004-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.22.16.1 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Desktop Rover Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: MouseWithoutBordersSvc => 2
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{493FDF55-12EE-48B4-A1FA-6AB06D23F760}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{9F9F74D5-9D4B-4691-AF4B-EB3E764CF9C0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{7C60DD0E-8B18-4816-9BD6-F3FB94CD1924}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{E7DBF45F-B77D-4713-ADD9-B035D7E3B03B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{4E0D41AD-1203-4FE4-9109-3059AF78645C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{5B9DAE66-68BD-461A-BC6B-AE80307F65B6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{8007119C-6F1F-44C9-8500-C7649382931D}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe
FirewallRules: [{B7A91581-29EF-4B0A-B11E-FFC017C90D8E}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe
FirewallRules: [{5CEA2B73-D85E-4161-9E3F-FDBC4D4B9AE9}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe
FirewallRules: [{28C8592A-78E1-4931-8B62-D609A8D053E4}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe
FirewallRules: [{2AA8C8F4-5AA9-43FB-8DD8-B4CD9732E20B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2AB45A50-9984-4E4F-A670-32A38EAF8D34}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE
FirewallRules: [{0082AD28-4F5F-49C8-8DA5-84AC79D58154}] => (Allow) LPort=54925
FirewallRules: [{A083ED21-6FF6-492C-941B-F243B6F3F780}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6C085487-CF10-480E-B61C-F7A347C4FEE4}] => (Allow) LPort=2869
FirewallRules: [{E90F049E-4AC5-457C-9C14-9DFFFC90CB10}] => (Allow) LPort=1900
FirewallRules: [{7FA25B80-FA56-4E7E-85B9-6BB11DA03951}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{E14B5ADB-27F3-4E51-8E99-5D7B60F32ABD}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{DB8E9F22-6AD4-4CC1-9454-65275ECFA31E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{174FFE41-0B87-4AEB-82EB-9134FDEBB0AA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B0588A34-7764-4D8E-A77D-063CCC052BF0}] => (Allow) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
FirewallRules: [{1A5879D4-E735-4C6F-B08D-3C4BEBB3F2D1}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{7B3065D1-7FA6-4C7C-9082-31A655D55BD0}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{45BB7439-B96E-4AD5-B00B-FC674EB4AA73}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2A953C79-9F33-4C25-9A9C-98DDE6EECECF}] => (Allow) C:\Users\HP\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{A7C55891-FB20-4720-B3C1-425F7825F693}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

==================== Restore Points =========================

10-08-2016 22:07:01 Windows Modules Installer
11-08-2016 05:57:30 Windows Live Essentials
11-08-2016 06:00:05 Installed DirectX
11-08-2016 06:00:34 Installed DirectX
11-08-2016 06:00:54 Installed DirectX
11-08-2016 06:01:25 WLSetup
11-08-2016 06:48:19 Installed DirectX
11-08-2016 06:48:33 Installed DirectX
11-08-2016 06:48:51 Installed DirectX
11-08-2016 10:35:04 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
11-08-2016 15:58:28 Windows Update
11-08-2016 16:45:27 Windows Update
11-08-2016 16:53:17 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/11/2016 04:30:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2016 09:17:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6a8

Start Time: 01d1f3a08deae274

Termination Time: 0

Application Path: C:\Windows\Explorer.EXE

Report Id:

Error: (08/11/2016 06:47:23 AM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422

Error: (08/11/2016 06:45:07 AM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422

Error: (08/11/2016 06:45:07 AM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422

Error: (08/11/2016 06:45:07 AM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422

Error: (08/11/2016 06:45:07 AM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422

Error: (08/11/2016 06:05:58 AM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422

Error: (08/11/2016 06:05:57 AM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422

Error: (08/11/2016 06:05:57 AM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422


System errors:
=============
Error: (08/12/2016 03:39:03 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (08/12/2016 03:39:02 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (08/12/2016 03:38:53 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (08/12/2016 03:38:48 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (08/12/2016 02:20:02 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (08/12/2016 02:19:47 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (08/12/2016 02:19:20 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (08/12/2016 02:04:18 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (08/12/2016 02:04:16 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (08/12/2016 02:04:03 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422


CodeIntegrity:
===================================
Date: 2016-02-07 09:59:49.169
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-02-07 09:59:49.169
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-02-07 09:59:49.153
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-02-07 09:59:49.153
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-02-07 09:59:39.013
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-02-07 09:59:38.997
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-02-07 09:58:17.019
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-02-07 09:58:16.551
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-02-07 00:45:57.954
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-02-07 00:45:57.954
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E8500 @ 3.16GHz
Percentage of memory in use: 58%
Total physical RAM: 3799.25 MB
Available physical RAM: 1579.52 MB
Total Virtual: 7596.68 MB
Available Virtual: 4836.53 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:121.56 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (ARCSOFT) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 5EFE6EF6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 plucky_amateur

plucky_amateur
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 12 August 2016 - 07:48 PM

Admin please subsequent delete multiple posts.  I kept getting server timeouts and hit post several times not knowing it had posted.


Edited by plucky_amateur, 12 August 2016 - 07:54 PM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:28 AM

Posted 13 August 2016 - 01:30 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your logs are clean.

The Windows Firewall is disabled by the Kaspersky FireWall.
You cannot have two Firewall working in simultaneously.

===

Some observations I made.


Your version(s) of Adobe Flash are out-or-date and vulnerable.
Go to Start > Control Panel > Programs and Features and uninstall the following programs:
Adobe Flash Player 15 ActiveX

Go to this page with Firefox to download the current version for your browsers:
https://get.adobe.com/flashplayer/

Note:
Flash Player is pre-installed in Google Chrome and updates automatically!
Flash Player is pre-installed in IE/Hedge and updates automatically!
===


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)

Let me know if you have any other problems with this computer.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:28 AM

Posted 19 August 2016 - 09:24 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users