Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

regsvr32.exe running multiple times


  • This topic is locked This topic is locked
18 replies to this topic

#1 Liquidvela

Liquidvela

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 16 September 2016 - 06:20 PM

I have read the other posts pertaining to this topic. My computer is running multiple regsvr32.exe's at the same time and 1 of them is taking up a ton of memory. I have run the malware and antivirus things and nothing is showing up there. I have done the search's to manually remove this, and regedit searches also. I cannot find this if it's there. Is this really the virus or could something else entirely be wrong? Thank you!



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:18 AM

Posted 17 September 2016 - 09:55 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


:step4: Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Liquidvela

Liquidvela
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 18 September 2016 - 11:17 AM

Here are the 1st 2 steps results
 
1: Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 91  
 Java version 32-bit out of Date!
 Adobe Flash Player 23.0.0.162  
 Mozilla Firefox (48.0.2)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

the Malwarebytes found nothing and said no clean up needed.

Waiting on AdwCleaner.



#4 Liquidvela

Liquidvela
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 19 September 2016 - 10:55 AM

This is the Adware thing:# AdwCleaner v6.020 - Logfile created 19/09/2016 at 10:48:59
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-18.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Marie - MARIE-PC
# Running from : C:\Users\Marie\Downloads\AdwCleaner.exe
# Mode: Scan
# Support : https://toolslib.net/forum



***** [ Services ] *****

Service Found:  CouponPrinterService


***** [ Folders ] *****

Folder Found:  C:\Users\Marie\AppData\LocalLow\Toolbar4
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found:  C:\Program Files (x86)\Coupons


***** [ Files ] *****

File Found:  C:\Users\Marie\AppData\Local\Microsoft\Internet Explorer\DOMStore\UQ5O3KKM\myway[1].xml
File Found:  C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\rp4nczxw.default\searchplugins\bingp.xml


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found:  HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found:  HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found:  HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKLM\SOFTWARE\SmartPCFixer
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Found:  [x64] HKLM\SOFTWARE\SmartPCFixer
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
Key Found:  HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found:  HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [3408 Bytes] - [19/09/2016 10:48:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3481 Bytes] ##########



#5 Liquidvela

Liquidvela
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 19 September 2016 - 11:20 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-09-2016
Ran by Marie (administrator) on MARIE-PC (19-09-2016 10:59:37)
Running from C:\Users\Marie\Downloads
Loaded Profiles: Marie (Available Profiles: Marie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [576376 2012-02-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-357353760-3769071833-2985692640-1000\...\MountPoints2: E - E:\iStudio.exe
HKU\S-1-5-21-357353760-3769071833-2985692640-1000\...\MountPoints2: {3cc8b10a-bd0c-11e4-92d7-6002925508b4} - E:\iStudio.exe
HKU\S-1-5-21-357353760-3769071833-2985692640-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-357353760-3769071833-2985692640-1000] => localhost:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2BD457C8-C045-4697-8D1E-6FB5D80539A3}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{3B0F0290-96AC-4B0D-97CD-62E4082B5841}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{57403A56-DC0F-4C61-8967-3DB5E8FAA7AB}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-357353760-3769071833-2985692640-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.coupons.com/
HKU\S-1-5-21-357353760-3769071833-2985692640-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=U221DHP&pc=U221
HKU\S-1-5-21-357353760-3769071833-2985692640-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-357353760-3769071833-2985692640-1000 -> DefaultScope {3A326A70-BEBA-413F-A479-EC9522F0E969} URL = hxxp://www.bing.com/search?FORM=U221DF&PC=U221&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-357353760-3769071833-2985692640-1000 -> 8F78F5667FFF4DCF9F3F55E6C66B0ECD URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US662D20141023&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-357353760-3769071833-2985692640-1000 -> {3A326A70-BEBA-413F-A479-EC9522F0E969} URL = hxxp://www.bing.com/search?FORM=U221DF&PC=U221&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-357353760-3769071833-2985692640-1000 -> {3F9719C5-EF3F-4A3E-BC09-D6AD0FA461BF} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-29] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-29] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-357353760-3769071833-2985692640-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)

FireFox:
========
FF ProfilePath: C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\rp4nczxw.default
FF DefaultSearchEngine: Bing
FF DefaultSearchEngine.US: Bing
FF SearchEngineOrder.1: Secure Search
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://acer13.msn.com/?pc=ACJB
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.)
FF SearchPlugin: C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\rp4nczxw.default\searchplugins\bingp.xml [2014-12-02]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-12-02]
FF Extension: (Firefox Hotfix) - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\rp4nczxw.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows ® Win 7 DDK provider) [File not signed]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413736 2015-09-18] (Coupons.com Inc.)
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-11-19] (WildTangent)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()
R2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [19552 2015-12-14] (Olof Lagerkvist)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S4 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3519984 2016-01-27] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2015-08-02] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AWEAlloc; C:\Windows\System32\DRIVERS\awealloc.sys [21048 2015-12-14] (Olof Lagerkvist)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-09-16] ()
R2 ImDisk; C:\Windows\System32\DRIVERS\imdisk.sys [48704 2015-12-14] (Olof Lagerkvist)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2013-06-19] (Qualcomm Atheros Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2016-07-25] (Scarlet.Crush Productions)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [14368 1999-09-22] () [File not signed]
S3 Tosrfcom; no ImagePath
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
S0 is3srv; SySWOW64\drivers\is3srv64.sys [X]
S0 szkg5; SySWOW64\drivers\szkg64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-19 10:59 - 2016-09-19 10:59 - 00016164 _____ C:\Users\Marie\Downloads\FRST.txt
2016-09-19 10:59 - 2016-09-19 10:59 - 00000000 ____D C:\Users\Marie\Downloads\FRST-OlderVersion
2016-09-19 10:47 - 2016-09-19 10:48 - 00000000 ____D C:\AdwCleaner
2016-09-18 11:41 - 2016-09-18 13:53 - 00000000 ____D C:\Users\Marie\AppData\Roaming\Tera_Awesomium
2016-09-18 10:26 - 2016-09-18 11:11 - 00000000 ____D C:\Users\Marie\Desktop\mbar
2016-09-18 10:26 - 2016-09-18 11:11 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-09-18 10:18 - 2016-09-19 10:50 - 00000000 ____D C:\Users\Marie\Desktop\New folder
2016-09-17 15:40 - 2016-09-17 15:40 - 00000384 _____ C:\Windows\system32\Drivers\kgpcpy.cfg
2016-09-17 11:01 - 2016-09-17 11:01 - 00000016 _____ C:\Windows\system32\config\software.szfi
2016-09-16 17:08 - 2016-09-17 15:50 - 00000000 ____D C:\ProgramData\STOPzilla!
2016-09-16 16:46 - 2016-09-19 10:59 - 00000000 ____D C:\FRST
2016-09-16 16:46 - 2016-09-16 16:46 - 00000000 _____ C:\autoexec.bat
2016-09-16 16:45 - 2016-09-16 16:45 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-09-16 16:31 - 2016-09-19 10:59 - 02400256 _____ (Farbar) C:\Users\Marie\Downloads\FRST64.exe
2016-09-16 13:55 - 2016-09-16 13:55 - 00000271 _____ C:\Users\Marie\Desktop\programs running multiple times in processes [Solved] - Virus, Spyware, Malware Removal.URL
2016-09-15 20:34 - 2015-12-20 13:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-09-15 20:34 - 2015-12-20 13:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-09-15 20:34 - 2015-12-20 09:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-09-15 15:54 - 2016-09-15 20:34 - 00000000 ____D C:\Users\Marie\AppData\Local\Discord
2016-09-15 15:32 - 2016-09-15 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-15 15:28 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2016-09-15 15:28 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2016-09-15 15:28 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2016-09-15 15:09 - 2016-09-15 15:09 - 00000000 ____D C:\Program Files (x86)\SmartPCFixer
2016-09-14 11:30 - 2016-09-14 11:30 - 00187750 _____ C:\Users\Marie\Documents\cc_regcleaner1.reg
2016-09-14 02:48 - 2016-09-01 14:26 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-14 02:48 - 2016-09-01 13:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-09-14 02:48 - 2016-08-31 22:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-09-14 02:48 - 2016-08-31 22:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-14 02:48 - 2016-08-31 21:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-09-14 02:48 - 2016-08-31 21:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-14 02:48 - 2016-08-31 21:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-09-14 02:48 - 2016-08-31 21:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-09-14 02:48 - 2016-08-31 21:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-09-14 02:48 - 2016-08-31 21:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-14 02:48 - 2016-08-31 21:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-09-14 02:48 - 2016-08-31 21:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-09-14 02:48 - 2016-08-31 21:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-09-14 02:48 - 2016-08-31 21:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-14 02:48 - 2016-08-31 21:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-09-14 02:48 - 2016-08-31 21:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-09-14 02:48 - 2016-08-31 21:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-09-14 02:48 - 2016-08-31 20:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-09-14 02:48 - 2016-08-31 20:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-09-14 02:48 - 2016-08-31 20:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-09-14 02:48 - 2016-08-31 20:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-09-14 02:48 - 2016-08-31 20:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-09-14 02:48 - 2016-08-31 20:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-09-14 02:48 - 2016-08-31 20:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-09-14 02:48 - 2016-08-31 20:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-14 02:48 - 2016-08-31 20:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-09-14 02:48 - 2016-08-31 20:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-09-14 02:48 - 2016-08-31 20:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-14 02:48 - 2016-08-31 20:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-14 02:48 - 2016-08-31 19:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-14 02:48 - 2016-08-31 19:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-14 02:48 - 2016-08-31 19:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-14 02:48 - 2016-08-31 19:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-14 02:48 - 2016-08-31 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-09-14 02:48 - 2016-08-31 19:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-14 02:48 - 2016-08-31 19:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-09-14 02:48 - 2016-08-31 19:24 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-14 02:48 - 2016-08-31 19:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-14 02:48 - 2016-08-31 19:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-14 02:48 - 2016-08-31 19:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-14 02:48 - 2016-08-31 19:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-09-14 02:48 - 2016-08-31 19:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-14 02:48 - 2016-08-31 19:15 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-09-14 02:48 - 2016-08-31 19:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-14 02:48 - 2016-08-31 19:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-14 02:48 - 2016-08-31 19:11 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-09-14 02:48 - 2016-08-31 19:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-14 02:48 - 2016-08-31 19:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-14 02:48 - 2016-08-31 19:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-14 02:48 - 2016-08-31 19:03 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-09-14 02:48 - 2016-08-31 18:59 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-14 02:48 - 2016-08-31 18:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-09-14 02:48 - 2016-08-31 18:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-14 02:48 - 2016-08-31 18:47 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-14 02:48 - 2016-08-31 18:46 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-14 02:48 - 2016-08-31 18:44 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-14 02:48 - 2016-08-31 18:42 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-09-14 02:48 - 2016-08-31 18:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-14 02:48 - 2016-08-31 18:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-14 02:48 - 2016-08-31 18:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-14 02:48 - 2016-08-31 18:27 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-09-14 02:48 - 2016-08-31 18:26 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-14 02:48 - 2016-08-31 18:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-14 02:48 - 2016-08-31 18:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-14 02:48 - 2016-08-31 17:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-14 02:48 - 2016-08-31 17:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-14 02:47 - 2016-09-02 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-14 02:47 - 2016-09-02 10:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-14 02:47 - 2016-09-02 10:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-14 02:47 - 2016-09-02 10:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-14 02:47 - 2016-09-02 10:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-14 02:47 - 2016-09-02 10:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-14 02:47 - 2016-09-02 10:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-14 02:47 - 2016-09-02 10:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-09-14 02:47 - 2016-09-02 10:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-09-14 02:47 - 2016-09-02 10:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-14 02:47 - 2016-09-02 10:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-14 02:47 - 2016-09-02 10:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-14 02:47 - 2016-09-02 10:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-14 02:47 - 2016-09-02 10:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-14 02:47 - 2016-09-02 10:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-14 02:47 - 2016-09-02 10:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-09-14 02:47 - 2016-09-02 10:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-09-14 02:47 - 2016-09-02 10:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 10:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-14 02:47 - 2016-09-02 10:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-14 02:47 - 2016-09-02 10:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-14 02:47 - 2016-09-02 10:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-14 02:47 - 2016-09-02 09:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-09-14 02:47 - 2016-09-02 09:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-14 02:47 - 2016-09-02 09:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-14 02:47 - 2016-09-02 09:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-14 02:47 - 2016-09-02 09:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-14 02:47 - 2016-09-02 09:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-14 02:47 - 2016-09-02 09:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-09-14 02:47 - 2016-09-02 09:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-14 02:47 - 2016-09-02 09:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-09-14 02:47 - 2016-09-02 09:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-09-14 02:47 - 2016-09-02 09:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-09-14 02:47 - 2016-09-02 09:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-09-14 02:47 - 2016-09-02 09:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-09-14 02:47 - 2016-09-02 09:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 09:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 02:47 - 2016-09-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-14 02:47 - 2016-08-16 12:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-14 02:47 - 2016-08-15 21:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-14 02:47 - 2016-08-15 21:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-14 02:47 - 2016-08-12 11:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-14 02:47 - 2016-08-12 11:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-14 02:47 - 2016-08-12 11:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-14 02:47 - 2016-06-06 11:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-09-14 02:47 - 2016-06-06 11:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-09-14 02:47 - 2016-06-06 11:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-09-14 02:47 - 2016-06-06 11:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-09-14 02:47 - 2016-06-06 10:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-09-14 02:47 - 2016-06-06 10:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-09-14 02:47 - 2016-06-06 10:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-09-14 02:47 - 2016-06-06 10:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-09-14 02:47 - 2016-05-13 17:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-09-14 02:47 - 2016-05-13 17:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-09-14 02:47 - 2016-05-13 17:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-09-14 02:47 - 2016-05-13 17:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-09-14 02:47 - 2016-05-13 16:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-09-14 02:47 - 2016-05-13 16:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-09-14 02:47 - 2016-05-13 16:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-09-14 02:47 - 2016-05-13 16:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-09-14 02:47 - 2016-05-13 16:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-09-14 02:47 - 2016-05-13 16:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-09-14 02:47 - 2016-05-13 16:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-09-14 02:47 - 2016-05-13 16:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-09-14 02:47 - 2016-05-13 16:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-09-14 02:47 - 2016-05-13 16:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-09-14 02:47 - 2016-05-13 16:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-09-14 02:47 - 2016-05-13 16:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-09-14 02:47 - 2016-05-12 12:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-09-14 02:47 - 2016-05-12 10:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-09-14 02:47 - 2016-05-12 10:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-09-14 02:47 - 2016-05-04 12:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-09-14 02:47 - 2016-05-04 12:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-09-14 02:47 - 2016-05-04 12:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-09-14 02:47 - 2016-05-04 12:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-09-14 02:47 - 2016-05-04 12:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-09-14 02:47 - 2016-05-04 12:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-09-14 02:47 - 2016-05-04 12:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-09-14 02:47 - 2016-05-04 12:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-09-14 02:47 - 2016-05-04 12:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-09-14 02:47 - 2016-05-04 12:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-09-14 02:47 - 2016-05-04 10:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-09-14 02:47 - 2016-05-04 09:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-09-14 02:45 - 2016-08-06 10:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-14 02:45 - 2016-08-06 10:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-12 14:40 - 2016-09-12 14:40 - 00249449 _____ C:\Users\Marie\Documents\IMG_20160912_0001.pdf
2016-09-06 11:14 - 2015-08-05 12:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2016-09-06 11:14 - 2015-08-05 12:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2016-09-06 11:08 - 2016-07-07 10:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-09-06 11:08 - 2016-07-07 10:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-09-06 11:08 - 2016-07-07 10:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-09-06 11:08 - 2016-07-07 10:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-09-06 11:08 - 2016-07-01 10:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-06 11:08 - 2016-07-01 10:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-09-06 11:08 - 2016-07-01 10:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-09-06 11:08 - 2016-07-01 10:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-09-06 11:08 - 2015-12-16 13:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-09-06 11:08 - 2015-12-16 13:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-09-06 11:08 - 2015-12-16 13:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-09-06 11:08 - 2015-12-16 13:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-09-06 11:08 - 2015-12-16 13:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-09-06 11:08 - 2015-12-16 13:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-09-06 11:08 - 2015-12-16 13:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-09-06 11:08 - 2015-12-16 13:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-09-06 10:07 - 2016-09-15 15:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-06 10:07 - 2016-09-15 15:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-01 13:44 - 2016-09-17 15:40 - 00000000 ____D C:\Users\Marie\AppData\Roaming\1ae1a1
2016-09-01 13:44 - 2016-09-17 15:38 - 00000000 ____D C:\Users\Marie\AppData\Local\6104f2
2016-08-25 05:09 - 2016-08-25 20:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-23 17:33 - 2016-08-29 11:37 - 00000000 ____D C:\Users\Marie\AppData\Roaming\discord
2016-08-23 17:32 - 2016-09-15 15:54 - 00000000 ____D C:\Users\Marie\AppData\Local\SquirrelTemp
2016-08-20 19:53 - 2016-08-20 19:53 - 01401983 _____ C:\Users\Marie\Desktop\blaa.pdf
2016-08-20 19:47 - 2016-08-20 19:47 - 01421708 _____ C:\Users\Marie\Documents\IMG_20160820_0001.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-19 10:12 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-19 10:12 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-19 10:06 - 2014-05-21 01:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-19 10:04 - 2016-05-24 12:29 - 00000000 ____D C:\ProgramData\VMware
2016-09-19 10:03 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-18 11:38 - 2015-07-09 11:05 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-09-18 10:26 - 2015-10-26 13:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-18 10:26 - 2015-10-26 13:07 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-17 16:45 - 2009-07-14 00:13 - 00786022 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-17 16:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-09-17 02:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-09-16 17:10 - 2014-11-05 20:38 - 00000000 ____D C:\Windows\Minidump
2016-09-16 15:19 - 2014-11-01 17:46 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-16 14:44 - 2015-10-12 11:39 - 00007623 _____ C:\Users\Marie\AppData\Local\Resmon.ResmonCfg
2016-09-16 14:03 - 2016-05-24 12:27 - 00000000 ____D C:\Users\Marie\AppData\Roaming\Andy
2016-09-16 13:52 - 2016-05-24 12:33 - 00000000 ____D C:\Users\Marie\AppData\Roaming\VMware
2016-09-15 20:19 - 2009-07-13 23:45 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-15 19:17 - 2015-01-05 07:34 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-15 15:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-09-14 03:07 - 2014-12-21 12:09 - 00000000 ____D C:\Windows\system32\MRT
2016-09-14 03:01 - 2014-12-21 12:09 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-13 21:06 - 2014-05-21 01:33 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-13 21:06 - 2014-05-21 01:33 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-13 21:06 - 2014-05-21 01:33 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-13 21:06 - 2014-05-21 01:33 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-13 21:06 - 2014-05-21 01:33 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-13 20:26 - 2016-05-06 03:00 - 00000000 ____D C:\Windows\system32\GWX
2016-09-12 14:44 - 2015-01-04 16:44 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-09-11 15:03 - 2009-07-14 00:08 - 00032602 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-09-10 20:03 - 2015-03-24 21:41 - 00000000 ____D C:\Users\Marie\Desktop\game
2016-09-07 15:19 - 2014-11-25 21:17 - 00000000 ____D C:\Users\Marie\AppData\Local\CrashDumps
2016-09-06 14:57 - 2014-10-23 17:51 - 00000000 ____D C:\Users\Marie
2016-09-06 11:18 - 2014-10-23 17:54 - 00001417 _____ C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-06 11:10 - 2014-10-24 10:17 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-09-06 10:51 - 2015-06-18 21:13 - 00000000 ____D C:\ProgramData\Oracle
2016-09-06 10:51 - 2015-06-18 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-09-06 10:51 - 2015-06-18 21:13 - 00000000 ____D C:\Program Files (x86)\Java
2016-09-06 10:51 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-09-06 10:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-09-04 09:13 - 2007-07-11 20:49 - 00000000 ____D C:\Windows\Panther
2016-09-04 08:57 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\DigitalLocker
2016-09-01 12:51 - 2015-09-22 11:55 - 00000000 ____D C:\Users\Marie\.oracle_jre_usage
2016-08-28 15:42 - 2015-09-23 15:17 - 00000000 ____D C:\Users\Marie\AppData\Local\ElevatedDiagnostics
2016-08-28 10:09 - 2015-02-25 23:29 - 00000000 ____D C:\Users\Marie\AppData\Local\Windows Live
2016-08-25 20:45 - 2014-10-24 10:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-25 09:17 - 2014-12-05 22:12 - 00005578 _____ C:\Windows\wininit.ini
2016-08-23 17:39 - 2015-01-08 17:06 - 00000000 ____D C:\Windows\pss
2016-08-21 19:48 - 2015-01-22 22:50 - 00000000 ____D C:\Users\Marie\AppData\Local\Pokemon Showdown
2016-08-20 10:16 - 2015-10-31 13:27 - 00000000 ___RD C:\Users\Marie\Desktop\misctop

==================== Files in the root of some directories =======

2015-10-04 08:06 - 2015-10-04 08:13 - 0003024 _____ () C:\Users\Marie\AppData\Roaming\SpeedRunnersLog.txt
2015-10-12 11:39 - 2016-09-16 14:44 - 0007623 _____ () C:\Users\Marie\AppData\Local\Resmon.ResmonCfg
2015-09-06 18:13 - 2015-07-08 18:13 - 0000032 ____R () C:\ProgramData\hash.dat

Files to move or delete:
====================
C:\ProgramData\hash.dat


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-15 00:45

==================== End of FRST.txt ============================



#6 Liquidvela

Liquidvela
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 19 September 2016 - 11:21 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-09-2016
Ran by Marie (19-09-2016 11:00:23)
Running from C:\Users\Marie\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-10-23 22:50:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-357353760-3769071833-2985692640-500 - Administrator - Disabled)
Guest (S-1-5-21-357353760-3769071833-2985692640-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-357353760-3769071833-2985692640-1002 - Limited - Enabled)
Marie (S-1-5-21-357353760-3769071833-2985692640-1000 - Administrator - Enabled) => C:\Users\Marie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Acellus (HKU\S-1-5-21-357353760-3769071833-2985692640-1000\...\Acellus) (Version: 10.0 - Acellus Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2904.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.2904.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3508 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3507 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3503 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.109.2020.209 - Alps Electric)
Andy OS (HKLM\...\Andy OS) (Version: 46.2 - Andy OS, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.260 - NC Interactive, LLC) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Boring Man - Online Tactical Stickman Combat (HKLM-x32\...\Steam App 346120) (Version:  - Spasman Games)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.8) (Version: 5.0.1.8 - Coupons.com Incorporated)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DC Universe Online Live (HKU\S-1-5-21-357353760-3769071833-2985692640-1000\...\SOE-DC Universe Online Live) (Version:  - Sony Online Entertainment)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Echo of Soul (HKLM\...\Steam App 290140) (Version:  - Nvius)
Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)
Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version:  - Scott Cawthon)
Five Nights at Freddy's 2 (HKLM-x32\...\Steam App 332800) (Version:  - Scott Cawthon)
Five Nights at Freddy's 4 (HKLM-x32\...\Steam App 388090) (Version:  - Scott Cawthon)
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
GameMaker-Studio 1.4 (HKU\S-1-5-21-357353760-3769071833-2985692640-1000\...\GameMaker-Studio14) (Version:  - YoYo Games Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
GoldKeyVault 7.13.11.1 (HKU\S-1-5-21-357353760-3769071833-2985692640-1000\...\GoldKeyVault) (Version: 7.13.11.1 - GoldKey Corporation)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Hand Of Fate (HKLM-x32\...\Steam App 266510) (Version:  - Defiant Development)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3503 - Acer Incorporated)
ImDisk Virtual Disk Driver (HKLM\...\ImDisk) (Version: * - LTR Data)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2752 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.12 - Acer Inc.)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9006 - NTI Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokemon Showdown (HKLM-x32\...\Pokemon Showdown) (Version:  - "Pokemon Showdown")
Poker Night at the Inventory (HKLM-x32\...\Steam App 31280) (Version:  - Telltale Games)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM\...\Steam App 620) (Version:  - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.989 - Even Balance, Inc.)
Python 2.7.11 (64-bit) (HKLM\...\{16E52445-1392-469F-9ADB-FC03AF00CD62}) (Version: 2.7.11150 - Python Software Foundation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.19 - Qualcomm Atheros Inc.)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.23 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.28145 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shovel Knight (HKLM-x32\...\Steam App 250760) (Version:  - Yacht Club Games)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic CD (HKLM-x32\...\Steam App 200940) (Version:  - Blit Software)
Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version:  - Valve)
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Spiral Knights (HKLM-x32\...\Steam App 99900) (Version:  - Three Rings)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TERA (HKLM-x32\...\Steam App 323370) (Version:  - Bluehole Inc.)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Undertale (HKLM\...\Steam App 391540) (Version:  - tobyfox)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
VMware Player (HKLM\...\{537B7F85-2B95-44ED-8D90-765F6F36D666}) (Version: 12.1.1 - VMware, Inc.)
VMware VIX (HKLM-x32\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.15.3.00000 - VMware, Inc.)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.20-0 - Bitnami)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1BD3FE75-E1D2-482F-88DE-0C28A2BF7AE2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated)
Task: {1F47A002-0DA1-4C44-B957-5FD55C1EA453} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2016-06-08] (Acer Incorporated)
Task: {85DE35D8-DD49-4307-8414-C721775FC8DD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {8C3DD48C-2157-4615-B62C-7B55931088A9} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {9B0CADA4-597D-4391-A809-5957CA6746CC} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {C85F1B63-4B3E-4547-90AF-DC3D42F35F97} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {F1622D5C-DB7E-4983-8227-3BB5EE19621D} - System32\Tasks\{BBB69D69-6EBE-479F-94D9-85E8B09B1EB6} => pcalua.exe -a D:\Setup.EXE -d D:\

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Marie\AppData\Local\6104f2\c3119e.lnk -> C:\Users\Marie\AppData\Local\6104f2\f95a96.bat (No File)

==================== Loaded Modules (Whitelisted) ==============

2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-21 00:48 - 2012-05-09 18:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-01-04 16:44 - 2012-03-27 22:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2015-08-02 09:28 - 2015-08-02 09:28 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-04-14 17:17 - 2016-04-14 17:17 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2014-07-31 17:23 - 2012-06-24 21:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-357353760-3769071833-2985692640-1000\Software\Classes\exefile:  <===== ATTENTION
HKU\S-1-5-21-357353760-3769071833-2985692640-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-357353760-3769071833-2985692640-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-357353760-3769071833-2985692640-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-357353760-3769071833-2985692640-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-357353760-3769071833-2985692640-1000\...\sony.com -> sony.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-09-16 17:09 - 00000860 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-357353760-3769071833-2985692640-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: GamesAppIntegrationService => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HandyAndy.lnk => C:\Windows\pss\HandyAndy.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F5D4ADDA-AA09-4F95-883E-6984C5145360}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{47C3E826-9985-4EA4-B720-17DAE35D57D7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FCE997F7-A578-4E8D-962D-AEA79F5685E0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7FDB7ACA-2CF1-4A9E-89D5-BCF1F5B4195D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4C1F34DF-3212-4ABB-9624-5FB36586B9DA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1E9B41B0-9E5A-4569-BCEA-245A12E8D4D5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{0135742B-730A-4302-A35E-6424B822127F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{6BBFA557-E0E5-4708-8ECD-04F178323EAE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{48E62684-E4D8-4D1D-AE88-0701F0A62576}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{903FB18F-D294-4B95-830A-008D9EF1C3AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{16A43DE1-8498-4870-9702-F946ED6C1F26}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4B29FAC2-C2F6-41EF-8942-7FDF21AEBC33}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{209B4841-AED6-4FC8-9BDB-6EE1035FF37F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{19A8B561-8636-46AC-B4B7-B6CAA522273D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C860E58E-47BB-48EC-91FF-AE9CE87E770A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7398F80B-E7BE-4243-914D-4DEC4DBAD9FE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D916B98B-2656-46B1-8A21-AD88E3191816}] => (Allow) LPort=2869
FirewallRules: [{55B5ED68-A1E7-47E2-A569-792D2BAEC2AA}] => (Allow) LPort=1900
FirewallRules: [{90EFD6A2-6310-4EA3-8AF2-589FD129C121}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Five Nights at Freddy's 2\FiveNightsatFreddys2.exe
FirewallRules: [{069D6A66-9A4A-4FF6-BCFB-85B1DEC86F7A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Five Nights at Freddy's 2\FiveNightsatFreddys2.exe
FirewallRules: [TCP Query User{E8BDE69C-5EBC-46E9-BD14-41AAABE7D7C1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F226866E-4073-432F-9FDF-8C9241CF962E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{BA7E6B78-B172-45EF-A429-3336F811C2CE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{3B4CB968-DE3E-4DB4-A1E5-92BCE95ED727}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{F3463CCF-6D0C-4065-A9BB-42ACA3D5E3F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{6D41B31D-EBC5-4585-9756-5175825E4F3C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [TCP Query User{EDE74649-5860-4B85-A23E-DB652ECDCD2B}C:\users\marie\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\marie\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{349B0DF7-67BA-4390-8D58-DA2F82CB6F5C}C:\users\marie\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\marie\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{88439E03-98A0-47FE-8050-AF6E9CAB61C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{05382D73-6CCB-4AF5-B747-9BDF17507215}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{4AA01D2E-B46D-4560-95B7-2873BD563717}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Poker Night at the Inventory\CelebrityPoker.exe
FirewallRules: [{FFAA55A2-DB98-466F-9F9E-B6C3B1AC76BE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Poker Night at the Inventory\CelebrityPoker.exe
FirewallRules: [{8ACE32EE-874F-4CBC-9E36-1CF3090D625B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{62F353DB-5C01-409D-ADFF-F51506FDD5EE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{06705639-08EF-4C21-BE0D-CE3F4393E4BF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{9B46F07E-E9A6-4C5D-8D75-70C27FACAFDF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{C6C62A6C-482D-41FC-B7D0-ACCC65406E1C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Boring Man - Online Tactical Stickman Combat\BoringManGame.exe
FirewallRules: [{81C25E6A-E903-448A-9465-ECC73CCD48ED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Boring Man - Online Tactical Stickman Combat\BoringManGame.exe
FirewallRules: [{DBFF6A24-5E9A-44DF-A0B7-2C2E9D938D3F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Boring Man - Online Tactical Stickman Combat\BoringEditor\BoringEditor.exe
FirewallRules: [{D2B76E54-61EB-49C5-AFFF-B1A2372B41D4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Boring Man - Online Tactical Stickman Combat\BoringEditor\BoringEditor.exe
FirewallRules: [{34265236-E49D-44C3-B276-2783FB7E8425}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TERA\TERA-Launcher.exe
FirewallRules: [{61E69FCE-BC77-4C1C-A2A3-470104854A7C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TERA\TERA-Launcher.exe
FirewallRules: [{F61BDF18-9739-403D-87C8-BFB150B2163A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FiveNightsatFreddys4\FiveNightsatFreddys4.exe
FirewallRules: [{B5D9B09E-F786-40B9-95B2-9B368C057245}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FiveNightsatFreddys4\FiveNightsatFreddys4.exe
FirewallRules: [{4EFA385F-EAF1-458C-91C8-284BF830B088}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{781ADA79-4E15-479E-A67A-CB36391E6899}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F4E00E28-5E51-4AAB-981C-A742ED714E48}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{26107F27-6278-4E05-8100-F0A2EAA9D61F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{CF9163B9-3059-41F0-B4C0-6CDF3F4A162E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{4677149D-2B7F-4C6E-9EC0-F0CD00C88857}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{02364622-A506-4E1D-9A90-439EA5ECE6C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{5E0B6B2C-4F84-4AAA-A24A-FEFDFF32846D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{54233347-CCEB-4A87-ACC8-A66A400E0E2F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{B3D2D71C-2601-4B4F-AD0D-418CE5F7C368}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{496556EE-E2F5-4AE9-B4BE-7EBCA16638DC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{2EB5D4B2-7306-4F9B-80F0-4EF5C747C7F5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{42F89137-3AF9-4E40-AB77-973B96477AEA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{D83A47A8-01B4-464A-A599-FE232FA9A2FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{E47013AA-CC39-4146-BD5B-06387FF79C03}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{25BE118A-D938-4FC9-B527-5BB17E80613E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{18E57DC9-F7F5-4DFA-895A-317A279BA800}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2CF02B37-BCAA-4AB5-A73D-E47B46D09403}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9D06DEA1-C951-43D0-BFDC-3DADDAD84AEC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5DB5CDFB-47A6-45C9-927F-5AFA849A4EE9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{625B083A-BD65-4290-98E5-55BF452E0C28}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FiveNightsatFreddys4\HalloweenEdition.exe
FirewallRules: [{B4080840-3ACA-4FEB-BE4E-CBBA88C37022}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FiveNightsatFreddys4\HalloweenEdition.exe
FirewallRules: [{A4F30E84-2770-4E2A-8B56-7AC60801253F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hand of Fate\Hand of Fate.exe
FirewallRules: [{01751F8B-3F67-4AD6-87C4-0CA363A03120}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hand of Fate\Hand of Fate.exe
FirewallRules: [{1FDEAE83-7998-40BA-B5D1-61FD91E759CB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{19DFB76F-F8B4-454D-9DFC-E49CF85DCF00}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B11A0225-771C-4019-9F37-1D3234EA21C7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic CD\soniccd.exe
FirewallRules: [{FC5D9531-1050-48A1-854F-A88D4D979DBC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic CD\soniccd.exe
FirewallRules: [{B0325AA9-E9D5-4653-B69B-20B329D638E0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic CD\setup.exe
FirewallRules: [{7D6DDB37-C114-485B-AC0B-689C32CA4254}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic CD\setup.exe
FirewallRules: [{A88699F5-6699-42D3-868B-DF47981ED6E0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{8D0BB0CC-8705-4C9F-8C47-F0931EABF7B9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [TCP Query User{DAF47173-50B8-4512-83E9-855B78ED4B5A}C:\users\marie\desktop\ssb_crusade_v09\ssb crusade v0.9 patch\crusade.exe] => (Block) C:\users\marie\desktop\ssb_crusade_v09\ssb crusade v0.9 patch\crusade.exe
FirewallRules: [UDP Query User{F4639605-5171-4F0C-89D6-EFB5C270F5FF}C:\users\marie\desktop\ssb_crusade_v09\ssb crusade v0.9 patch\crusade.exe] => (Block) C:\users\marie\desktop\ssb_crusade_v09\ssb crusade v0.9 patch\crusade.exe
FirewallRules: [{E0F7CBCF-4963-434A-9569-C020CBCB4222}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SourceSDK\bin\SDKLauncher.exe
FirewallRules: [{6B702227-0C0E-4219-9D01-769D8FB0A50E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SourceSDK\bin\SDKLauncher.exe
FirewallRules: [{CA9F473A-B55F-4F77-8ED9-B8E7EED9649C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Undertale\UNDERTALE.exe
FirewallRules: [{41377FA5-91EE-432C-A84E-91D5B622201F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Undertale\UNDERTALE.exe
FirewallRules: [TCP Query User{AF952946-6A2F-4129-943F-1E1BE0A43146}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{95CE8B43-CE82-4034-B501-419044253139}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{1F9E7526-C23A-4E01-B372-45F1303766F3}C:\xampp\mysql\bin\mysqld.exe] => (Block) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{7C87A561-18CE-4B3B-9F82-83DDFEA5E380}C:\xampp\mysql\bin\mysqld.exe] => (Block) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{8E74586B-F2B8-45D3-8F47-F9273B2013A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Echo of Soul\EOSLauncher.exe
FirewallRules: [{58E7FE4F-D20A-4863-A61A-A8FEFC64A5AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Echo of Soul\EOSLauncher.exe
FirewallRules: [{137E78D3-F703-4F38-A122-491EC7B76A85}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{CFC87338-EBD6-499D-9CC4-7FEE653BDD9E}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{3F326221-0767-42A8-821F-5278A137D93C}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{B47DEAFE-721F-48B5-A30C-C53159FB7B06}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{EF299C0E-DEE2-4BD1-A7F0-A2D1009B46A8}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{CBA63B55-3181-4B12-AC15-E3C6299CAAD8}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{C37DB753-41DA-45DA-BBFD-0E73B1AC894B}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{1D31C5CF-751A-4525-8999-A9E730E0BEA1}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{470919DD-9D5C-4A9D-986D-7E42B3952F8B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{575BF605-D4AD-4BC7-93F1-E668F732E2B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{0A19DD8A-CCBF-443D-8121-3E933F6C3A3F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{9915152F-3D0B-45CF-8C4A-1659BF880B93}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{EB7645BE-DA0E-4C45-A699-19E3279630DC}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

09-09-2016 20:15:43 Windows Update
13-09-2016 16:41:27 Installed Acer Updater
14-09-2016 03:00:22 Windows Update
15-09-2016 15:27:43 Windows Update
15-09-2016 20:12:40 Windows Update
15-09-2016 20:36:32 Windows Update
16-09-2016 17:08:18 Installed STOPzilla AntiMalware.
16-09-2016 17:10:16 STOPzilla Restore Point.
17-09-2016 06:33:55 STOPzilla Restore Point.
17-09-2016 15:49:34 Removed STOPzilla AntiMalware.

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/19/2016 10:58:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64(2).exe version 18.9.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e30

Start Time: 01d2128e72914b86

Termination Time: 0

Application Path: C:\Users\Marie\Downloads\FRST64(2).exe

Report Id: da373659-7e81-11e6-918e-005056c00008

Error: (09/19/2016 10:04:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/19/2016 03:09:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1045

Error: (09/19/2016 03:09:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1045

Error: (09/19/2016 03:09:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/18/2016 02:56:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/18/2016 11:19:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/18/2016 09:28:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/17/2016 08:46:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/17/2016 04:15:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (09/19/2016 10:04:30 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
is3srv
szkg5

Error: (09/18/2016 05:45:58 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 116.26.0.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.12706.0&sig=116.26.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: Network Inspection System

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 2.1.12706.0

    Error code: 0x80072ee7

    Error description: The server name or address could not be resolved

Error: (09/18/2016 05:45:31 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.227.2624.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.13000.0&avdelta=1.227.2624.0&asdelta=1.227.2624.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: AntiSpyware

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 1.1.13000.0

    Error code: 0x80072ee7

    Error description: The server name or address could not be resolved

Error: (09/18/2016 05:45:31 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.227.2624.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.13000.0&avdelta=1.227.2624.0&asdelta=1.227.2624.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 1.1.13000.0

    Error code: 0x80072ee7

    Error description: The server name or address could not be resolved

Error: (09/18/2016 02:56:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
is3srv
szkg5

Error: (09/18/2016 11:19:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
is3srv
szkg5

Error: (09/18/2016 09:28:28 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
is3srv
szkg5

Error: (09/17/2016 08:47:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
is3srv
szkg5

Error: (09/17/2016 04:14:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
is3srv
szkg5

Error: (09/17/2016 03:40:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 28%
Total physical RAM: 5982.36 MB
Available physical RAM: 4251.2 MB
Total Virtual: 11962.89 MB
Available Virtual: 10227.45 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:446.66 GB) (Free:94.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EA5FDFFC)
Partition 1: (Not Active) - (Size=19 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#7 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:18 AM

Posted 19 September 2016 - 11:47 AM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Double click mbar.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Scan your system for malware
  • If malware is found, click on the Cleanup
  • button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Cleaning button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 Liquidvela

Liquidvela
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 20 September 2016 - 10:38 AM

Malwarebytes found nothing.

AdwCleaner:

 

 

# AdwCleaner v6.020 - Logfile created 20/09/2016 at 10:34:03
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-20.3 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Marie - MARIE-PC
# Running from : C:\Users\Marie\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****

[!] Service not deleted: CouponPrinterService


***** [ Folders ] *****

[-] Folder deleted: C:\Users\Marie\AppData\LocalLow\Toolbar4
[!] Folder not deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[!] Folder not deleted: C:\Program Files (x86)\Coupons


***** [ Files ] *****

[-] File deleted: C:\Users\Marie\AppData\Local\Microsoft\Internet Explorer\DOMStore\UQ5O3KKM\myway[1].xml
[-] File deleted: C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\rp4nczxw.default\searchplugins\bingp.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbRequest
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbTask
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbRequest
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbTask
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\SmartPCFixer
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[-] Key deleted: [x64] HKLM\SOFTWARE\SmartPCFixer
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3614 Bytes] - [20/09/2016 10:34:03]
C:\AdwCleaner\AdwCleaner[S0].txt - [3608 Bytes] - [19/09/2016 10:48:59]
C:\AdwCleaner\AdwCleaner[S1].txt - [3681 Bytes] - [20/09/2016 10:32:47]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3833 Bytes] ##########
 



#9 Liquidvela

Liquidvela
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 20 September 2016 - 10:44 AM

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Home Premium x64
Ran by Marie (Administrator) on Tue 09/20/2016 at 10:39:53.49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 61

Failed to delete: C:\Program Files (x86)\coupons (Folder)
Successfully deleted: C:\ProgramData\Start Menu\Programs\coupons (Folder)
Successfully deleted: C:\Users\Marie\AppData\Roaming\speedrunnerslog.txt (File)
Successfully deleted: C:\Windows\couponprinter.ocx (File)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\094PI209 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DTZ500H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VFVC8M3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YP9N6X3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4PJ2ZMQY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\657853AJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PA3OADQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89Y4H3AP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BI37REBY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BWIG3IQ2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D4W7TC03 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F8J2HIZW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G90F5VWI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G9Y1HW82 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFK0OGHA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGJUTKMB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2ODRFVE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5BVWU02 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UBCGK4WP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V23688AT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQSTH1FC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VRR5A685 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YG3EK0K5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6T03PUQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\094PI209 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DTZ500H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VFVC8M3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YP9N6X3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4PJ2ZMQY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\657853AJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PA3OADQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89Y4H3AP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BI37REBY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BWIG3IQ2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D4W7TC03 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F8J2HIZW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G90F5VWI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G9Y1HW82 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFK0OGHA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGJUTKMB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2ODRFVE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5BVWU02 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UBCGK4WP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V23688AT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQSTH1FC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VRR5A685 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YG3EK0K5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6T03PUQ (Temporary Internet Files Folder)

Deleted the following from C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\rp4nczxw.default\prefs.js
user_pref(browser.search.hiddenOneOffs, Google,DuckDuckGo,Secure Search,Twitter);
user_pref(browser.search.order.1, Secure Search);



Registry: 6

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\CouponPrinterService (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3F9719C5-EF3F-4A3E-BC09-D6AD0FA461BF} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/20/2016 at 10:41:48.24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#10 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:18 AM

Posted 20 September 2016 - 11:12 AM

Hello,
 

***


Copy FRST / FSRT64.exe to your desktop!

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt



Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [LManager] => [X]
HKU\S-1-5-21-357353760-3769071833-2985692640-1000\...\MountPoints2: E - E:\iStudio.exe
HKU\S-1-5-21-357353760-3769071833-2985692640-1000\...\MountPoints2: {3cc8b10a-bd0c-11e4-92d7-6002925508b4} - E:\iStudio.exe
ProxyServer: [S-1-5-21-357353760-3769071833-2985692640-1000] => localhost:8080
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-357353760-3769071833-2985692640-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-357353760-3769071833-2985692640-1000 -> DefaultScope {3A326A70-BEBA-413F-A479-EC9522F0E969} URL = hxxp://www.bing.com/search?FORM=U221DF&PC=U221&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-357353760-3769071833-2985692640-1000 -> 8F78F5667FFF4DCF9F3F55E6C66B0ECD URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US662D20141023&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-357353760-3769071833-2985692640-1000 -> {3A326A70-BEBA-413F-A479-EC9522F0E969} URL = hxxp://www.bing.com/search?FORM=U221DF&PC=U221&q={searchTerms}&src=IE-SearchBox
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [1413736 2015-09-18] (Coupons.com Inc.)
C:\Program Files\Coupons\CouponPrinterService.exe
S3 Tosrfcom; no ImagePath
S0 is3srv; SySWOW64\drivers\is3srv64.sys [X]
S0 szkg5; SySWOW64\drivers\szkg64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\ProgramData\hash.dat
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Shortcut: C:\Users\Marie\AppData\Local\6104f2\c3119e.lnk -> C:\Users\Marie\AppData\Local\6104f2\f95a96.bat (No File)
CMD: type C:\Users\Marie\AppData\Local\6104f2\f95a96.bat 
EmptyTemp:
RemoveProxy:
End

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

---

Download and run Shortcut Cleaner

---

How the computer is running now?



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 Liquidvela

Liquidvela
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 20 September 2016 - 03:33 PM

Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-09-2016
Ran by Marie (20-09-2016 15:24:01) Run:1
Running from C:\Users\Marie\Downloads
Loaded Profiles: Marie (Available Profiles: Marie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [LManager] => [X]
HKU\S-1-5-21-357353760-3769071833-2985692640-1000\...\MountPoints2: E - E:\iStudio.exe
HKU\S-1-5-21-357353760-3769071833-2985692640-1000\...\MountPoints2: {3cc8b10a-bd0c-11e4-92d7-6002925508b4} - E:\iStudio.exe
ProxyServer: [S-1-5-21-357353760-3769071833-2985692640-1000] => localhost:8080
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-357353760-3769071833-2985692640-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-357353760-3769071833-2985692640-1000 -> DefaultScope {3A326A70-BEBA-413F-A479-EC9522F0E969} URL = hxxp://www.bing.com/search?FORM=U221DF&PC=U221&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-357353760-3769071833-2985692640-1000 -> 8F78F5667FFF4DCF9F3F55E6C66B0ECD URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US662D20141023&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-357353760-3769071833-2985692640-1000 -> {3A326A70-BEBA-413F-A479-EC9522F0E969} URL = hxxp://www.bing.com/search?FORM=U221DF&PC=U221&q={searchTerms}&src=IE-SearchBox
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [1413736 2015-09-18] (Coupons.com Inc.)
C:\Program Files\Coupons\CouponPrinterService.exe
S3 Tosrfcom; no ImagePath
S0 is3srv; SySWOW64\drivers\is3srv64.sys [X]
S0 szkg5; SySWOW64\drivers\szkg64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\ProgramData\hash.dat
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Shortcut: C:\Users\Marie\AppData\Local\6104f2\c3119e.lnk -> C:\Users\Marie\AppData\Local\6104f2\f95a96.bat (No File)
CMD: type C:\Users\Marie\AppData\Local\6104f2\f95a96.bat
EmptyTemp:
RemoveProxy:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LManager => value removed successfully
"HKU\S-1-5-21-357353760-3769071833-2985692640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => key removed successfully
"HKU\S-1-5-21-357353760-3769071833-2985692640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cc8b10a-bd0c-11e4-92d7-6002925508b4}" => key removed successfully
HKCR\CLSID\{3cc8b10a-bd0c-11e4-92d7-6002925508b4} => key not found.
HKU\S-1-5-21-357353760-3769071833-2985692640-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-357353760-3769071833-2985692640-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-357353760-3769071833-2985692640-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-357353760-3769071833-2985692640-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\8F78F5667FFF4DCF9F3F55E6C66B0ECD" => key removed successfully
HKCR\CLSID\8F78F5667FFF4DCF9F3F55E6C66B0ECD => key not found.
"HKU\S-1-5-21-357353760-3769071833-2985692640-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3A326A70-BEBA-413F-A479-EC9522F0E969}" => key removed successfully
HKCR\CLSID\{3A326A70-BEBA-413F-A479-EC9522F0E969} => key not found.
CouponPrinterService => service not found.
"C:\Program Files\Coupons\CouponPrinterService.exe" => not found.
Tosrfcom => service removed successfully
is3srv => service removed successfully
szkg5 => service removed successfully
xhunter1 => service removed successfully
C:\ProgramData\hash.dat => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App\\SystemComponent => value removed successfully
C:\Users\Marie\AppData\Local\6104f2\c3119e.lnk => moved successfully

========= type C:\Users\Marie\AppData\Local\6104f2\f95a96.bat =========

The system cannot find the file specified.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-357353760-3769071833-2985692640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-357353760-3769071833-2985692640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 33644488 B
Java, Flash, Steam htmlcache => 483803369 B
Windows/system/drivers => 6711080 B
Edge => 0 B
Chrome => 0 B
Firefox => 374600932 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66088 B
LocalService => 0 B
NetworkService => 13659910 B
Marie => 6821351 B

RecycleBin => 0 B
EmptyTemp: => 884.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:25:12 ====



#12 Liquidvela

Liquidvela
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 21 September 2016 - 11:14 AM

Thank you very much. It seems to be running much much better.



#13 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:18 AM

Posted 21 September 2016 - 11:29 AM

Thanks for the good news!

---

Hello,

:step1: Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7/8/10 users need to right click and choose Run as Administrator
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.

---


:step2: Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.4.5.2467.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 Liquidvela

Liquidvela
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 22 September 2016 - 05:15 PM

Rkill:

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/22/2016 04:36:09 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\.exe\shell found and deleted!

  * HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
  * HKCU\SOFTWARE\Classes\.exe has been deleted!
  * HKCU\SOFTWARE\Classes\exefile has been deleted!


Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * TBS [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1 localhost
  ::1 localhost

Program finished at: 09/22/2016 04:40:00 PM
Execution time: 0 hours(s), 3 minute(s), and 51 seconds(s)
 



#15 Liquidvela

Liquidvela
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 22 September 2016 - 05:18 PM

Malwarebytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/22/2016
Scan Time: 4:41 PM
Logfile: Mbytescnlog.txt
Administrator: Yes

 


Version: 2.2.1.1043
Malware Database: v2016.09.22.15
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Marie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 330583
Time Elapsed: 30 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 


Edited by Liquidvela, 22 September 2016 - 05:20 PM.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users