Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

persisent infection changes Users permission host files * Win32:Aluroot-B [Rtk]


  • This topic is locked This topic is locked
34 replies to this topic

#1 raymj49

raymj49

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:36 PM

Posted 05 October 2016 - 10:52 PM

Persisent infection rewrites permissions and host files,  hidden infection found with ASWMBR  File: C:\Windows\system32\csrsrv.dll Win32:Aluroot-B [Rtk]

 

What was done/has happened so far....

 

(the first few steps of removal can be found here > http://www.bleepingcomputer.com/forums/t/627744/can-someone-help-me-clean-sweep-my-computer-please/page-2 )

 

not much besides adware was found however afterwards.... began getting the message "access denied"

 

 

I noticed there were constantly many new User groups, with object permissions being created by someone else, just some small things with networking, the file paths from browser extenions in Firefox, after being normal for months, would change from legit, normal filenames to inserting "lu6of458" as a "user profile"

 

CCleaner

 

No    Extension    Bitdefender Wallet    3.0    BitDefender S.R.L.    default    Firefox 49.0.1    C:\Program Files\Bitdefender\Bitdefender 2016\bdwteff
No    Plugin    Silverlight Plug-In    5.1.50709.0     Microsoft Corporation    default    Firefox 49.0.1    c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll
No    Extension    Multi-process staged rollout    1.2        default    Firefox 49.0.1    C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
No    Extension    Pocket    1.0.4        default    Firefox 49.0.1    C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
No    Extension    Web Compat    1.0        default    Firefox 49.0.1    C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
No    Extension    HTTPS Everywhere    5.2.5    EFF Technologists    default    Firefox 49.0.1    C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lu6of458.default\extensions\https-everywhere@eff.org.xpi
No    Plugin    Primetime Content Decryption Module provided by Adobe Systems, Incorporated    17    Adobe Systems Inc    default    Firefox 49.0.1    C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lu6of458.default\gmp-eme-adobe\17\eme-adobe.dll
Yes    Plugin    OpenH264 Video Codec    1.6    Mozilla Corporation    default    Firefox 49.0.1    C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lu6of458.default\gmp-gmpopenh264\1.6\gmpopenh264.dll
No    Plugin        1.4.8.903    Google Inc.    default    Firefox 49.0.1    C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lu6of458.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll

 

 

 

I began to be denied access to make "run as admin" changes,  and then quickly became increasingly restricted as far as user access just to open programs or make small changes, there were a lot of hosts files in some of the scans we did, and changes to the network

   

     Did a little research, (apparently running as an Admin probably helped them make changes in neworking) Despite message "cannot open access control editor, access denied" managed to inherit back explorer parent object permissions  and started a few steps to regain control of C:/.  here's the help file:           file:///C:/Users/User/Desktop/Can't%20open%20access%20control%20editor.%20Access%20is%20denied%20-%20Microsoft%20Community.htm

 

 

found NetAdapterRepair

 

 

and tweaking.com windows repair, haven't done too much else didn't want to do harm...

 

V

 

  Felt like there was a persistent Hidden trojan or backdoor... worried about keylogging

 

 

downloaded a few more rootkit programs befpre re running jrt, Adwcleaner and MBAM

 

 

      Rebooted in safe mode, but had to be with networking to catch this:

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-10-04 13:23:13
-----------------------------
13:23:13.406    OS Version: Windows 6.1.7601 Service Pack 1
13:23:13.406    Number of processors: 2 586 0xF0B
13:23:13.406    ComputerName: USER-PC  UserName: User
13:23:39.692    Initialize success
13:25:47.269    AVAST engine defs: 16100401
13:33:38.749    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
13:33:38.749    Disk 0 Vendor: WDC_WD1600BEKT-00PVMT0 01.01A01 Size: 152627MB BusType: 3
13:33:38.952    Disk 0 MBR read successfully
13:33:38.952    Disk 0 MBR scan
13:33:38.952    Disk 0 Windows 7 default MBR code
13:33:38.983    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:33:38.983    Disk 0 default boot code
13:33:38.998    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       152524 MB offset 206848
13:33:39.014    Disk 0 scanning sectors +312576000
13:33:39.108    Disk 0 scanning C:\Windows\system32\drivers
13:33:45.098    Service scanning
13:34:05.877    Modules scanning
13:34:05.877    Disk 0 trace - called modules:
13:34:05.924    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
13:34:05.924    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b30338]
13:34:05.940    3 CLASSPNP.SYS[8c20459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85a39030]
13:34:06.595    AVAST engine scan C:\Windows
13:34:08.607    AVAST engine scan C:\Windows\system32
13:34:17.546    File: C:\Windows\system32\csrsrv.dll  **INFECTED** Win32:Aluroot-B [Rtk]
13:36:02.722    AVAST engine scan C:\Windows\system32\drivers
13:36:09.601    AVAST engine scan C:\Users\User
13:40:43.662    AVAST engine scan C:\ProgramData
13:42:40.522    Disk 0 statistics 3134865/0/0 @ 4.59 MB/s
13:42:40.522    Scan finished successfully
13:44:48.848    Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
13:44:48.848    The log file has been saved successfully to "C:\Users\User\Desktop\aswMBRlog2.txt"
13:45:56.006    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
13:45:56.006    Disk 0 Vendor: WDC_WD1600BEKT-00PVMT0 01.01A01 Size: 152627MB BusType: 3
13:45:56.443    Disk 0 MBR read successfully
13:45:56.443    Disk 0 MBR scan
13:45:56.443    Disk 0 Windows 7 default MBR code
13:45:56.459    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:45:56.459    Disk 0 default boot code
13:45:56.474    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       152524 MB offset 206848
13:45:56.490    Disk 0 scanning sectors +312576000
13:45:56.646    Disk 0 scanning C:\Windows\system32\drivers
13:46:12.215    Service scanning
13:46:33.243    Modules scanning
13:46:33.243    Disk 0 trace - called modules:
13:46:33.290    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
13:46:33.290    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b30338]
13:46:33.290    3 CLASSPNP.SYS[8c20459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85a39030]
13:46:34.148    AVAST engine scan C:\Users\User
13:51:10.581    Disk 0 statistics 3849947/0/0 @ 3.16 MB/s
13:51:10.581    Scan finished successfully
14:27:15.882    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
14:27:15.898    Disk 0 Vendor: WDC_WD1600BEKT-00PVMT0 01.01A01 Size: 152627MB BusType: 3
14:27:16.101    Disk 0 MBR read successfully
14:27:16.101    Disk 0 MBR scan
14:27:16.116    Disk 0 Windows 7 default MBR code
14:27:16.132    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:27:16.132    Disk 0 default boot code
14:27:16.147    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       152524 MB offset 206848
14:27:16.147    Disk 0 scanning sectors +312576000
14:27:16.272    Disk 0 scanning C:\Windows\system32\drivers
14:27:23.495    Service scanning
14:27:44.274    Modules scanning
14:27:44.274    Disk 0 trace - called modules:
14:27:44.305    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
14:27:44.305    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b30338]
14:27:44.305    3 CLASSPNP.SYS[8c20459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85a39030]
14:27:45.101    AVAST engine scan C:\Users
14:31:18.650    Disk 0 statistics 4541361/0/0 @ 2.82 MB/s
14:31:18.650    Scan finished successfully
01:06:37.746    Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
01:06:37.746    The log file has been saved successfully to "C:\Users\User\Desktop\anotherRkt.txt"

 

ran Rkill, and MBR

then awsmbr, bu haven't cleaned the infected file as any topics regarding csrsrv.dll Win32:Aluroot-B [Rtk] said not to change anything without a guide

 

 

Here's what's being done now:

 

 http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 

and the FRST Logs below

 

Attached Files



BC AdBot (Login to Remove)

 


#2 raymj49

raymj49
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:36 PM

Posted 05 October 2016 - 11:44 PM

Heres hat FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-10-2016
Ran by User (administrator) on USER-PC (05-10-2016 21:11:14)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FDispPos] => C:\Program Files\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [TUCCDUtil] => C:\Program Files\MCT Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe [1895120 2016-02-19] (Magic Control Technology Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1850008 2016-06-24] (Bitdefender)
HKLM\...\Run: [MCTDUtil] => C:\Program Files\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6851288 2016-07-13] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BdBkpFolder [2016-10-02] ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\errorlog.txt [2016-10-04] ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2015-04-25]
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE (No File)
BootExecute: autocheck autochk * PCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bit
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{1AED7253-C9FE-4157-87BD-EE2B0C22DD06}: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{8F63A442-460E-48CB-B09E-2656CA02289B}: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{C8A4187E-AC82-4DDB-97DE-F06B80F10149}: [DhcpNameServer] 192.168.0.1 205.171.2.25

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-16] (Bitdefender)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-16] (Bitdefender)

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p546gtjd.default-1475661595842 [2016-10-05]
FF Extension: (uBlock Origin) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p546gtjd.default-1475661595842\Extensions\uBlock0@raymondhill.net.xpi [2016-10-05]
FF HKLM\...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\\bdwteff => not found
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2016\bdwteff [2016-06-27]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-06-27] [not signed]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pandasecuritytb.xml [2016-10-03]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2344209301-3139434391-2345241000-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://clients.mindbodyonline.com/classic/home?studioid=46312
CHR DefaultSearchKeyword: Default -> lp
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\53.0.2785.116\PepperFlash\pepflashplayer.dll => No File
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2016-10-04]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-10-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-02]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-02]
CHR HKLM\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [84848 2016-08-24] (Bitdefender)
S2 GlassWire; C:\Users\User\Desktop\GlassWire\GWCtlSrv.exe [4366288 2016-08-31] (SecureMix LLC)
S2 GManager; C:\Windows\system32\GManager.exe [226904 2012-08-28] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 MCTDesktopSvr; C:\Program Files\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
S2 MlPatch; C:\Windows\system32\MlPatch.exe [1648944 2014-08-22] ()
S2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [276488 2015-11-06] (Visicom Media Inc.)
S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1088944 2016-09-13] (Bitdefender)
S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
S2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [121112 2016-06-16] (Bitdefender)
S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1410496 2016-06-24] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S3 TAZZEF; C:\Users\User\AppData\Local\Temp\TAZZEF.exe [X]
S3 TMPXBQEMCDCBZ; C:\Users\User\AppData\Local\Temp\TMPXBQEMCDCBZ.exe [X]
S3 UOOBJ; C:\Users\User\AppData\Local\Temp\UOOBJ.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1258376 2016-10-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [696632 2016-10-02] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [105568 2016-06-15] (BitDefender LLC)
S1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [83824 2015-12-04] (BitDefender)
R3 guardian2; C:\Windows\System32\Drivers\oz776.sys [71096 2014-11-13] (O2Micro)
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [27568 2015-05-28] (SecureMix LLC)
S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [196000 2015-12-16] (BitDefender LLC)
S1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-01-13] (REALiX™)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [4808192 2009-09-23] (Intel Corporation) [File not signed]
S0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [245224 2016-06-16] (Bitdefender)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-10-04] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
S3 mctkmd; C:\Windows\system32\drivers\mctkmd.sys [142032 2016-02-03] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr.sys [17024 2011-04-08] (Magic Control Technology Corporation)
S3 MctUsbAudio; C:\Windows\System32\DRIVERS\MctFlt.sys [19248 2015-03-10] (Windows ® Win 7 DDK provider)
S3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [40024 2014-02-18] (Visicom Media Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2016-02-02] (Secunia)
S3 t5usb; C:\Windows\System32\drivers\t5usb.sys [120072 2016-03-21] (Magic Control Technology Corporation)
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [458656 2016-03-10] (BitDefender S.R.L.)
S4 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
S4 cpuz137; \??\C:\Users\User\AppData\Local\Temp\cpuz137\cpuz137_x32.sys [X]
S3 rootrepeal; \??\C:\Windows\system32\drivers\rootrepeal.sys [X]
U3 aswMBR; \??\C:\Users\User\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\User\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-05 21:05 - 2016-10-05 21:05 - 00000000 ____D C:\RegBackup
2016-10-05 20:48 - 2016-10-05 20:49 - 00023181 _____ C:\Users\User\Desktop\Addition.txt
2016-10-05 20:47 - 2016-10-05 21:11 - 00011928 _____ C:\Users\User\Desktop\FRST.txt
2016-10-05 20:47 - 2016-10-05 20:47 - 01755136 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2016-10-05 20:30 - 2016-10-05 20:47 - 00000000 ____D C:\FRST
2016-10-05 20:30 - 2016-10-05 20:30 - 00001086 _____ C:\Users\User\Desktop\FRST.exe - Shortcut.lnk
2016-10-05 20:29 - 2016-10-05 20:29 - 01755136 _____ (Farbar) C:\Users\User\Desktop\FRST(1).exe
2016-10-05 20:28 - 2016-10-05 20:28 - 01755136 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2016-10-05 04:06 - 2016-10-05 04:06 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\User\Downloads\iExplore.exe
2016-10-05 04:00 - 2016-10-05 04:00 - 00000000 ____D C:\Users\User\Desktop\Old Firefox Data
2016-10-05 03:26 - 2016-10-05 03:27 - 00000492 _____ C:\TDSSKiller.3.1.0.11_05.10.2016_03.26.55_log.txt
2016-10-05 01:06 - 2016-10-05 01:06 - 00004678 _____ C:\Users\User\Desktop\anotherRkt.txt
2016-10-05 01:01 - 2016-10-05 01:01 - 00002946 _____ C:\Users\User\Desktop\its a thing of Fox addons.txt
2016-10-04 22:00 - 2016-10-04 22:51 - 00004398 _____ C:\TDSSKiller.3.1.0.11_04.10.2016_22.00.00_log.txt
2016-10-04 21:59 - 2016-10-04 21:59 - 04747704 _____ (AO Kaspersky Lab) C:\Users\User\Desktop\thedumpstinkssuper killer.exe
2016-10-04 21:52 - 2016-10-05 21:07 - 00004226 _____ C:\Windows\ntbtlog.txt
2016-10-04 21:52 - 2016-10-04 21:52 - 00002131 _____ C:\Users\User\Desktop\bookmarkbackups - Shortcut.lnk
2016-10-04 21:06 - 2016-10-04 21:06 - 00051158 _____ C:\Users\User\Desktop\registryPRECUM.txt
2016-10-04 21:05 - 2016-10-04 21:05 - 00000424 _____ C:\Users\User\Desktop\cbackupbackup9.reg
2016-10-04 21:01 - 2016-10-04 21:01 - 00007714 _____ C:\Windows\system32\ccloggies.txt
2016-10-04 17:47 - 2016-10-04 17:47 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-10-04 17:47 - 2016-10-04 17:47 - 00001109 _____ C:\ProgramData\Desktop\Mozilla Firefox.lnk
2016-10-04 15:11 - 2016-10-04 15:11 - 00001397 _____ C:\Users\User\Desktop\Logitech® Unifying Receiver - Shortcut.lnk
2016-10-04 13:44 - 2016-10-04 13:44 - 00002076 _____ C:\Users\User\Desktop\aswMBRlog2.txt
2016-10-04 12:53 - 2016-10-04 12:53 - 00010254 _____ C:\Users\User\Desktop\Tweaking.com - Windows Repair - Found Reparse Points.txt
2016-10-04 12:29 - 2016-10-04 12:40 - 00002121 _____ C:\Users\User\Desktop\Tweaking.com - Windows Repair.lnk
2016-10-04 12:29 - 2016-10-04 12:37 - 00000550 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2016-10-04 12:29 - 2016-10-04 12:29 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-10-04 12:29 - 2016-10-04 12:29 - 00000000 ____D C:\Program Files\Tweaking.com
2016-10-04 12:20 - 2016-10-04 20:52 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2016-10-04 11:20 - 2016-10-04 11:24 - 00205294 _____ C:\TDSSKiller.3.1.0.11_04.10.2016_11.20.20_log.txt
2016-10-04 11:17 - 2016-10-04 11:19 - 00006714 _____ C:\TDSSKiller.3.1.0.11_04.10.2016_11.17.35_log.txt
2016-10-04 07:05 - 2016-10-04 07:05 - 00016633 _____ C:\Users\User\AppData\LocalLow\wbk9D8A.tmp
2016-10-04 05:11 - 2016-10-04 05:11 - 00014034 _____ C:\Users\User\Documents\startupgoogupdatetaskmachinecore.txt
2016-10-04 04:54 - 2016-10-04 04:54 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-10-04 04:48 - 2016-10-04 05:16 - 00623876 _____ C:\TDSSKiller.3.1.0.11_04.10.2016_04.48.22_log.txt
2016-10-04 04:39 - 2016-10-04 04:40 - 19550208 _____ C:\Windows\system32\PNWCAIQZRVB
2016-10-04 03:50 - 2016-10-04 03:50 - 00000000 ____D C:\SUPERDelete
2016-10-04 03:12 - 2016-10-04 03:20 - 00000000 ____D C:\ProgramData\Heimdal Security
2016-10-04 03:00 - 2016-10-04 03:00 - 00000189 _____ C:\Users\User\Desktop\RootRepeal_crash_100416.030002.txt
2016-10-04 03:00 - 2016-10-04 03:00 - 00000189 _____ C:\Users\User\Desktop\RootRepeal_crash_100416.030001.txt
2016-10-04 02:59 - 2016-10-04 02:59 - 00000188 _____ C:\Users\User\Desktop\RootRepeal_crash_100416.025959.txt
2016-10-04 02:55 - 2016-10-04 02:55 - 00000000 ____D C:\Users\User\AppData\Local\Zemana
2016-10-04 02:54 - 2016-10-04 08:32 - 00000000 ____D C:\Program Files\Heimdal
2016-10-04 02:54 - 2016-10-04 03:00 - 00000000 ____D C:\Users\User\Desktop\RootRepeal
2016-10-04 02:54 - 2016-10-04 02:54 - 00000000 ____D C:\ProgramData\CSIS
2016-10-04 02:53 - 2016-10-04 02:59 - 00000000 ____D C:\Users\User\Desktop\RootkitRevealer
2016-10-04 02:46 - 2016-10-04 02:46 - 29164488 _____ (Tweaking.com) C:\Users\User\Desktop\tweaking.com_windows_repair_aio_setup.exe
2016-10-04 02:46 - 2016-10-04 02:46 - 00000194 _____ C:\Users\User\Desktop\hosts-perm.bat
2016-10-04 02:45 - 2016-10-04 02:46 - 33624128 _____ (Adlice Software ) C:\Users\User\Desktop\setuproguwekillwe.exe
2016-10-04 02:39 - 2016-10-04 02:39 - 04177016 _____ (CSIS Security Group) C:\Users\User\Desktop\HeimdalSetup.exe
2016-10-04 02:33 - 2016-10-04 02:33 - 02915320 _____ (Google) C:\Users\User\Desktop\chrome_cleanup_tool.exe
2016-10-04 02:31 - 2016-10-04 02:31 - 00231390 _____ C:\Users\User\Desktop\RootkitRevealer.zip
2016-10-04 02:30 - 2016-10-04 02:57 - 00598505 _____ C:\Users\User\Desktop\RootRepeal.zip
2016-10-04 02:26 - 2016-10-04 02:26 - 05361224 _____ ( ) C:\Users\User\Desktop\Zemana.AntiMalware.Setup.exe
2016-10-04 01:40 - 2016-10-04 01:40 - 00001530 _____ C:\Users\Public\Desktop\GlassWire.lnk
2016-10-04 01:40 - 2016-10-04 01:40 - 00001530 _____ C:\ProgramData\Desktop\GlassWire.lnk
2016-10-04 01:40 - 2016-10-04 01:40 - 00000000 ____D C:\Users\User\Desktop\GlassWire
2016-10-04 01:40 - 2016-10-04 01:40 - 00000000 ____D C:\Users\User\AppData\Local\GlassWire
2016-10-04 01:40 - 2016-10-04 01:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2016-10-04 01:40 - 2016-10-04 01:40 - 00000000 ____D C:\ProgramData\GlassWire
2016-10-04 01:40 - 2015-05-28 22:30 - 00008657 _____ C:\Windows\system32\Drivers\gwdrv.cat
2016-10-04 01:40 - 2015-05-28 22:15 - 00027568 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
2016-10-03 23:30 - 2016-10-04 01:39 - 00009061 _____ C:\Users\User\Desktop\netad 2016-10-03-23-30-21.txt
2016-10-03 23:28 - 2016-10-03 23:37 - 00215164 _____ C:\TDSSKiller.3.1.0.11_03.10.2016_23.28.25_log.txt
2016-10-03 23:08 - 2016-10-03 23:08 - 00205072 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2016-10-03 23:02 - 2016-10-03 23:03 - 00000312 _____ C:\Users\User\Desktop\netadapter-log-2016-10-03-23-02-11.txt
2016-10-03 23:01 - 2016-10-03 23:01 - 00000312 _____ C:\Users\User\Desktop\netadapter-log-2016-10-03-23-01-05.txt
2016-10-03 22:39 - 2016-10-03 22:39 - 00001060 _____ C:\mbamreplu6.txt
2016-10-03 22:28 - 2016-10-03 22:28 - 00002556 _____ C:\Users\User\Desktop\aswMBR2.txt
2016-10-03 05:15 - 2016-10-03 05:25 - 00453679 _____ C:\Users\User\Desktop\netadapter-log-2016-10-03-5-15-34.txt
2016-10-03 05:00 - 2016-10-03 22:31 - 00001358 _____ C:\Users\User\Desktop\FixExec.txt
2016-10-03 04:37 - 2016-10-03 04:37 - 00000000 ____D C:\Rem-VBSqt
2016-10-03 04:23 - 2016-10-03 04:23 - 00000812 _____ C:\Users\User\Desktop\PABDALOG.txt
2016-10-03 04:11 - 2016-10-03 04:11 - 00000000 ____D C:\Program Files\Panda Security URL Filtering
2016-10-03 04:10 - 2016-10-03 04:10 - 00000000 ____D C:\Users\User\AppData\Roaming\Search The Web
2016-10-03 02:41 - 2016-10-03 02:41 - 00004107 _____ C:\Users\User\Desktop\aswMBR.txt
2016-10-03 02:00 - 2016-10-03 02:00 - 00000062 _____ C:\Users\User\AppData\Roaming\settings.ini
2016-10-03 01:39 - 2016-10-03 01:43 - 00200658 _____ C:\TDSSKiller.3.1.0.11_03.10.2016_01.39.44_log.txt
2016-10-03 01:38 - 2016-10-05 01:06 - 00000512 _____ C:\Users\User\Desktop\MBR.dat
2016-10-03 01:38 - 2016-10-03 04:57 - 00008436 _____ C:\Users\User\Desktop\aswMBRlog.txt
2016-10-03 01:00 - 2016-10-03 01:01 - 00200632 _____ C:\TDSSKiller.3.1.0.11_03.10.2016_01.00.00_log.txt
2016-10-03 00:36 - 2016-10-03 05:12 - 00000000 ____D C:\Users\User\Desktop\TMRBLog
2016-10-03 00:36 - 2016-10-03 05:11 - 00131344 _____ (trend_company_name) C:\Windows\system32\Drivers\tmrkb.sys
2016-10-03 00:36 - 2016-10-03 00:36 - 00000000 ____D C:\Users\User\Desktop\log
2016-10-03 00:34 - 2016-10-03 00:34 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\FixExecfilefixer.exe
2016-10-03 00:31 - 2016-10-03 00:33 - 67688096 _____ (Panda Security, S.L.) C:\Users\User\Desktop\FREEAVpanda.exe
2016-10-03 00:26 - 2016-10-03 00:27 - 153986576 _____ (Sophos Limited) C:\Users\User\Desktop\Sophos Virus Removal Tool.exe
2016-10-03 00:26 - 2016-10-03 00:26 - 08656400 _____ (Trend Micro Inc.) C:\Users\User\Desktop\iexplorer.exe.exe
2016-10-03 00:24 - 2016-10-03 00:24 - 05198336 _____ (AVAST Software) C:\Users\User\Desktop\aswMBRantiroot.exe
2016-10-03 00:22 - 2016-10-03 00:22 - 02091520 _____ (Conner Bernhard) C:\Users\User\Desktop\NetAdapterRepair1.2.exe
2016-10-03 00:21 - 2016-10-03 00:21 - 30562448 _____ (SecureMix LLC) C:\Users\User\Desktop\GlassWireSetup.exe
2016-10-03 00:20 - 2016-10-04 02:41 - 09096848 _____ (SurfRight B.V.) C:\Users\User\Desktop\HitmanPro.exe
2016-10-02 23:55 - 2016-10-02 23:55 - 27777336 _____ (SUPERAntiSpyware) C:\Users\User\Desktop\SUPERAntiSpyware.exe
2016-10-02 23:49 - 2016-10-02 23:50 - 03861056 _____ C:\Users\User\Desktop\AdwCleaner.exe
2016-10-02 23:44 - 2016-10-02 23:44 - 02351741 _____ (SingularLabs ) C:\Users\User\Desktop\ninja-setup-3.1.5.exe
2016-10-02 23:43 - 2016-10-02 23:43 - 00543000 _____ (www.privacyroot.com) C:\Users\User\Desktop\setup_wipe.exe
2016-10-02 23:36 - 2016-10-02 23:37 - 00243560 _____ C:\Users\User\Downloads\Firefox Setup Stub 49.0.1.exe
2016-10-02 23:31 - 2016-10-02 23:31 - 00002521 _____ C:\Users\User\Desktop\JRT2.txt
2016-10-02 22:50 - 2016-10-02 22:50 - 00000308 ____H C:\bdr-cf04
2016-10-02 22:49 - 2016-10-03 22:39 - 00002189 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
2016-10-02 22:49 - 2016-10-03 22:39 - 00002189 _____ C:\ProgramData\Desktop\Bitdefender 2016.lnk
2016-10-02 22:49 - 2016-10-02 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2016-10-02 22:48 - 2016-10-02 23:51 - 01258376 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2016-10-02 22:48 - 2016-10-02 23:51 - 00696632 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2016-10-02 22:48 - 2016-06-16 16:45 - 00245224 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
2016-10-02 22:48 - 2015-12-04 19:27 - 00083824 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2016-10-02 22:47 - 2016-10-02 22:50 - 00253404 ____H C:\bdr-ld04
2016-10-02 22:47 - 2016-10-02 22:50 - 00009216 ____H C:\bdr-ld04.mbr
2016-10-02 22:47 - 2015-12-15 21:35 - 39692613 ____H C:\bdr-im04.gz
2016-10-02 22:47 - 2012-08-15 15:28 - 02294848 ____H C:\bdr-bz04
2016-10-02 22:46 - 2016-03-10 07:41 - 00458656 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2016-10-02 22:46 - 2015-12-16 05:53 - 00196000 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2016-10-02 22:39 - 2016-10-02 22:46 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-10-02 12:34 - 2016-10-02 12:34 - 00114176 _____ (bartblaze) C:\Users\User\Desktop\wordwrm.exe
2016-10-02 12:09 - 2016-10-02 12:09 - 00448512 _____ (OldTimer Tools) C:\Users\User\Desktop\TFC.exe
2016-10-02 09:37 - 2016-10-02 09:54 - 00000000 ____D C:\Users\User\AppData\Roaming\Bitdefender
2016-10-02 09:37 - 2016-10-02 09:37 - 00000000 ____D C:\ProgramData\Bitdefender Device Management
2016-10-02 09:28 - 2016-10-02 09:28 - 09052608 _____ C:\Users\User\Desktop\bitdefender_windows_acfa4771-a7b1-4ad4-a72c-9708fbbe1c04.exe
2016-10-02 09:25 - 2016-10-02 09:25 - 09052608 _____ C:\Users\User\Desktop\bitdefender_windows_8f5ffbb9-eac6-4e0d-8f33-ade602376aa9.exe
2016-10-02 05:20 - 2016-10-02 05:20 - 00000000 ____D C:\Windows\CheckSur
2016-10-01 19:07 - 2016-10-01 19:07 - 00000000 _____ C:\Users\User\sfcdetails.txt
2016-10-01 17:45 - 2016-10-01 17:45 - 01118208 _____ C:\Users\User\Desktop\Events viewer files.evtx
2016-10-01 17:45 - 2016-10-01 17:45 - 00000000 ____D C:\Users\User\Desktop\LocaleMetaData
2016-10-01 12:34 - 2016-10-04 03:28 - 00000000 ____D C:\Windows\system32\%LOCALAPPDATA%
2016-10-01 11:52 - 2016-10-01 17:53 - 00000000 ____D C:\Users\User\Desktop\Can't open access control editor. Access is denied - Microsoft Community_files
2016-10-01 11:52 - 2016-10-01 11:52 - 00112568 _____ C:\Users\User\Desktop\Can't open access control editor. Access is denied - Microsoft Community.htm
2016-10-01 05:02 - 2016-10-01 05:02 - 00044610 _____ C:\Users\User\Desktop\services.mscPREsearchindexer.txt
2016-09-28 20:41 - 2016-09-28 20:41 - 00005778 _____ C:\Users\User\Desktop\firefoxpluginsstartup.txt
2016-09-28 20:40 - 2016-09-28 20:40 - 00003586 _____ C:\Users\User\Desktop\startup.chromeplugins.txt
2016-09-28 07:00 - 2016-10-05 20:49 - 00003448 _____ C:\Users\User\Desktop\Rkill.txt
2016-09-27 00:53 - 2016-10-05 21:07 - 00000000 ____D C:\Users\User\Desktop\mbar
2016-09-27 00:52 - 2016-09-27 00:52 - 00001061 _____ C:\Users\User\Desktop\mbammmm.txt
2016-09-26 20:58 - 2016-09-26 21:03 - 00026998 _____ C:\Users\User\Desktop\MTB.txt
2016-09-26 20:56 - 2016-10-05 04:19 - 00003788 _____ C:\Users\User\Desktop\FSS.txt
2016-09-26 19:48 - 2016-09-26 19:48 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill.exe
2016-09-26 19:47 - 2016-09-26 19:47 - 00892416 _____ (Farbar) C:\Users\User\Desktop\MiniToolBox.exe
2016-09-26 19:46 - 2016-09-26 19:46 - 00899584 _____ (Farbar) C:\Users\User\Desktop\FSS.exe
2016-09-26 19:46 - 2016-09-26 19:46 - 00852798 _____ C:\Users\User\Desktop\SecurityCheck.exe
2016-09-26 10:30 - 2016-09-26 10:31 - 00000000 ____D C:\Users\User\Desktop\sd card removable
2016-09-26 10:24 - 2016-09-26 10:24 - 00000000 ____D C:\Users\User\Documents\sd card removable
2016-09-26 10:19 - 2016-09-26 10:19 - 00000000 ____D C:\Users\User\Downloads\DCIM
2016-09-26 10:18 - 2016-10-03 22:38 - 00000636 _____ C:\Users\User\Desktop\EEK - Shortcut.lnk
2016-09-24 01:28 - 2016-09-24 01:28 - 00000605 _____ C:\Users\User\Desktop\my-ublock-dynamic-rules_9_24_2016,_1_27_58_AM.txt
2016-09-24 01:24 - 2016-09-24 01:24 - 00000605 _____ C:\Users\User\Desktop\my-ublock-dynamic-rules_9_24_2016,_1_24_10_AM.txt
2016-09-24 00:50 - 2016-09-24 00:50 - 03861056 _____ C:\Users\User\Desktop\adwcleaner_6.020.exe
2016-09-20 13:27 - 2016-08-05 09:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-13 17:26 - 2016-09-01 12:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-13 17:26 - 2016-08-31 21:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-13 17:26 - 2016-08-31 21:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-09-13 17:26 - 2016-08-31 21:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-13 17:26 - 2016-08-31 20:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-09-13 17:26 - 2016-08-31 20:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-13 17:26 - 2016-08-31 20:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-13 17:26 - 2016-08-31 20:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-09-13 17:26 - 2016-08-31 20:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-13 17:26 - 2016-08-31 20:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-13 17:26 - 2016-08-31 20:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-13 17:26 - 2016-08-31 20:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-09-13 17:26 - 2016-08-31 20:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-13 17:26 - 2016-08-31 20:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-13 17:26 - 2016-08-31 20:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-13 17:26 - 2016-08-31 20:24 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-09-13 17:26 - 2016-08-31 20:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-13 17:26 - 2016-08-31 20:14 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-09-13 17:26 - 2016-08-31 20:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-13 17:26 - 2016-08-31 19:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-09-13 17:26 - 2016-08-31 19:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-13 17:26 - 2016-08-31 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-13 17:26 - 2016-08-31 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-13 17:26 - 2016-08-31 19:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-13 17:26 - 2016-08-31 19:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-09-13 17:26 - 2016-08-31 19:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-13 17:26 - 2016-08-31 19:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-13 17:26 - 2016-08-31 19:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-13 17:26 - 2016-08-31 19:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-13 17:26 - 2016-08-31 19:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-09-13 17:26 - 2016-08-31 19:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-13 17:26 - 2016-08-31 19:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-13 17:26 - 2016-08-31 18:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-13 17:26 - 2016-08-31 18:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-13 17:26 - 2016-08-31 18:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-13 17:25 - 2016-09-02 09:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-09-13 17:25 - 2016-09-02 09:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-13 17:25 - 2016-09-02 09:21 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-13 17:25 - 2016-09-02 09:21 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-13 17:25 - 2016-09-02 09:18 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-13 17:25 - 2016-09-02 08:53 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-13 17:25 - 2016-09-02 08:53 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-13 17:25 - 2016-09-02 08:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-13 17:25 - 2016-09-02 08:53 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-13 17:25 - 2016-09-02 08:53 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-13 17:25 - 2016-09-02 08:51 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-13 17:25 - 2016-09-02 08:49 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-13 17:25 - 2016-09-02 08:49 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-13 17:25 - 2016-09-02 08:49 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-13 17:25 - 2016-09-02 08:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-13 17:25 - 2016-09-02 08:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-13 17:25 - 2016-09-02 08:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-13 17:25 - 2016-09-02 08:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-13 17:25 - 2016-08-15 20:48 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-13 17:25 - 2016-08-15 20:28 - 02399232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-13 17:25 - 2016-08-12 10:21 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-13 17:25 - 2016-08-12 10:21 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-13 17:25 - 2016-08-12 10:21 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-13 17:25 - 2016-08-06 09:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-13 17:25 - 2016-07-07 09:20 - 01309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-09-13 17:25 - 2016-07-07 09:20 - 00240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-09-13 17:25 - 2016-07-07 09:20 - 00187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-09-13 17:25 - 2016-07-07 08:57 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-09-13 17:25 - 2016-07-01 09:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-13 17:25 - 2016-07-01 09:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-09-10 21:25 - 2016-09-10 21:25 - 03826240 _____ C:\Users\User\Desktop\adw.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-05 21:07 - 2016-04-15 03:45 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-10-05 20:49 - 2016-07-22 17:51 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-05 16:06 - 2015-11-03 14:57 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-10-05 03:17 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\inf
2016-10-05 03:12 - 2016-01-23 16:38 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2016-10-04 21:52 - 2016-07-22 17:52 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-04 20:52 - 2015-01-08 22:43 - 00000000 ____D C:\Windows\Minidump
2016-10-04 16:16 - 2015-06-02 21:14 - 00000000 ____D C:\ProgramData\Sophos
2016-10-04 14:24 - 2016-05-12 05:15 - 00000000 ____D C:\ProgramData\Panda Security
2016-10-04 13:42 - 2015-05-13 20:43 - 00000000 ____D C:\Users\User\Downloads\SysinternalsSuite
2016-10-04 12:24 - 2016-05-13 18:53 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-10-04 11:42 - 2014-03-28 08:35 - 00058408 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-04 11:28 - 2009-07-13 22:34 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-04 11:28 - 2009-07-13 22:34 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-04 11:13 - 2015-06-10 03:38 - 00002853 _____ C:\Windows\system32\GManager.ini
2016-10-04 11:12 - 2016-04-20 21:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-04 11:12 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-04 11:11 - 2016-07-26 19:56 - 00000000 ____D C:\ProgramData\panda_url_filtering
2016-10-04 11:11 - 2014-11-13 13:49 - 00121602 _____ C:\bdlog.txt
2016-10-04 08:03 - 2015-05-01 20:08 - 00000000 ____D C:\Windows\pss
2016-10-04 04:41 - 2015-05-10 09:30 - 00000000 ____D C:\Program Files\Panda Security
2016-10-04 04:41 - 2009-07-13 22:33 - 00269104 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-04 03:37 - 2016-08-30 07:11 - 00000000 ____D C:\Users\User\AppData\LocalLow\LastPass
2016-10-04 03:36 - 2016-05-12 05:17 - 00000000 ____D C:\Users\User\AppData\Roaming\Panda Security
2016-10-04 03:15 - 2016-07-22 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-10-04 02:54 - 2009-08-13 11:14 - 00472064 _____ ( ) C:\Users\User\Desktop\RootRepeal.exe
2016-10-04 02:53 - 2006-11-01 13:07 - 00334720 _____ (Sysinternals - www.sysinternals.com) C:\Users\User\Desktop\RootkitRevealer.exe
2016-10-03 23:26 - 2016-07-22 20:15 - 00000000 ____D C:\AdwCleaner
2016-10-03 23:01 - 2016-07-22 22:58 - 00001110 _____ C:\Users\User\Desktop\JRT.txt
2016-10-03 22:39 - 2016-07-22 17:55 - 00000963 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-10-03 22:39 - 2016-07-22 17:55 - 00000963 _____ C:\ProgramData\Desktop\CCleaner.lnk
2016-10-03 22:39 - 2016-06-05 20:37 - 00002679 _____ C:\Users\Public\Desktop\Skype.lnk
2016-10-03 22:39 - 2016-06-05 20:37 - 00002679 _____ C:\ProgramData\Desktop\Skype.lnk
2016-10-03 22:39 - 2016-05-16 12:41 - 00001861 _____ C:\Users\Public\Desktop\Defraggler.lnk
2016-10-03 22:39 - 2016-05-16 12:41 - 00001861 _____ C:\ProgramData\Desktop\Defraggler.lnk
2016-10-03 22:39 - 2016-04-22 06:34 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-03 22:39 - 2016-04-22 06:34 - 00002011 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-10-03 22:39 - 2016-04-22 06:34 - 00002011 _____ C:\ProgramData\Desktop\Acrobat Reader DC.lnk
2016-10-03 22:39 - 2016-04-20 21:20 - 00001031 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2016-10-03 22:39 - 2015-06-02 20:05 - 00000935 _____ C:\Users\Public\Desktop\Speccy.lnk
2016-10-03 22:39 - 2015-06-02 20:05 - 00000935 _____ C:\ProgramData\Desktop\Speccy.lnk
2016-10-03 22:39 - 2015-03-03 17:30 - 00002039 _____ C:\Users\Public\Desktop\Canon MP Navigator EX 5.0.lnk
2016-10-03 22:39 - 2015-03-03 17:30 - 00002039 _____ C:\ProgramData\Desktop\Canon MP Navigator EX 5.0.lnk
2016-10-03 22:39 - 2009-07-13 22:42 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-10-03 22:39 - 2009-07-13 22:42 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-10-03 22:38 - 2015-05-25 18:37 - 00001135 _____ C:\Users\User\Desktop\USB Composite Device - Shortcut.lnk
2016-10-03 22:38 - 2015-01-12 15:59 - 00001218 _____ C:\Users\User\Desktop\CCE - Shortcut.lnk
2016-10-03 22:38 - 2009-07-13 22:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-10-03 22:38 - 2009-07-13 22:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-10-03 03:48 - 2015-01-12 18:04 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-02 23:51 - 2015-06-02 14:27 - 00000000 ____D C:\ProgramData\Bitdefender
2016-10-02 22:46 - 2016-06-13 20:32 - 00000000 ____D C:\Program Files\Bitdefender
2016-10-02 22:29 - 2015-06-28 00:00 - 00000000 ____D C:\Users\User\AppData\Roaming\Mozilla
2016-10-02 22:29 - 2014-06-18 18:29 - 00000000 ____D C:\Users\User\AppData\Local\Google
2016-10-02 22:27 - 2014-06-18 18:29 - 00000000 ____D C:\Program Files\Google
2016-10-02 22:21 - 2015-12-12 17:33 - 00005510 _____ C:\Users\User\Documents\startup.txt
2016-10-02 05:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\NDF
2016-10-02 01:34 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\TAPI
2016-10-02 01:34 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system
2016-10-02 01:33 - 2016-07-22 23:00 - 00000000 ____D C:\Windows\EOONotify
2016-10-02 01:33 - 2015-06-04 15:54 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-02 01:33 - 2015-06-04 15:54 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-02 01:33 - 2015-03-29 18:47 - 00000000 ___SD C:\Windows\system32\GWX
2016-10-02 01:33 - 2009-07-13 22:52 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-10-02 01:33 - 2009-07-13 22:52 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-10-02 01:33 - 2009-07-13 22:52 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-10-02 01:33 - 2009-07-13 22:52 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-10-02 01:33 - 2009-07-13 22:52 - 00000000 ____D C:\Program Files\Windows Defender
2016-10-02 01:33 - 2009-07-13 22:52 - 00000000 ____D C:\Program Files\DVD Maker
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 __RSD C:\Windows\Media
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 __RHD C:\Users\Public\Libraries
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\sysprep
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\Setup
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\ras
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\oobe
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\Msdtc
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\migwiz
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\manifeststore
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\lv-LV
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\lt-LT
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\icsxml
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\ias
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\et-EE
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\Dism
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\com
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\servicing
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\rescache
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\L2Schemas
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\IME
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Cursors
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Common Files\System
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Common Files\Services
2016-10-02 01:26 - 2015-01-29 02:26 - 00000000 ____D C:\Windows\system32\Lang
2016-10-02 01:26 - 2014-11-10 20:02 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-02 01:26 - 2011-04-11 20:16 - 00000000 ____D C:\Windows\system32\winrm
2016-10-02 01:26 - 2011-04-11 20:16 - 00000000 ____D C:\Windows\system32\WCN
2016-10-02 01:26 - 2011-04-11 20:16 - 00000000 ____D C:\Windows\system32\slmgr
2016-10-02 01:26 - 2011-04-11 20:16 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-10-02 01:26 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\spool
2016-10-02 01:26 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\SMI
2016-10-02 01:26 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\MUI
2016-10-02 01:26 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\IME
2016-10-02 01:25 - 2014-11-20 15:45 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2016-10-02 01:25 - 2009-07-13 22:34 - 00000000 ____D C:\Windows\Setup
2016-10-02 01:24 - 2009-07-13 22:52 - 00000000 ____D C:\Windows\Performance
2016-10-02 01:24 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\security
2016-10-02 01:24 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\schemas
2016-10-02 01:24 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Resources
2016-10-02 01:24 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\PLA
2016-10-02 01:23 - 2016-07-23 00:27 - 00000000 ____D C:\ProgramData\Ashampoo
2016-10-02 01:23 - 2016-07-22 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-02 01:23 - 2016-07-22 17:55 - 00000000 ____D C:\Program Files\CCleaner
2016-10-02 01:23 - 2016-07-22 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-02 01:23 - 2016-07-22 17:51 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-10-02 01:23 - 2016-07-14 06:48 - 00000000 ____D C:\Users\User\AppData\Roaming\DivX
2016-10-02 01:23 - 2016-06-14 15:32 - 00000000 ____D C:\Users\User\Desktop\Paystubs for Mathew Kenyon_files
2016-10-02 01:23 - 2016-06-14 10:14 - 00000000 ____D C:\Users\User\Desktop\BankSearch Results_files
2016-10-02 01:23 - 2016-06-05 20:37 - 00000000 ___RD C:\Program Files\Skype
2016-10-02 01:23 - 2016-06-05 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-10-02 01:23 - 2016-06-05 20:37 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-10-02 01:23 - 2016-05-16 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2016-10-02 01:23 - 2016-05-16 12:41 - 00000000 ____D C:\Program Files\Defraggler
2016-10-02 01:23 - 2016-04-19 07:35 - 00000000 ____D C:\Windows\ERUNT
2016-10-02 01:23 - 2016-03-15 11:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-02 01:23 - 2016-03-15 11:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-02 01:23 - 2016-03-06 00:04 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-10-02 01:23 - 2016-03-06 00:02 - 00000000 ____D C:\Program Files\VS Revo Group
2016-10-02 01:23 - 2015-06-10 03:49 - 00000000 ____D C:\Users\User\Desktop\j5UsbDisplayAdapter-v15.01.0128.3179-win
2016-10-02 01:23 - 2015-06-10 03:49 - 00000000 ____D C:\Program Files\MCT Corp
2016-10-02 01:23 - 2015-06-02 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-10-02 01:23 - 2015-06-02 20:04 - 00000000 ____D C:\Program Files\Speccy
2016-10-02 01:23 - 2015-05-25 19:16 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2016-10-02 01:23 - 2015-05-25 19:15 - 00000000 ____D C:\ProgramData\Skype
2016-10-02 01:23 - 2015-05-25 18:33 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-10-02 01:23 - 2015-05-20 14:48 - 00000000 ____D C:\Program Files\Common Files\DesktopUtil
2016-10-02 01:23 - 2015-05-02 07:50 - 00000000 ____D C:\Users\User\Downloads\Autoruns
2016-10-02 01:23 - 2015-04-25 19:32 - 00000000 ____D C:\Windows\ERDNT
2016-10-02 01:23 - 2015-04-21 05:31 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-10-02 01:23 - 2015-04-21 05:31 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-10-02 01:23 - 2015-03-03 17:34 - 00000000 ___HD C:\ProgramData\CanonIJScan
2016-10-02 01:23 - 2015-03-03 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-10-02 01:23 - 2015-03-03 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2100 series
2016-10-02 01:23 - 2015-03-03 17:09 - 00000000 ___RD C:\Users\User\Documents\Scanned Documents
2016-10-02 01:23 - 2015-02-28 17:04 - 00000000 ____D C:\Users\User\Downloads\font_in_a_red_suit
2016-10-02 01:23 - 2015-02-24 21:40 - 00000000 ____D C:\Users\User\Downloads\redsuitfont
2016-10-02 01:23 - 2015-02-13 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
2016-10-02 01:23 - 2015-01-29 02:24 - 00000000 ____D C:\Users\User\AppData\Local\Intel
2016-10-02 01:23 - 2015-01-28 20:36 - 00000000 ____D C:\Program Files\Common Files\MCTWDDM
2016-10-02 01:23 - 2015-01-12 17:22 - 00000000 ____D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2016-10-02 01:23 - 2015-01-12 17:22 - 00000000 ____D C:\ProgramData\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA}
2016-10-02 01:23 - 2015-01-12 15:55 - 00000000 ____D C:\Users\User\Desktop\Data
2016-10-02 01:23 - 2014-12-27 23:13 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2016-10-02 01:23 - 2014-11-28 14:00 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-10-02 01:23 - 2014-11-19 07:04 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2016-10-02 01:23 - 2014-11-09 16:21 - 00000000 ____D C:\Users\User\AppData\LocalLow\IObit
2016-10-02 01:23 - 2014-06-18 18:28 - 00000000 ____D C:\Users\User\AppData\Local\Apps\2.0
2016-10-02 01:23 - 2014-06-18 18:18 - 00000000 ____D C:\Program Files\AuthenTec
2016-10-02 01:23 - 2014-06-18 18:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-10-02 01:23 - 2014-03-28 02:50 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2016-10-02 01:23 - 2009-07-13 22:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-10-02 01:23 - 2009-07-13 22:52 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-10-02 01:23 - 2009-07-13 22:52 - 00000000 ____D C:\Program Files\MSBuild
2016-10-02 01:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Help
2016-10-02 01:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Globalization
2016-10-02 01:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Branding
2016-10-02 01:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\AppCompat
2016-10-02 01:23 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Windows NT
2016-10-02 01:23 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-10-02 01:23 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-10-02 01:22 - 2016-07-23 02:50 - 00000000 ____D C:\Users\Public\Documents\Ashampoo
2016-10-02 01:22 - 2016-07-23 02:50 - 00000000 ____D C:\ProgramData\Documents\Ashampoo
2016-10-02 01:22 - 2015-02-13 17:18 - 00000000 ____D C:\Program Files\AbiWord
2016-10-02 01:22 - 2015-01-12 21:16 - 00000000 ____D C:\EEK
2016-10-02 01:22 - 2014-03-28 08:37 - 00000000 ____D C:\Fuzion
2016-10-02 01:18 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\registration
2016-10-02 00:56 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Web
2016-10-02 00:56 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Vss
2016-10-02 00:42 - 2009-07-13 22:34 - 00000000 ____D C:\Windows\ServiceProfiles
2016-10-02 00:36 - 2015-03-28 16:22 - 00000000 ____D C:\Users\User\AppData\LocalLow\Sun
2016-10-02 00:36 - 2015-03-03 17:09 - 00000000 ____D C:\Users\User\Documents\Fax
2016-10-02 00:36 - 2015-01-29 02:26 - 00000000 ____D C:\Users\User\Downloads\Intel Components
2016-10-02 00:36 - 2015-01-12 04:32 - 00000000 ____D C:\Users\User\Downloads\cce_2.5.242177.201_x32
2016-10-02 00:36 - 2014-11-20 17:12 - 00000000 ____D C:\Users\User\AppData\Roaming\Canon
2016-10-02 00:36 - 2014-11-17 13:51 - 00000000 ____D C:\Users\User\AppData\Roaming\OpenOffice
2016-10-02 00:36 - 2014-03-28 04:43 - 00000000 ____D C:\Users\User\AppData\Roaming\Adobe
2016-10-02 00:35 - 2016-07-14 06:48 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-02 00:35 - 2015-05-19 10:02 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-10-02 00:34 - 2016-04-20 21:20 - 00000000 ____D C:\Program Files\Secunia
2016-10-02 00:34 - 2016-04-18 16:17 - 00000000 ____D C:\Program Files\Sophos
2016-10-02 00:34 - 2015-01-12 21:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-02 00:34 - 2014-11-28 13:59 - 00000000 ____D C:\ProgramData\Adobe
2016-10-02 00:34 - 2014-11-20 15:45 - 00000000 ___HD C:\ProgramData\CanonBJ
2016-10-02 00:33 - 2016-07-23 17:03 - 00000000 ____D C:\Program Files\ESET
2016-10-02 00:33 - 2015-06-10 03:51 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-10-02 00:32 - 2015-06-23 20:59 - 00000000 ____D C:\Program Files\Common Files\AV
2016-10-02 00:32 - 2015-03-03 17:30 - 00000000 ____D C:\Program Files\Canon
2016-10-02 00:32 - 2014-11-20 15:44 - 00000000 ___HD C:\Program Files\CanonBJ
2016-10-02 00:31 - 2015-06-18 06:53 - 00000000 ____D C:\Program Files\Adobe
2016-10-02 00:31 - 2014-03-28 02:50 - 00000000 ____D C:\Dell
2016-10-01 21:06 - 2016-07-23 00:27 - 00000000 ____D C:\Program Files\Ashampoo
2016-10-01 20:08 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\inetsrv
2016-10-01 04:14 - 2015-05-02 08:01 - 00007617 _____ C:\Users\User\AppData\Local\Resmon.ResmonCfg
2016-09-28 21:40 - 2014-12-09 10:10 - 00000000 ____D C:\Users\User\AppData\Temp
2016-09-26 19:48 - 2016-04-12 11:28 - 16563352 _____ (Malwarebytes Corp.) C:\Users\User\Desktop\mbar-1.09.3.1001.exe
2016-09-14 10:05 - 2010-11-20 15:01 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-14 09:59 - 2015-11-15 17:22 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-09-14 05:40 - 2014-03-28 03:35 - 00000000 ____D C:\Windows\system32\MRT
2016-09-14 05:12 - 2014-03-28 03:35 - 141747376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-14 02:02 - 2014-11-10 20:02 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-09-14 02:02 - 2014-11-10 20:02 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-10-03 02:00 - 2016-10-03 02:00 - 0000062 _____ () C:\Users\User\AppData\Roaming\settings.ini
2015-05-02 08:01 - 2016-10-01 04:14 - 0007617 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\User\AppData\Roaming\settings.ini


Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\HitmanPro.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-25 08:28

==================== End of FRST.txt ============================



#3 raymj49

raymj49
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:36 PM

Posted 09 October 2016 - 03:01 PM

im sorry i didn't see the message righ away.  i replied to me own topic ill try o conact boopme N broni


Edited by raymj49, 09 October 2016 - 03:05 PM.


#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:36 PM

Posted 10 October 2016 - 10:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/628713 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 raymj49

raymj49
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:36 PM

Posted 12 October 2016 - 01:38 AM

Hello helpbot :)

 

 

CREATING COBIAN BACKUP

 

Have a windows tweakingrepair backup also.

 

Find new FRST scans at botom

 

 

 

What's going on:

 

Persisent infection rewrites permissions and host files,  hidden infection found with ASWMBR  File: C:\Windows\system32\csrsrv.dll Win32:Aluroot-B [Rtk]

 

What was done/has happened so far....

 

(the first few steps of removal can be found here > http://www.bleepingcomputer.com/forums/t/627744/can-someone-help-me-clean-sweep-my-computer-please/page-2 )

 

not much besides adware was found however afterwards.... began getting the message "access denied"

 

 

I noticed there were constantly many new User groups, with object permissions being created by someone else, just some small things with networking, the file paths from browser extenions in Firefox, after being normal for months, would change from legit, normal filenames to inserting "lu6of458" as a "user profile" as follows:

 

CCleaner addons tool

 

No    Extension    Bitdefender Wallet    3.0    BitDefender S.R.L.    default    Firefox 49.0.1    C:\Program Files\Bitdefender\Bitdefender 2016\bdwteff
No    Plugin    Silverlight Plug-In    5.1.50709.0     Microsoft Corporation    default    Firefox 49.0.1    c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll
No    Extension    Multi-process staged rollout    1.2        default    Firefox 49.0.1    C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
No    Extension    Pocket    1.0.4        default    Firefox 49.0.1    C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
No    Extension    Web Compat    1.0        default    Firefox 49.0.1    C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
No    Extension    HTTPS Everywhere    5.2.5    EFF Technologists    default    Firefox 49.0.1    C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lu6of458.default\extensions\https-everywhere@eff.org.xpi
No    Plugin    Primetime Content Decryption Module provided by Adobe Systems, Incorporated    17    Adobe Systems Inc    default    Firefox 49.0.1    C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lu6of458.default\gmp-eme-adobe\17\eme-adobe.dll
Yes    Plugin    OpenH264 Video Codec    1.6    Mozilla Corporation    default    Firefox 49.0.1    C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lu6of458.default\gmp-gmpopenh264\1.6\gmpopenh264.dll
No    Plugin        1.4.8.903    Google Inc.    default    Firefox 49.0.1    C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lu6of458.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll

 

 

 

I began to be denied access to make "run as admin" changes,  and then quickly became increasingly restricted as far as user access just to open programs or make small changes, there were a lot of hosts files in some of the scans we did, and changes to the network

   

     Did a little research, (apparently running as an Admin probably helped them make changes in neworking) Despite message "cannot open access control editor, access denied" managed to inherit back explorer parent object permissions  and started a few steps to regain control of C:/.  here's the help file:           file:///C:/Users/User/Desktop/Can't%20open%20access%20control%20editor.%20Access%20is%20denied%20-%20Microsoft%20Community.htm

 

 

found NetAdapterRepair

 

 

and tweaking.com windows repair, haven't done too much else didn't want to do harm...

 

V

 

  Felt like there was a persistent Hidden trojan or backdoor... worried about keylogging

 

 

downloaded a few more rootkit programs befpre re running jrt, Adwcleaner and MBAM

 

 

      Rebooted in safe mode, but had to be with networking to catch this:

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-10-04 13:23:13
-----------------------------
13:23:13.406    OS Version: Windows 6.1.7601 Service Pack 1
13:23:13.406    Number of processors: 2 586 0xF0B
13:23:13.406    ComputerName: USER-PC  UserName: User
13:23:39.692    Initialize success
13:25:47.269    AVAST engine defs: 16100401
13:33:38.749    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
13:33:38.749    Disk 0 Vendor: WDC_WD1600BEKT-00PVMT0 01.01A01 Size: 152627MB BusType: 3
13:33:38.952    Disk 0 MBR read successfully
13:33:38.952    Disk 0 MBR scan
13:33:38.952    Disk 0 Windows 7 default MBR code
13:33:38.983    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:33:38.983    Disk 0 default boot code
13:33:38.998    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       152524 MB offset 206848
13:33:39.014    Disk 0 scanning sectors +312576000
13:33:39.108    Disk 0 scanning C:\Windows\system32\drivers
13:33:45.098    Service scanning
13:34:05.877    Modules scanning
13:34:05.877    Disk 0 trace - called modules:
13:34:05.924    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
13:34:05.924    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b30338]
13:34:05.940    3 CLASSPNP.SYS[8c20459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85a39030]
13:34:06.595    AVAST engine scan C:\Windows
13:34:08.607    AVAST engine scan C:\Windows\system32
13:34:17.546    File: C:\Windows\system32\csrsrv.dll  **INFECTED** Win32:Aluroot-B [Rtk]
13:36:02.722    AVAST engine scan C:\Windows\system32\drivers
13:36:09.601    AVAST engine scan C:\Users\User
13:40:43.662    AVAST engine scan C:\ProgramData
13:42:40.522    Disk 0 statistics 3134865/0/0 @ 4.59 MB/s
13:42:40.522    Scan finished successfully
13:44:48.848    Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
13:44:48.848    The log file has been saved successfully to "C:\Users\User\Desktop\aswMBRlog2.txt"
13:45:56.006    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
13:45:56.006    Disk 0 Vendor: WDC_WD1600BEKT-00PVMT0 01.01A01 Size: 152627MB BusType: 3
13:45:56.443    Disk 0 MBR read successfully
13:45:56.443    Disk 0 MBR scan
13:45:56.443    Disk 0 Windows 7 default MBR code
13:45:56.459    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:45:56.459    Disk 0 default boot code
13:45:56.474    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       152524 MB offset 206848
13:45:56.490    Disk 0 scanning sectors +312576000
13:45:56.646    Disk 0 scanning C:\Windows\system32\drivers
13:46:12.215    Service scanning
13:46:33.243    Modules scanning
13:46:33.243    Disk 0 trace - called modules:
13:46:33.290    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
13:46:33.290    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b30338]
13:46:33.290    3 CLASSPNP.SYS[8c20459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85a39030]
13:46:34.148    AVAST engine scan C:\Users\User
13:51:10.581    Disk 0 statistics 3849947/0/0 @ 3.16 MB/s
13:51:10.581    Scan finished successfully
14:27:15.882    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
14:27:15.898    Disk 0 Vendor: WDC_WD1600BEKT-00PVMT0 01.01A01 Size: 152627MB BusType: 3
14:27:16.101    Disk 0 MBR read successfully
14:27:16.101    Disk 0 MBR scan
14:27:16.116    Disk 0 Windows 7 default MBR code
14:27:16.132    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:27:16.132    Disk 0 default boot code
14:27:16.147    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       152524 MB offset 206848
14:27:16.147    Disk 0 scanning sectors +312576000
14:27:16.272    Disk 0 scanning C:\Windows\system32\drivers
14:27:23.495    Service scanning
14:27:44.274    Modules scanning
14:27:44.274    Disk 0 trace - called modules:
14:27:44.305    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
14:27:44.305    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b30338]
14:27:44.305    3 CLASSPNP.SYS[8c20459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85a39030]
14:27:45.101    AVAST engine scan C:\Users
14:31:18.650    Disk 0 statistics 4541361/0/0 @ 2.82 MB/s
14:31:18.650    Scan finished successfully
01:06:37.746    Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
01:06:37.746    The log file has been saved successfully to "C:\Users\User\Desktop\anotherRkt.txt"

 

rhaven't cleaned the infected file as any topics regarding csrsrv.dll Win32:Aluroot-B [Rtk]

 

Have a few JRT ad ADWcleaner logs if you'd ike them let me know,

 

Here's FRST in normal mode, I will be restarting in safe mode with networking they are already making permissions changes in my computer in hese few minutes and the worm is not detecable in regular mode

 

here's this in Glasswire ha pops up too:

 

The application publisher changed c:\windows\system32\svchost.exe to empty value...

 

it is no longer signed

 

6.1.7600.16385

 

BWT

 

What if the virus has attatched to or modified files, won't Cobian just Store this (trojans/worms) and put them back if I  need to restore my files?

 

I was not given a Win 7 disk, but have ordered a computer where it should have one.

 

 

FRST log in normal mode:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-10-2016
Ran by User (administrator) on USER-PC (12-10-2016 00:27:21)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User & standard user)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SecureMix LLC) C:\Users\User\Desktop\GlassWire\GWCtlSrv.exe
() C:\Windows\System32\GManager.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Common Files\DesktopUtil\MCTDesktopSvr.exe
() C:\Windows\System32\mlpatch.exe
(Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SecureMix LLC) C:\Users\User\Desktop\GlassWire\GWIdlMon.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Magic Control Technology Corporation) C:\Program Files\MCT Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe
(Magic Control Technology Corporation) C:\Program Files\Common Files\DesktopUtil\FDispPos.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Magic Control Technology Corporation) C:\Program Files\Common Files\DesktopUtil\MCTDUtil.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxapps.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(SecureMix LLC) C:\Users\User\Desktop\GlassWire\GlassWire.exe
(CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\cbInterface.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FDispPos] => C:\Program Files\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [TUCCDUtil] => C:\Program Files\MCT Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe [1895120 2016-02-19] (Magic Control Technology Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1850008 2016-06-24] (Bitdefender)
HKLM\...\Run: [MCTDUtil] => C:\Program Files\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6851288 2016-07-13] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BdBkpFolder [2016-10-02] ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\errorlog.txt [2016-10-06] ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2015-04-25]
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE (No File)
BootExecute: autocheck autochk * PCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bit

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{1AED7253-C9FE-4157-87BD-EE2B0C22DD06}: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{8F63A442-460E-48CB-B09E-2656CA02289B}: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{C8A4187E-AC82-4DDB-97DE-F06B80F10149}: [DhcpNameServer] 192.168.0.1 205.171.2.25

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-16] (Bitdefender)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-16] (Bitdefender)

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p546gtjd.default-1475661595842 [2016-10-12]
FF Extension: (uBlock Origin) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p546gtjd.default-1475661595842\Extensions\uBlock0@raymondhill.net.xpi [2016-10-05]
FF HKLM\...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\\bdwteff => not found
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2016\bdwteff [2016-06-27]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-06-27] [not signed]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pandasecuritytb.xml [2016-10-03]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2344209301-3139434391-2345241000-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://clients.mindbodyonline.com/classic/home?studioid=46312
CHR DefaultSearchKeyword: Default -> lp
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\53.0.2785.116\PepperFlash\pepflashplayer.dll => No File
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2016-10-04]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-10-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-02]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-02]
CHR HKLM\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [84848 2016-10-05] (Bitdefender)
R2 GlassWire; C:\Users\User\Desktop\GlassWire\GWCtlSrv.exe [4366288 2016-08-31] (SecureMix LLC)
R2 GManager; C:\Windows\system32\GManager.exe [226904 2012-08-28] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MCTDesktopSvr; C:\Program Files\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
R2 MlPatch; C:\Windows\system32\MlPatch.exe [1648944 2014-08-22] ()
R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [276488 2015-11-06] (Visicom Media Inc.)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1088944 2016-09-13] (Bitdefender)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [121112 2016-06-16] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1410496 2016-06-24] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S3 TAZZEF; C:\Users\User\AppData\Local\Temp\TAZZEF.exe [X]
S3 TMPXBQEMCDCBZ; C:\Users\User\AppData\Local\Temp\TMPXBQEMCDCBZ.exe [X]
S3 UOOBJ; C:\Users\User\AppData\Local\Temp\UOOBJ.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1258376 2016-10-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [696632 2016-10-02] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [105568 2016-06-15] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [83824 2015-12-04] (BitDefender)
R3 guardian2; C:\Windows\System32\Drivers\oz776.sys [71096 2014-11-13] (O2Micro)
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [27568 2015-05-28] (SecureMix LLC)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [196000 2015-12-16] (BitDefender LLC)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-01-13] (REALiX™)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [4808192 2009-09-23] (Intel Corporation) [File not signed]
R0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [245224 2016-06-16] (Bitdefender)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-10-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R3 mctkmd; C:\Windows\system32\drivers\mctkmd.sys [142032 2016-02-03] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr.sys [17024 2011-04-08] (Magic Control Technology Corporation)
S3 MctUsbAudio; C:\Windows\System32\DRIVERS\MctFlt.sys [19248 2015-03-10] (Windows ® Win 7 DDK provider)
R3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [40024 2014-02-18] (Visicom Media Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2016-02-02] (Secunia)
S3 t5usb; C:\Windows\System32\drivers\t5usb.sys [120072 2016-03-21] (Magic Control Technology Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [458656 2016-03-10] (BitDefender S.R.L.)
S4 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
S4 cpuz137; \??\C:\Users\User\AppData\Local\Temp\cpuz137\cpuz137_x32.sys [X]
S3 rootrepeal; \??\C:\Windows\system32\drivers\rootrepeal.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-11 23:45 - 2016-10-12 00:24 - 00000000 ____D C:\Users\User\Documents\User 2016-10-11 23;45;03 (Full)
2016-10-11 23:37 - 2016-10-11 23:37 - 00037506 _____ C:\ProgramData\dm.1476250579.bdinstall.bin
2016-10-11 23:13 - 2016-10-11 23:13 - 104858112 _____ C:\Users\User\Documents\Bi VAULT.bvd
2016-10-11 22:47 - 2016-10-11 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2016-10-11 22:43 - 2016-10-11 22:43 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\User\cbSetup.exe
2016-10-11 22:31 - 2016-10-11 22:31 - 00001417 _____ C:\Users\standard user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-10-11 22:31 - 2016-10-11 22:31 - 00000000 ____D C:\Users\standard user\AppData\Roaming\Adobe
2016-10-11 22:31 - 2016-10-11 22:31 - 00000000 ____D C:\Users\standard user\AppData\Local\VirtualStore
2016-10-11 22:28 - 2016-10-11 22:47 - 00000000 ____D C:\Program Files\Cobian Backup 11
2016-10-11 22:25 - 2016-10-11 22:41 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\User\Desktop\cbSetup.exe
2016-10-09 13:48 - 2016-10-11 22:16 - 00000000 ____D C:\Users\standard user\AppData\Local\Mozilla
2016-10-09 13:48 - 2016-10-09 13:48 - 00000000 ____D C:\Users\standard user\AppData\Roaming\Mozilla
2016-10-06 03:06 - 2016-10-06 03:06 - 00058408 _____ C:\Users\standard user\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-06 03:04 - 2016-10-06 03:04 - 00000000 ____D C:\Users\standard user\AppData\Roaming\Bitdefender
2016-10-06 00:07 - 2016-10-06 00:07 - 00201804 _____ C:\TDSSKiller.3.1.0.11_06.10.2016_00.07.14_log.txt
2016-10-05 23:40 - 2016-10-05 23:40 - 00000020 ___SH C:\Users\standard user\ntuser.ini
2016-10-05 23:40 - 2016-10-05 23:40 - 00000000 _SHDL C:\Users\standard user\My Documents
2016-10-05 23:40 - 2016-10-05 23:40 - 00000000 _SHDL C:\Users\standard user\Documents\My Videos
2016-10-05 23:40 - 2016-10-05 23:40 - 00000000 _SHDL C:\Users\standard user\Documents\My Pictures
2016-10-05 23:40 - 2016-10-05 23:40 - 00000000 _SHDL C:\Users\standard user\Documents\My Music
2016-10-05 23:40 - 2016-10-05 23:40 - 00000000 ____D C:\Users\standard user
2016-10-05 23:38 - 2016-10-05 23:39 - 29249624 _____ (Tweaking.com) C:\Users\User\Desktop\tweaking.com.exe
2016-10-05 23:36 - 2016-10-05 23:39 - 00010558 ____N C:\Users\User\Desktop\netadapter-log-2016-10-05-23-36-15.txt
2016-10-05 23:34 - 2016-10-05 23:34 - 00002543 ____N C:\Users\User\Desktop\netadapter-log-2016-10-05-23-34-45.txt
2016-10-05 21:05 - 2016-10-05 21:05 - 00000000 ____D C:\RegBackup
2016-10-05 20:48 - 2016-10-05 21:14 - 00045559 ____N C:\Users\User\Desktop\Addition.txt
2016-10-05 20:47 - 2016-10-12 00:27 - 00014316 _____ C:\Users\User\Desktop\FRST.txt
2016-10-05 20:47 - 2016-10-12 00:04 - 01757184 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2016-10-05 20:30 - 2016-10-12 00:27 - 00000000 ____D C:\FRST
2016-10-05 20:30 - 2016-10-05 20:30 - 00001086 ____N C:\Users\User\Desktop\FRST.exe - Shortcut.lnk
2016-10-05 20:29 - 2016-10-05 20:29 - 01755136 _____ (Farbar) C:\Users\User\Desktop\FRST(1).exe
2016-10-05 20:28 - 2016-10-05 20:28 - 01755136 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2016-10-05 04:06 - 2016-10-05 04:06 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\User\Downloads\iExplore.exe
2016-10-05 04:00 - 2016-10-05 04:00 - 00000000 ____D C:\Users\User\Desktop\Old Firefox Data
2016-10-05 03:26 - 2016-10-05 03:27 - 00000492 _____ C:\TDSSKiller.3.1.0.11_05.10.2016_03.26.55_log.txt
2016-10-05 01:06 - 2016-10-05 01:06 - 00004678 ____N C:\Users\User\Desktop\anotherRkt.txt
2016-10-05 01:01 - 2016-10-05 01:01 - 00002946 ____N C:\Users\User\Desktop\its a thing of Fox addons.txt
2016-10-04 22:00 - 2016-10-04 22:51 - 00004398 _____ C:\TDSSKiller.3.1.0.11_04.10.2016_22.00.00_log.txt
2016-10-04 21:59 - 2016-10-04 21:59 - 04747704 _____ (AO Kaspersky Lab) C:\Users\User\Desktop\thedumpstinkssuper killer.exe
2016-10-04 21:52 - 2016-10-11 22:10 - 00905078 _____ C:\Windows\ntbtlog.txt
2016-10-04 21:52 - 2016-10-04 21:52 - 00002131 ____N C:\Users\User\Desktop\bookmarkbackups - Shortcut.lnk
2016-10-04 21:06 - 2016-10-04 21:06 - 00051158 _____ C:\Users\User\Desktop\registryPRECUM.txt
2016-10-04 21:05 - 2016-10-04 21:05 - 00000424 ____N C:\Users\User\Desktop\cbackupbackup9.reg
2016-10-04 21:01 - 2016-10-04 21:01 - 00007714 _____ C:\Windows\system32\ccloggies.txt
2016-10-04 17:47 - 2016-10-04 17:47 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-10-04 15:11 - 2016-10-04 15:11 - 00001397 ____N C:\Users\User\Desktop\Logitech® Unifying Receiver - Shortcut.lnk
2016-10-04 13:44 - 2016-10-04 13:44 - 00002076 ____N C:\Users\User\Desktop\aswMBRlog2.txt
2016-10-04 12:53 - 2016-10-04 12:53 - 00010254 _____ C:\Users\User\Desktop\Tweaking.com - Windows Repair - Found Reparse Points.txt
2016-10-04 12:29 - 2016-10-04 12:40 - 00002121 _____ C:\Users\User\Desktop\Tweaking.com - Windows Repair.lnk
2016-10-04 12:29 - 2016-10-04 12:37 - 00000550 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2016-10-04 12:29 - 2016-10-04 12:29 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-10-04 12:29 - 2016-10-04 12:29 - 00000000 ____D C:\Program Files\Tweaking.com
2016-10-04 12:20 - 2016-10-04 20:52 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2016-10-04 11:20 - 2016-10-04 11:24 - 00205294 _____ C:\TDSSKiller.3.1.0.11_04.10.2016_11.20.20_log.txt
2016-10-04 11:17 - 2016-10-04 11:19 - 00006714 _____ C:\TDSSKiller.3.1.0.11_04.10.2016_11.17.35_log.txt
2016-10-04 07:05 - 2016-10-04 07:05 - 00016633 _____ C:\Users\User\AppData\LocalLow\wbk9D8A.tmp
2016-10-04 05:11 - 2016-10-04 05:11 - 00014034 _____ C:\Users\User\Documents\startupgoogupdatetaskmachinecore.txt
2016-10-04 04:54 - 2016-10-04 04:54 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-10-04 04:48 - 2016-10-04 05:16 - 00623876 _____ C:\TDSSKiller.3.1.0.11_04.10.2016_04.48.22_log.txt
2016-10-04 04:39 - 2016-10-04 04:40 - 19550208 _____ C:\Windows\system32\PNWCAIQZRVB
2016-10-04 03:50 - 2016-10-04 03:50 - 00000000 ____D C:\SUPERDelete
2016-10-04 03:12 - 2016-10-04 03:20 - 00000000 ____D C:\ProgramData\Heimdal Security
2016-10-04 03:00 - 2016-10-04 03:00 - 00000189 _____ C:\Users\User\Desktop\RootRepeal_crash_100416.030002.txt
2016-10-04 03:00 - 2016-10-04 03:00 - 00000189 _____ C:\Users\User\Desktop\RootRepeal_crash_100416.030001.txt
2016-10-04 02:59 - 2016-10-04 02:59 - 00000188 _____ C:\Users\User\Desktop\RootRepeal_crash_100416.025959.txt
2016-10-04 02:55 - 2016-10-04 02:55 - 00000000 ____D C:\Users\User\AppData\Local\Zemana
2016-10-04 02:54 - 2016-10-04 08:32 - 00000000 ____D C:\Program Files\Heimdal
2016-10-04 02:54 - 2016-10-04 03:00 - 00000000 ____D C:\Users\User\Desktop\RootRepeal
2016-10-04 02:54 - 2016-10-04 02:54 - 00000000 ____D C:\ProgramData\CSIS
2016-10-04 02:53 - 2016-10-04 02:59 - 00000000 ____D C:\Users\User\Desktop\RootkitRevealer
2016-10-04 02:46 - 2016-10-04 02:46 - 29164488 _____ (Tweaking.com) C:\Users\User\Desktop\tweaking.com_windows_repair_aio_setup.exe
2016-10-04 02:46 - 2016-10-04 02:46 - 00000194 _____ C:\Users\User\Desktop\hosts-perm.bat
2016-10-04 02:45 - 2016-10-04 02:46 - 33624128 _____ (Adlice Software ) C:\Users\User\Desktop\setuproguwekillwe.exe
2016-10-04 02:39 - 2016-10-04 02:39 - 04177016 _____ (CSIS Security Group) C:\Users\User\Desktop\HeimdalSetup.exe
2016-10-04 02:33 - 2016-10-04 02:33 - 02915320 _____ (Google) C:\Users\User\Desktop\chrome_cleanup_tool.exe
2016-10-04 02:31 - 2016-10-04 02:31 - 00231390 _____ C:\Users\User\Desktop\RootkitRevealer.zip
2016-10-04 02:30 - 2016-10-04 02:57 - 00598505 _____ C:\Users\User\Desktop\RootRepeal.zip
2016-10-04 02:26 - 2016-10-04 02:26 - 05361224 _____ ( ) C:\Users\User\Desktop\Zemana.AntiMalware.Setup.exe
2016-10-04 01:40 - 2016-10-04 01:40 - 00001530 _____ C:\Users\Public\Desktop\GlassWire.lnk
2016-10-04 01:40 - 2016-10-04 01:40 - 00000000 ____D C:\Users\User\Desktop\GlassWire
2016-10-04 01:40 - 2016-10-04 01:40 - 00000000 ____D C:\Users\User\AppData\Local\GlassWire
2016-10-04 01:40 - 2016-10-04 01:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2016-10-04 01:40 - 2016-10-04 01:40 - 00000000 ____D C:\ProgramData\GlassWire
2016-10-04 01:40 - 2015-05-28 22:30 - 00008657 _____ C:\Windows\system32\Drivers\gwdrv.cat
2016-10-04 01:40 - 2015-05-28 22:15 - 00027568 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
2016-10-03 23:30 - 2016-10-04 01:39 - 00009061 ____N C:\Users\User\Desktop\netad 2016-10-03-23-30-21.txt
2016-10-03 23:28 - 2016-10-03 23:37 - 00215164 _____ C:\TDSSKiller.3.1.0.11_03.10.2016_23.28.25_log.txt
2016-10-03 23:08 - 2016-10-03 23:08 - 00205072 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2016-10-03 23:02 - 2016-10-03 23:03 - 00000312 ____N C:\Users\User\Desktop\netadapter-log-2016-10-03-23-02-11.txt
2016-10-03 23:01 - 2016-10-03 23:01 - 00000312 ____N C:\Users\User\Desktop\netadapter-log-2016-10-03-23-01-05.txt
2016-10-03 22:39 - 2016-10-03 22:39 - 00001060 _____ C:\mbamreplu6.txt
2016-10-03 22:28 - 2016-10-03 22:28 - 00002556 ____N C:\Users\User\Desktop\aswMBR2.txt
2016-10-03 05:15 - 2016-10-03 05:25 - 00453679 ____N C:\Users\User\Desktop\netadapter-log-2016-10-03-5-15-34.txt
2016-10-03 05:00 - 2016-10-03 22:31 - 00001358 ____N C:\Users\User\Desktop\FixExec.txt
2016-10-03 04:37 - 2016-10-03 04:37 - 00000000 ____D C:\Rem-VBSqt
2016-10-03 04:23 - 2016-10-03 04:23 - 00000812 _____ C:\Users\User\Desktop\PABDALOG.txt
2016-10-03 04:11 - 2016-10-03 04:11 - 00000000 ____D C:\Program Files\Panda Security URL Filtering
2016-10-03 04:10 - 2016-10-03 04:10 - 00000000 ____D C:\Users\User\AppData\Roaming\Search The Web
2016-10-03 02:41 - 2016-10-03 02:41 - 00004107 ____N C:\Users\User\Desktop\aswMBR.txt
2016-10-03 02:00 - 2016-10-03 02:00 - 00000062 _____ C:\Users\User\AppData\Roaming\settings.ini
2016-10-03 01:39 - 2016-10-03 01:43 - 00200658 _____ C:\TDSSKiller.3.1.0.11_03.10.2016_01.39.44_log.txt
2016-10-03 01:38 - 2016-10-05 01:06 - 00000512 ____N C:\Users\User\Desktop\MBR.dat
2016-10-03 01:38 - 2016-10-03 04:57 - 00008436 ____N C:\Users\User\Desktop\aswMBRlog.txt
2016-10-03 01:00 - 2016-10-03 01:01 - 00200632 _____ C:\TDSSKiller.3.1.0.11_03.10.2016_01.00.00_log.txt
2016-10-03 00:36 - 2016-10-03 05:12 - 00000000 ____D C:\Users\User\Desktop\TMRBLog
2016-10-03 00:36 - 2016-10-03 05:11 - 00131344 _____ (trend_company_name) C:\Windows\system32\Drivers\tmrkb.sys
2016-10-03 00:36 - 2016-10-03 00:36 - 00000000 ____D C:\Users\User\Desktop\log
2016-10-03 00:34 - 2016-10-03 00:34 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\FixExecfilefixer.exe
2016-10-03 00:31 - 2016-10-03 00:33 - 67688096 _____ (Panda Security, S.L.) C:\Users\User\Desktop\FREEAVpanda.exe
2016-10-03 00:26 - 2016-10-03 00:27 - 153986576 _____ (Sophos Limited) C:\Users\User\Desktop\Sophos Virus Removal Tool.exe
2016-10-03 00:26 - 2016-10-03 00:26 - 08656400 _____ (Trend Micro Inc.) C:\Users\User\Desktop\iexplorer.exe.exe
2016-10-03 00:24 - 2016-10-03 00:24 - 05198336 _____ (AVAST Software) C:\Users\User\Desktop\aswMBRantiroot.exe
2016-10-03 00:22 - 2016-10-03 00:22 - 02091520 _____ (Conner Bernhard) C:\Users\User\Desktop\NetAdapterRepair1.2.exe
2016-10-03 00:21 - 2016-10-03 00:21 - 30562448 _____ (SecureMix LLC) C:\Users\User\Desktop\GlassWireSetup.exe
2016-10-03 00:20 - 2016-10-04 02:41 - 09096848 _____ (SurfRight B.V.) C:\Users\User\Desktop\HitmanPro.exe
2016-10-02 23:55 - 2016-10-02 23:55 - 27777336 _____ (SUPERAntiSpyware) C:\Users\User\Desktop\SUPERAntiSpyware.exe
2016-10-02 23:49 - 2016-10-02 23:50 - 03861056 _____ C:\Users\User\Desktop\AdwCleaner.exe
2016-10-02 23:44 - 2016-10-02 23:44 - 02351741 _____ (SingularLabs ) C:\Users\User\Desktop\ninja-setup-3.1.5.exe
2016-10-02 23:43 - 2016-10-02 23:43 - 00543000 _____ (www.privacyroot.com) C:\Users\User\Desktop\setup_wipe.exe
2016-10-02 23:36 - 2016-10-02 23:37 - 00243560 _____ C:\Users\User\Downloads\Firefox Setup Stub 49.0.1.exe
2016-10-02 23:31 - 2016-10-02 23:31 - 00002521 ____N C:\Users\User\Desktop\JRT2.txt
2016-10-02 22:50 - 2016-10-02 22:50 - 00000308 _____ C:\bdr-cf04
2016-10-02 22:49 - 2016-10-03 22:39 - 00002189 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
2016-10-02 22:49 - 2016-10-02 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2016-10-02 22:48 - 2016-10-02 23:51 - 01258376 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2016-10-02 22:48 - 2016-10-02 23:51 - 00696632 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2016-10-02 22:48 - 2016-06-16 16:45 - 00245224 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
2016-10-02 22:48 - 2015-12-04 19:27 - 00083824 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2016-10-02 22:47 - 2016-10-02 22:50 - 00253404 _____ C:\bdr-ld04
2016-10-02 22:47 - 2016-10-02 22:50 - 00009216 _____ C:\bdr-ld04.mbr
2016-10-02 22:47 - 2015-12-15 21:35 - 39692613 _____ C:\bdr-im04.gz
2016-10-02 22:47 - 2012-08-15 15:28 - 02294848 _____ C:\bdr-bz04
2016-10-02 22:46 - 2016-03-10 07:41 - 00458656 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2016-10-02 22:46 - 2015-12-16 05:53 - 00196000 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2016-10-02 22:39 - 2016-10-02 22:46 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-10-02 12:34 - 2016-10-02 12:34 - 00114176 _____ (bartblaze) C:\Users\User\Desktop\wordwrm.exe
2016-10-02 12:09 - 2016-10-02 12:09 - 00448512 _____ (OldTimer Tools) C:\Users\User\Desktop\TFC.exe
2016-10-02 09:37 - 2016-10-02 09:54 - 00000000 ____D C:\Users\User\AppData\Roaming\Bitdefender
2016-10-02 09:37 - 2016-10-02 09:37 - 00000000 ____D C:\ProgramData\Bitdefender Device Management
2016-10-02 09:28 - 2016-10-02 09:28 - 09052608 _____ C:\Users\User\Desktop\bitdefender_windows_acfa4771-a7b1-4ad4-a72c-9708fbbe1c04.exe
2016-10-02 09:25 - 2016-10-02 09:25 - 09052608 _____ C:\Users\User\Desktop\bitdefender_windows_8f5ffbb9-eac6-4e0d-8f33-ade602376aa9.exe
2016-10-02 05:20 - 2016-10-02 05:20 - 00000000 ____D C:\Windows\CheckSur
2016-10-01 19:07 - 2016-10-01 19:07 - 00000000 _____ C:\Users\User\sfcdetails.txt
2016-10-01 17:45 - 2016-10-01 17:45 - 01118208 ____N C:\Users\User\Desktop\Events viewer files.evtx
2016-10-01 17:45 - 2016-10-01 17:45 - 00000000 ____D C:\Users\User\Desktop\LocaleMetaData
2016-10-01 12:34 - 2016-10-04 03:28 - 00000000 ____D C:\Windows\system32\%LOCALAPPDATA%
2016-10-01 11:52 - 2016-10-01 17:53 - 00000000 ____D C:\Users\User\Desktop\Can't open access control editor. Access is denied - Microsoft Community_files
2016-10-01 11:52 - 2016-10-01 11:52 - 00112568 ____N C:\Users\User\Desktop\Can't open access control editor. Access is denied - Microsoft Community.htm
2016-10-01 05:02 - 2016-10-01 05:02 - 00044610 _____ C:\Users\User\Desktop\services.mscPREsearchindexer.txt
2016-09-28 20:41 - 2016-09-28 20:41 - 00005778 ____N C:\Users\User\Desktop\firefoxpluginsstartup.txt
2016-09-28 20:40 - 2016-09-28 20:40 - 00003586 _____ C:\Users\User\Desktop\startup.chromeplugins.txt
2016-09-28 07:00 - 2016-10-05 23:51 - 00003224 _____ C:\Users\User\Desktop\Rkill.txt
2016-09-27 00:53 - 2016-10-05 21:07 - 00000000 ____D C:\Users\User\Desktop\mbar
2016-09-27 00:52 - 2016-09-27 00:52 - 00001061 ____N C:\Users\User\Desktop\mbammmm.txt
2016-09-26 20:58 - 2016-09-26 21:03 - 00026998 ____N C:\Users\User\Desktop\MTB.txt
2016-09-26 20:56 - 2016-10-05 04:19 - 00003788 ____N C:\Users\User\Desktop\FSS.txt
2016-09-26 19:48 - 2016-09-26 19:48 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill.exe
2016-09-26 19:47 - 2016-09-26 19:47 - 00892416 _____ (Farbar) C:\Users\User\Desktop\MiniToolBox.exe
2016-09-26 19:46 - 2016-09-26 19:46 - 00899584 _____ (Farbar) C:\Users\User\Desktop\FSS.exe
2016-09-26 19:46 - 2016-09-26 19:46 - 00852798 _____ C:\Users\User\Desktop\SecurityCheck.exe
2016-09-26 10:30 - 2016-09-26 10:31 - 00000000 ____D C:\Users\User\Desktop\sd card removable
2016-09-26 10:24 - 2016-09-26 10:24 - 00000000 ____D C:\Users\User\Documents\sd card removable 2016-10-11 23;45;03 (Full)
2016-09-26 10:24 - 2016-09-26 10:24 - 00000000 ____D C:\Users\User\Documents\sd card removable
2016-09-26 10:19 - 2016-09-26 10:19 - 00000000 ____D C:\Users\User\Downloads\DCIM
2016-09-26 10:18 - 2016-10-03 22:38 - 00000636 ____N C:\Users\User\Desktop\EEK - Shortcut.lnk
2016-09-24 01:28 - 2016-09-24 01:28 - 00000605 _____ C:\Users\User\Desktop\my-ublock-dynamic-rules_9_24_2016,_1_27_58_AM.txt
2016-09-24 01:24 - 2016-09-24 01:24 - 00000605 _____ C:\Users\User\Desktop\my-ublock-dynamic-rules_9_24_2016,_1_24_10_AM.txt
2016-09-24 00:50 - 2016-09-24 00:50 - 03861056 _____ C:\Users\User\Desktop\adwcleaner_6.020.exe
2016-09-20 13:27 - 2016-08-05 09:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-13 17:26 - 2016-09-01 12:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-13 17:26 - 2016-08-31 21:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-13 17:26 - 2016-08-31 21:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-09-13 17:26 - 2016-08-31 21:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-13 17:26 - 2016-08-31 20:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-09-13 17:26 - 2016-08-31 20:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-13 17:26 - 2016-08-31 20:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-13 17:26 - 2016-08-31 20:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-09-13 17:26 - 2016-08-31 20:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-13 17:26 - 2016-08-31 20:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-13 17:26 - 2016-08-31 20:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-13 17:26 - 2016-08-31 20:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-09-13 17:26 - 2016-08-31 20:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-13 17:26 - 2016-08-31 20:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-13 17:26 - 2016-08-31 20:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-13 17:26 - 2016-08-31 20:24 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-09-13 17:26 - 2016-08-31 20:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-13 17:26 - 2016-08-31 20:14 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-09-13 17:26 - 2016-08-31 20:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-13 17:26 - 2016-08-31 19:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-09-13 17:26 - 2016-08-31 19:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-13 17:26 - 2016-08-31 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-13 17:26 - 2016-08-31 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-13 17:26 - 2016-08-31 19:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-13 17:26 - 2016-08-31 19:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-09-13 17:26 - 2016-08-31 19:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-13 17:26 - 2016-08-31 19:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-13 17:26 - 2016-08-31 19:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-13 17:26 - 2016-08-31 19:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-13 17:26 - 2016-08-31 19:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-09-13 17:26 - 2016-08-31 19:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-13 17:26 - 2016-08-31 19:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-13 17:26 - 2016-08-31 18:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-13 17:26 - 2016-08-31 18:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-13 17:26 - 2016-08-31 18:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-13 17:25 - 2016-09-02 09:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-09-13 17:25 - 2016-09-02 09:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-13 17:25 - 2016-09-02 09:21 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-13 17:25 - 2016-09-02 09:21 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-13 17:25 - 2016-09-02 09:18 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-13 17:25 - 2016-09-02 09:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-13 17:25 - 2016-09-02 08:53 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-13 17:25 - 2016-09-02 08:53 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-13 17:25 - 2016-09-02 08:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-13 17:25 - 2016-09-02 08:53 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-13 17:25 - 2016-09-02 08:53 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-13 17:25 - 2016-09-02 08:51 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-13 17:25 - 2016-09-02 08:49 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-13 17:25 - 2016-09-02 08:49 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-13 17:25 - 2016-09-02 08:49 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-13 17:25 - 2016-09-02 08:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-13 17:25 - 2016-09-02 08:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-13 17:25 - 2016-09-02 08:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-13 17:25 - 2016-09-02 08:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-13 17:25 - 2016-08-15 20:48 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-13 17:25 - 2016-08-15 20:28 - 02399232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-13 17:25 - 2016-08-12 10:21 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-13 17:25 - 2016-08-12 10:21 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-13 17:25 - 2016-08-12 10:21 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-13 17:25 - 2016-08-06 09:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-13 17:25 - 2016-07-07 09:20 - 01309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-09-13 17:25 - 2016-07-07 09:20 - 00240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-09-13 17:25 - 2016-07-07 09:20 - 00187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-09-13 17:25 - 2016-07-07 08:57 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-09-13 17:25 - 2016-07-01 09:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-13 17:25 - 2016-07-01 09:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-11 23:42 - 2016-07-22 17:52 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-11 23:36 - 2016-05-13 18:53 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-10-11 22:45 - 2009-07-13 22:34 - 00022080 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-11 22:45 - 2009-07-13 22:34 - 00022080 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-11 22:40 - 2010-11-20 15:01 - 00753668 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-11 22:40 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\inf
2016-10-11 22:34 - 2015-06-10 03:38 - 00002850 _____ C:\Windows\system32\GManager.ini
2016-10-11 22:33 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-11 22:31 - 2016-07-26 19:56 - 00000000 ____D C:\ProgramData\panda_url_filtering
2016-10-11 22:28 - 2015-11-03 14:57 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-10-09 13:51 - 2014-03-28 08:35 - 00058408 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-06 07:24 - 2009-07-13 22:33 - 00269104 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-06 01:07 - 2009-07-13 20:04 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_467
2016-10-05 23:39 - 2009-07-13 20:04 - 00000762 _____ C:\Windows\system32\Drivers\etc\hosts_bak_413
2016-10-05 21:07 - 2016-04-15 03:45 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-10-05 20:49 - 2016-07-22 17:51 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-05 03:12 - 2016-01-23 16:38 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2016-10-04 20:52 - 2015-01-08 22:43 - 00000000 ____D C:\Windows\Minidump
2016-10-04 16:16 - 2015-06-02 21:14 - 00000000 ____D C:\ProgramData\Sophos
2016-10-04 14:24 - 2016-05-12 05:15 - 00000000 ____D C:\ProgramData\Panda Security
2016-10-04 13:42 - 2015-05-13 20:43 - 00000000 ____D C:\Users\User\Downloads\SysinternalsSuite
2016-10-04 11:12 - 2016-04-20 21:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-04 11:11 - 2014-11-13 13:49 - 00121602 _____ C:\bdlog.txt
2016-10-04 08:03 - 2015-05-01 20:08 - 00000000 ____D C:\Windows\pss
2016-10-04 04:41 - 2015-05-10 09:30 - 00000000 ____D C:\Program Files\Panda Security
2016-10-04 03:37 - 2016-08-30 07:11 - 00000000 ____D C:\Users\User\AppData\LocalLow\LastPass
2016-10-04 03:36 - 2016-05-12 05:17 - 00000000 ____D C:\Users\User\AppData\Roaming\Panda Security
2016-10-04 03:15 - 2016-07-22 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-10-04 02:54 - 2009-08-13 11:14 - 00472064 _____ ( ) C:\Users\User\Desktop\RootRepeal.exe
2016-10-04 02:53 - 2006-11-01 13:07 - 00334720 _____ (Sysinternals - www.sysinternals.com) C:\Users\User\Desktop\RootkitRevealer.exe
2016-10-03 23:26 - 2016-07-22 20:15 - 00000000 ____D C:\AdwCleaner
2016-10-03 23:01 - 2016-07-22 22:58 - 00001110 ____N C:\Users\User\Desktop\JRT.txt
2016-10-03 22:39 - 2016-07-22 17:55 - 00000963 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-10-03 22:39 - 2016-06-05 20:37 - 00002679 _____ C:\Users\Public\Desktop\Skype.lnk
2016-10-03 22:39 - 2016-05-16 12:41 - 00001861 _____ C:\Users\Public\Desktop\Defraggler.lnk
2016-10-03 22:39 - 2016-04-22 06:34 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-03 22:39 - 2016-04-22 06:34 - 00002011 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-10-03 22:39 - 2016-04-20 21:20 - 00001031 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2016-10-03 22:39 - 2015-06-02 20:05 - 00000935 _____ C:\Users\Public\Desktop\Speccy.lnk
2016-10-03 22:39 - 2015-03-03 17:30 - 00002039 _____ C:\Users\Public\Desktop\Canon MP Navigator EX 5.0.lnk
2016-10-03 22:39 - 2009-07-13 22:42 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-10-03 22:39 - 2009-07-13 22:42 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-10-03 22:38 - 2015-05-25 18:37 - 00001135 _____ C:\Users\User\Desktop\USB Composite Device - Shortcut.lnk
2016-10-03 22:38 - 2015-01-12 15:59 - 00001218 ____N C:\Users\User\Desktop\CCE - Shortcut.lnk
2016-10-03 22:38 - 2009-07-13 22:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-10-03 22:38 - 2009-07-13 22:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-10-03 03:48 - 2015-01-12 18:04 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-02 23:51 - 2015-06-02 14:27 - 00000000 ____D C:\ProgramData\Bitdefender
2016-10-02 22:46 - 2016-06-13 20:32 - 00000000 ____D C:\Program Files\Bitdefender
2016-10-02 22:29 - 2015-06-28 00:00 - 00000000 ____D C:\Users\User\AppData\Roaming\Mozilla
2016-10-02 22:29 - 2014-06-18 18:29 - 00000000 ____D C:\Users\User\AppData\Local\Google
2016-10-02 22:27 - 2014-06-18 18:29 - 00000000 ____D C:\Program Files\Google
2016-10-02 22:21 - 2015-12-12 17:33 - 00005510 _____ C:\Users\User\Documents\startup.txt
2016-10-02 05:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\NDF
2016-10-02 01:34 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\TAPI
2016-10-02 01:34 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system
2016-10-02 01:33 - 2016-07-22 23:00 - 00000000 ____D C:\Windows\EOONotify
2016-10-02 01:33 - 2015-06-04 15:54 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-02 01:33 - 2015-06-04 15:54 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-02 01:33 - 2015-03-29 18:47 - 00000000 ___SD C:\Windows\system32\GWX
2016-10-02 01:33 - 2009-07-13 22:52 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-10-02 01:33 - 2009-07-13 22:52 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-10-02 01:33 - 2009-07-13 22:52 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-10-02 01:33 - 2009-07-13 22:52 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-10-02 01:33 - 2009-07-13 22:52 - 00000000 ____D C:\Program Files\Windows Defender
2016-10-02 01:33 - 2009-07-13 22:52 - 00000000 ____D C:\Program Files\DVD Maker
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 __RSD C:\Windows\Media
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ___RD C:\Users\Public\Libraries
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\sysprep
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\Setup
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\ras
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\oobe
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\Msdtc
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\migwiz
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\manifeststore
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\lv-LV
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\lt-LT
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\icsxml
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\ias
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\et-EE
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\Dism
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\com
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\servicing
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\rescache
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\L2Schemas
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\IME
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Cursors
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Common Files\System
2016-10-02 01:33 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Common Files\Services
2016-10-02 01:26 - 2015-01-29 02:26 - 00000000 ____D C:\Windows\system32\Lang
2016-10-02 01:26 - 2014-11-10 20:02 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-02 01:26 - 2011-04-11 20:16 - 00000000 ____D C:\Windows\system32\winrm
2016-10-02 01:26 - 2011-04-11 20:16 - 00000000 ____D C:\Windows\system32\WCN
2016-10-02 01:26 - 2011-04-11 20:16 - 00000000 ____D C:\Windows\system32\slmgr
2016-10-02 01:26 - 2011-04-11 20:16 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-10-02 01:26 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\spool
2016-10-02 01:26 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\SMI
2016-10-02 01:26 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\MUI
2016-10-02 01:26 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\IME
2016-10-02 01:25 - 2014-11-20 15:45 - 00000000 ____D C:\Windows\system32\CanonIJ Uninstaller Information
2016-10-02 01:25 - 2009-07-13 22:34 - 00000000 ____D C:\Windows\Setup
2016-10-02 01:24 - 2009-07-13 22:52 - 00000000 ____D C:\Windows\Performance
2016-10-02 01:24 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\security
2016-10-02 01:24 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\schemas
2016-10-02 01:24 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Resources
2016-10-02 01:24 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\PLA
2016-10-02 01:23 - 2016-07-23 00:27 - 00000000 ____D C:\ProgramData\Ashampoo
2016-10-02 01:23 - 2016-07-22 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-02 01:23 - 2016-07-22 17:55 - 00000000 ____D C:\Program Files\CCleaner
2016-10-02 01:23 - 2016-07-22 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-02 01:23 - 2016-07-22 17:51 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-10-02 01:23 - 2016-07-14 06:48 - 00000000 ____D C:\Users\User\AppData\Roaming\DivX
2016-10-02 01:23 - 2016-06-14 15:32 - 00000000 ____D C:\Users\User\Desktop\Paystubs for Mathew Kenyon_files
2016-10-02 01:23 - 2016-06-14 10:14 - 00000000 ____D C:\Users\User\Desktop\BankSearch Results_files
2016-10-02 01:23 - 2016-06-05 20:37 - 00000000 ___RD C:\Program Files\Skype
2016-10-02 01:23 - 2016-06-05 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-10-02 01:23 - 2016-06-05 20:37 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-10-02 01:23 - 2016-05-16 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2016-10-02 01:23 - 2016-05-16 12:41 - 00000000 ____D C:\Program Files\Defraggler
2016-10-02 01:23 - 2016-04-19 07:35 - 00000000 ____D C:\Windows\ERUNT
2016-10-02 01:23 - 2016-03-15 11:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-02 01:23 - 2016-03-15 11:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-02 01:23 - 2016-03-06 00:04 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-10-02 01:23 - 2016-03-06 00:02 - 00000000 ____D C:\Program Files\VS Revo Group
2016-10-02 01:23 - 2015-06-10 03:49 - 00000000 ____D C:\Users\User\Desktop\j5UsbDisplayAdapter-v15.01.0128.3179-win
2016-10-02 01:23 - 2015-06-10 03:49 - 00000000 ____D C:\Program Files\MCT Corp
2016-10-02 01:23 - 2015-06-02 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-10-02 01:23 - 2015-06-02 20:04 - 00000000 ____D C:\Program Files\Speccy
2016-10-02 01:23 - 2015-05-25 19:16 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2016-10-02 01:23 - 2015-05-25 19:15 - 00000000 ____D C:\ProgramData\Skype
2016-10-02 01:23 - 2015-05-25 18:33 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-10-02 01:23 - 2015-05-20 14:48 - 00000000 ____D C:\Program Files\Common Files\DesktopUtil
2016-10-02 01:23 - 2015-05-02 07:50 - 00000000 ____D C:\Users\User\Downloads\Autoruns
2016-10-02 01:23 - 2015-04-25 19:32 - 00000000 ____D C:\Windows\ERDNT
2016-10-02 01:23 - 2015-04-21 05:31 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-10-02 01:23 - 2015-04-21 05:31 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-10-02 01:23 - 2015-03-03 17:34 - 00000000 ____D C:\ProgramData\CanonIJScan
2016-10-02 01:23 - 2015-03-03 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-10-02 01:23 - 2015-03-03 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2100 series
2016-10-02 01:23 - 2015-03-03 17:09 - 00000000 ___RD C:\Users\User\Documents\Scanned Documents
2016-10-02 01:23 - 2015-02-28 17:04 - 00000000 ____D C:\Users\User\Downloads\font_in_a_red_suit
2016-10-02 01:23 - 2015-02-24 21:40 - 00000000 ____D C:\Users\User\Downloads\redsuitfont
2016-10-02 01:23 - 2015-02-13 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
2016-10-02 01:23 - 2015-01-29 02:24 - 00000000 ____D C:\Users\User\AppData\Local\Intel
2016-10-02 01:23 - 2015-01-28 20:36 - 00000000 ____D C:\Program Files\Common Files\MCTWDDM
2016-10-02 01:23 - 2015-01-12 17:22 - 00000000 ____D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2016-10-02 01:23 - 2015-01-12 17:22 - 00000000 ____D C:\ProgramData\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA}
2016-10-02 01:23 - 2015-01-12 15:55 - 00000000 ____D C:\Users\User\Desktop\Data
2016-10-02 01:23 - 2014-12-27 23:13 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2016-10-02 01:23 - 2014-11-28 14:00 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-10-02 01:23 - 2014-11-19 07:04 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2016-10-02 01:23 - 2014-11-09 16:21 - 00000000 ____D C:\Users\User\AppData\LocalLow\IObit
2016-10-02 01:23 - 2014-06-18 18:28 - 00000000 ____D C:\Users\User\AppData\Local\Apps\2.0
2016-10-02 01:23 - 2014-06-18 18:18 - 00000000 ____D C:\Program Files\AuthenTec
2016-10-02 01:23 - 2014-06-18 18:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-10-02 01:23 - 2014-03-28 02:50 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2016-10-02 01:23 - 2009-07-13 22:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-10-02 01:23 - 2009-07-13 22:52 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-10-02 01:23 - 2009-07-13 22:52 - 00000000 ____D C:\Program Files\MSBuild
2016-10-02 01:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Help
2016-10-02 01:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Globalization
2016-10-02 01:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Branding
2016-10-02 01:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\AppCompat
2016-10-02 01:23 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Windows NT
2016-10-02 01:23 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-10-02 01:23 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-10-02 01:22 - 2016-07-23 02:50 - 00000000 ____D C:\Users\Public\Documents\Ashampoo
2016-10-02 01:22 - 2015-02-13 17:18 - 00000000 ____D C:\Program Files\AbiWord
2016-10-02 01:22 - 2015-01-12 21:16 - 00000000 ____D C:\EEK
2016-10-02 01:22 - 2014-03-28 08:37 - 00000000 ____D C:\Fuzion
2016-10-02 01:18 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\registration
2016-10-02 00:56 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Web
2016-10-02 00:56 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Vss
2016-10-02 00:42 - 2009-07-13 22:34 - 00000000 ____D C:\Windows\ServiceProfiles
2016-10-02 00:36 - 2015-03-28 16:22 - 00000000 ____D C:\Users\User\AppData\LocalLow\Sun
2016-10-02 00:36 - 2015-03-03 17:09 - 00000000 ____D C:\Users\User\Documents\Fax
2016-10-02 00:36 - 2015-01-29 02:26 - 00000000 ____D C:\Users\User\Downloads\Intel Components
2016-10-02 00:36 - 2015-01-12 04:32 - 00000000 ____D C:\Users\User\Downloads\cce_2.5.242177.201_x32
2016-10-02 00:36 - 2014-11-20 17:12 - 00000000 ____D C:\Users\User\AppData\Roaming\Canon
2016-10-02 00:36 - 2014-11-17 13:51 - 00000000 ____D C:\Users\User\AppData\Roaming\OpenOffice
2016-10-02 00:36 - 2014-03-28 04:43 - 00000000 ____D C:\Users\User\AppData\Roaming\Adobe
2016-10-02 00:35 - 2016-07-14 06:48 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-02 00:35 - 2015-05-19 10:02 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-10-02 00:34 - 2016-04-20 21:20 - 00000000 ____D C:\Program Files\Secunia
2016-10-02 00:34 - 2016-04-18 16:17 - 00000000 ____D C:\Program Files\Sophos
2016-10-02 00:34 - 2015-01-12 21:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-02 00:34 - 2014-11-28 13:59 - 00000000 ____D C:\ProgramData\Adobe
2016-10-02 00:34 - 2014-11-20 15:45 - 00000000 ____D C:\ProgramData\CanonBJ
2016-10-02 00:33 - 2016-07-23 17:03 - 00000000 ____D C:\Program Files\ESET
2016-10-02 00:33 - 2015-06-10 03:51 - 00000000 ____D C:\Program Files\InstallShield Installation Information
2016-10-02 00:32 - 2015-06-23 20:59 - 00000000 ____D C:\Program Files\Common Files\AV
2016-10-02 00:32 - 2015-03-03 17:30 - 00000000 ____D C:\Program Files\Canon
2016-10-02 00:32 - 2014-11-20 15:44 - 00000000 ____D C:\Program Files\CanonBJ
2016-10-02 00:31 - 2015-06-18 06:53 - 00000000 ____D C:\Program Files\Adobe
2016-10-02 00:31 - 2014-03-28 02:50 - 00000000 ____D C:\Dell
2016-10-01 21:06 - 2016-07-23 00:27 - 00000000 ____D C:\Program Files\Ashampoo
2016-10-01 20:08 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\inetsrv
2016-10-01 04:14 - 2015-05-02 08:01 - 00007617 _____ C:\Users\User\AppData\Local\Resmon.ResmonCfg
2016-09-28 21:40 - 2014-12-09 10:10 - 00000000 ____D C:\Users\User\AppData\Temp
2016-09-26 19:48 - 2016-04-12 11:28 - 16563352 _____ (Malwarebytes Corp.) C:\Users\User\Desktop\mbar-1.09.3.1001.exe
2016-09-14 09:59 - 2015-11-15 17:22 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-09-14 05:40 - 2014-03-28 03:35 - 00000000 ____D C:\Windows\system32\MRT
2016-09-14 05:12 - 2014-03-28 03:35 - 141747376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-14 02:02 - 2014-11-10 20:02 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-09-14 02:02 - 2014-11-10 20:02 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-10-03 02:00 - 2016-10-03 02:00 - 0000062 _____ () C:\Users\User\AppData\Roaming\settings.ini
2015-05-02 08:01 - 2016-10-01 04:14 - 0007617 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2016-10-11 23:37 - 2016-10-11 23:37 - 0037506 _____ () C:\ProgramData\dm.1476250579.bdinstall.bin

Files to move or delete:
====================
C:\Users\User\cbSetup.exe
C:\Users\User\AppData\Roaming\settings.ini


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-25 08:28

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-10-2016
Ran by User (12-10-2016 00:29:18)
Running from C:\Users\User\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2014-03-28 08:46:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2344209301-3139434391-2345241000-500 - Administrator - Disabled)
Guest (S-1-5-21-2344209301-3139434391-2345241000-501 - Limited - Disabled)
standard user (S-1-5-21-2344209301-3139434391-2345241000-1003 - Limited - Enabled) => C:\Users\standard user
User (S-1-5-21-2344209301-3139434391-2345241000-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbiWord 2.8.6 (HKLM\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.26.1436 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 21.0.18.898 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.29.1517 - Bitdefender)
Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version:  - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
Cobian Backup 11 Gravity (HKLM\...\CobBackup11) (Version:  - )
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
GlassWire 1.2 (remove only) (HKLM\...\GlassWire 1.2) (Version: 1.2.74 - SecureMix LLC)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Secunia PSI (3.0.0.11005) (HKLM\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
Skype™ 7.24 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Trigger External Graphics Family 16.02.0315.0179 (HKLM\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 16.02.0315.0179 - MCT Corp)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.11 - Tweaking.com)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\psuser.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CA5EC5F-29FC-4101-9386-A156A5DCAADA} - System32\Tasks\SUPERAntiSpyware Scheduled Task fef3d805-d789-4929-8e08-8f835738f512 => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: {0E3FD3FE-550E-4991-A6E5-6BB0EC75409C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {3FAE4273-281D-47BF-BC00-ED403C378B72} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe [2016-09-14] (Adobe Systems Incorporated)
Task: {4400AB99-CB47-4E77-BD5B-98D5A8F9420E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {49321D68-9BE6-470A-9021-5868EE79AB97} - System32\Tasks\SUPERAntiSpyware Scheduled Task a2611324-8fca-4a8f-bb67-2ab434ba8990 => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: {4A096D1C-F332-43A0-A57E-405125C9DACF} - System32\Tasks\{F843FC7B-0BCB-4254-A382-147CC4618ACC} => pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller Pro"
Task: {571670D8-0C4A-4984-9970-C1A8B50EE0BC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2344209301-3139434391-2345241000-1000UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-08] (Google Inc.)
Task: {600F9229-1365-411C-A24F-3038E04B9676} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2344209301-3139434391-2345241000-1000Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-08] (Google Inc.)
Task: {647EE417-8B4D-459D-8229-1B31F931AE68} - System32\Tasks\{9D03A05E-DB12-466E-9E23-9EBBC4FC4D26} => pcalua.exe -a C:\Users\User\AppData\Local\Apps\2.0\NJEK84DY.T4B\N5VBKN2E.CO7\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\Uninstaller.exe -c uninstall
Task: {954822F4-2B48-4C8F-A918-758CB6D96665} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe
Task: {AD9CA8B1-BD0E-4580-9112-AAFB256E9EB6} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {BE6A8899-EB89-4BD3-9687-70FB62FBAEC1} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-09-13] (Bitdefender)
Task: {F2CAF671-A260-461A-B5EF-CFFB07B1D063} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-14] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2344209301-3139434391-2345241000-1000Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2344209301-3139434391-2345241000-1000UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a2611324-8fca-4a8f-bb67-2ab434ba8990.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task fef3d805-d789-4929-8e08-8f835738f512.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-10-02 22:48 - 2013-09-03 14:29 - 00095088 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-10-02 22:48 - 2016-05-30 17:16 - 00857744 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpbr.mdl
2016-10-02 22:48 - 2016-05-30 17:16 - 00466056 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpdsp.mdl
2016-10-02 22:48 - 2016-05-30 17:16 - 02488496 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpph.mdl
2016-10-02 22:48 - 2016-05-30 17:16 - 01301416 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttprbl.mdl
2015-06-10 03:51 - 2012-08-28 14:20 - 00226904 _____ () C:\Windows\system32\GManager.exe
2015-06-10 03:51 - 2011-05-03 18:13 - 00199296 _____ () C:\Program Files\Common Files\DesktopUtil\MCTDesktopSvr.exe
2015-01-28 20:36 - 2014-08-22 18:10 - 01648944 _____ () C:\Windows\system32\MlPatch.exe
2014-06-18 18:16 - 2013-09-05 01:38 - 00455968 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\User\cbSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\adw.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\AdwCleaner.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\adwcleaner_6.020.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\aswMBRantiroot.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\cbSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\ccsetup515.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\ccsetup516.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\ccsetup520.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\ChromeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\dfsetup221.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\DivXInstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\esetsmartinstaller_enu.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\FixExecfilefixer.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\flashplayer17pp_ha_install.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\flashplayer21_ha_install.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\flashplayer21_xa_install.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\FREEAVpanda.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\FRST.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\FSS.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\GlassWireSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\iExplore.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\iexplorer.exe.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\JRT.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\mbam-setup-2.2.1.1043.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\mbar-1.09.3.1001.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\MiniToolBox.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\MyDefrag-v4.3.1.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\NetAdapterRepair1.2.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\ninja-setup-3.1.5.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\PSISetup.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\rkill.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\SecurityCheck.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\setup_wipe.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\Sophos Virus Removal Tool.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\SUPERAntiSpyware.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\supporttool_2015.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\USBVaccineSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Desktop\Windows-KB890830-V5.24.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\advanced-systemcare-setup.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\bitdefender_antitheft.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\bitdefender_tsecurity2016.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\ccsetup512pro.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\ccsetup517pro.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\ChromeSetup(1).exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\ChromeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\CPM_SETUP_1.3.2.30_xp_vista_server2003_win7 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\CPM_SETUP_1.3.2.30_xp_vista_server2003_win7 (2).exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\CPM_SETUP_1.3.2.30_xp_vista_server2003_win7.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\eppx-win-4_5_0-en.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\ewpx-win-1_5_0-ea23.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\Firefox Setup Stub 38.0.5.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\Firefox Setup Stub 49.0.1.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\flashplayer17ax_ra_install.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\flashplayer18_ha_install (1).exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\flashplayer19ax_ha_install.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\flashplayer19ax_ra_install.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\flashplayer19pp_ha_install.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\flashplayer19pp_ra_install (1).exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\flashplayer19pp_ra_install.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\flashplayer20ax_ra_install.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\flashplayer21ax_ra_install (1).exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\flashplayer21ax_ra_install.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\flashplayer21_xa_install.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\flashplayer_17_ax_debug.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\flashplayer_17_plugin_debug (1).exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\flashplayer_17_plugin_debug.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\GoogleEarthProWin.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\GoogleEarthSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\GoogleVoiceAndVideoSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\infinst_autol.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\Intel Driver Update Utility Installer (1).exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\Intel Driver Update Utility Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\jre-8u40-windows-i586-iftw.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\mbam-setup-2.1.6.1022 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\mbam-setup-2.1.6.1022.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\mbam-setup-2.2.0.1024.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\mbam-setup-2.2.1.1043.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\mbam-setup.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\mp68-win-mg2100-1_01-ejs.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\mpnx_5_0-win-5_0_2-ea23_2.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\pc_client.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\qm__-win-2_4_1-ea31_2.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\revosetup.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\Silverlight.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\SkypeSetup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\SkypeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\slmx-win-1_4_1-ea23_2.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\SUPERAntiSpyware.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\SymHelp.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\USBVaccineSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\vlc-2.1.5-win32.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\win7_1512754.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\78011122.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\78011122.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE trusted site: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\...\1-se.com -> 1-se.com

There are 11402 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:04 - 2016-10-11 23:34 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2344209301-3139434391-2345241000-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Heimdal.lnk => C:\Windows\pss\Heimdal.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: FDispPos => C:\Program Files\Common Files\DesktopUtil\Util-Desktop.exe Launch FixPos
MSCONFIG\startupreg: HeimdalAgentLoader => "C:\Program Files\Heimdal\Heimdal.AgentLoader.exe" /nogui
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\system32\StikyNot.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E5BC4024-4CCD-4A3C-8190-E222ACD12F55}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{4AD5717A-CD9D-4138-9137-B7BF8D5598A6}C:\users\user\appdata\local\temp\rarsfx0\x32\pcsftool.exe] => (Block) C:\users\user\appdata\local\temp\rarsfx0\x32\pcsftool.exe
FirewallRules: [UDP Query User{4FD1757A-75FE-4F37-9EDC-0594E798A1A8}C:\users\user\appdata\local\temp\rarsfx0\x32\pcsftool.exe] => (Block) C:\users\user\appdata\local\temp\rarsfx0\x32\pcsftool.exe
FirewallRules: [{28E8BAF8-4213-4595-BEB6-30C661CD34A5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F879036B-1051-4991-98BB-3F0D761E5E91}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2E9C398F-071C-4DA3-9413-B2B335C7B25E}] => (Allow) C:\Program Files\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{B1310234-34A6-478F-A86D-B5591ABA090D}] => (Allow) C:\Program Files\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{13F76F40-6123-4BA2-8272-C95756949660}] => (Allow) C:\Program Files\Bitdefender\Bitdefender 2016\seccenter.exe
FirewallRules: [{5588EFC6-65BD-4027-BCDC-1DEA51037326}] => (Allow) C:\Program Files\Bitdefender\Bitdefender 2016\seccenter.exe
FirewallRules: [{E7BE4F10-2FC0-4DE0-B0AC-6FB394EE121F}] => (Allow) C:\Program Files\Bitdefender\Bitdefender 2016\seccenter.exe
FirewallRules: [{EE960119-F7B9-45B4-8EE4-0E740A63C987}] => (Allow) C:\Program Files\Bitdefender\Bitdefender 2016\seccenter.exe
FirewallRules: [{576D82D4-492F-4ABB-B925-1A4BA142F246}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{5D509DB4-2946-4ACD-A352-4FEC4370051B}] => (Allow) C:\Users\User\Desktop\GlassWire\GWCtlSrv.exe
FirewallRules: [{E88484A1-B98B-4797-A977-FD9C3EBB0ED9}] => (Allow) C:\Users\User\Desktop\GlassWire\GWCtlSrv.exe
FirewallRules: [{C93D2A14-522A-40F7-87AC-1649E754F8E8}] => (Block) c:\program files\heimdal\service\heimdalagentservice.exe
FirewallRules: [{EF515705-FA0C-4C99-BD8B-B1F25E1A1A6A}] => (Block) c:\program files\heimdal\service\heimdalagentservice.exe
FirewallRules: [{E2B0D6E6-A027-4270-A754-C09D5631583F}] => (Block) c:\programdata\heimdal security\patching\downloads\heimdal.setuplauncher.exe
FirewallRules: [{B459B1E2-A5F2-4505-A27D-3034CD63F98A}] => (Block) c:\programdata\heimdal security\patching\downloads\heimdal.setuplauncher.exe
FirewallRules: [{F410ED09-0976-4801-B1C7-DFDF2E5C9F66}] => (Block) c:\programdata\heimdal security\heimdal agent\heimdal.wizard.exe
FirewallRules: [{1D3AD133-8212-4A05-A2BB-E7F973C2A064}] => (Block) c:\programdata\heimdal security\heimdal agent\heimdal.wizard.exe
FirewallRules: [{56F165E6-5AE2-4978-929A-E86AD9B07CBD}] => (Block) c:\program files\heimdal\heimdal.clienthost.exe
FirewallRules: [{D077AEB9-AFFA-410E-BC8B-2FC63FB72319}] => (Block) c:\program files\heimdal\heimdal.clienthost.exe
FirewallRules: [{12EF53FE-66FD-4D6B-9E54-704A5D8F81BD}] => (Block) c:\program files\secunia\psi\psia.exe
FirewallRules: [{92F0840E-8130-40E9-907E-EDB5CD1D5709}] => (Block) c:\program files\secunia\psi\psia.exe
FirewallRules: [{72F609D5-ADE5-40D5-BEE3-AB76D5BE8EF1}] => (Block) c:\windows\system32\gwx\gwxdetector.exe
FirewallRules: [{6F256EF9-ED09-439B-A763-EED234D09FF5}] => (Block) c:\windows\system32\gwx\gwxdetector.exe
FirewallRules: [{04579331-D6A8-4CEC-9AFD-9403B598019B}] => (Block) c:\windows\system32\gwx\gwxconfigmanager.exe
FirewallRules: [{5874E51F-656F-4ABE-AB73-762A3873EAEC}] => (Block) c:\windows\system32\gwx\gwxconfigmanager.exe

==================== Restore Points =========================

02-10-2016 11:15:11 Windows Update
02-10-2016 12:18:33 JRT Pre-Junkware Removal
02-10-2016 22:29:01 Removed Google Talk Plugin
02-10-2016 23:02:26 JRT Pre-Junkware Removal
02-10-2016 23:10:36 JRT Pre-Junkware Removal
03-10-2016 04:54:28 new
04-10-2016 03:44:12 Checkpoint by HitmanPro
04-10-2016 03:49:11 Checkpoint by HitmanPro
04-10-2016 04:09:17 Checkpoint by HitmanPro
04-10-2016 04:09:53 Checkpoint by HitmanPro
04-10-2016 04:11:44 Checkpoint by HitmanPro
04-10-2016 04:12:00 Checkpoint by HitmanPro
04-10-2016 04:13:17 Checkpoint by HitmanPro
04-10-2016 04:17:40 Checkpoint by HitmanPro
04-10-2016 04:19:56 Checkpoint by HitmanPro
04-10-2016 04:25:13 Checkpoint by HitmanPro
04-10-2016 04:26:30 Checkpoint by HitmanPro
04-10-2016 04:27:24 Checkpoint by HitmanPro
04-10-2016 04:27:50 Checkpoint by HitmanPro

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/11/2016 10:31:36 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (10/11/2016 10:31:32 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/11/2016 10:31:32 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/11/2016 10:31:32 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/11/2016 10:31:32 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/11/2016 10:31:32 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (10/11/2016 10:31:29 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/11/2016 10:31:28 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)

Error: (10/11/2016 10:31:28 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/11/2016 10:31:28 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))


System errors:
=============
Error: (10/11/2016 10:33:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:31:21 PM on ‎10/‎11/‎2016 was unexpected.

Error: (10/11/2016 10:31:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/11/2016 10:31:33 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (10/11/2016 10:28:48 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.

Error: (10/11/2016 10:28:46 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.

Error: (10/11/2016 10:22:26 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/11/2016 10:22:26 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/11/2016 10:22:24 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/11/2016 10:22:19 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/11/2016 10:10:20 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7300 @ 2.00GHz
Percentage of memory in use: 63%
Total physical RAM: 3573.97 MB
Available physical RAM: 1320.77 MB
Total Virtual: 6717.29 MB
Available Virtual: 4312.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:107.09 GB) NTFS
Drive z: () (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: B6A5C162)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by raymj49, 12 October 2016 - 01:41 AM.


#6 polskamachina

polskamachina

  • Malware Response Team
  • 3,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 12 October 2016 - 05:10 PM

Hi raymj49 :)

 

My name is polskamachina and I would like to welcome you the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.
 
polskamachina



#7 polskamachina

polskamachina

  • Malware Response Team
  • 3,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 14 October 2016 - 10:37 PM

Hi raymj49 :)

 

I'm still working on your fix. Thanks for being patient while I research your issues. :busy:

 

polskamachina



#8 polskamachina

polskamachina

  • Malware Response Team
  • 3,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 15 October 2016 - 05:42 PM

Hi raymj49 :)
 
I have a question for you before we being with the fixing. Are you familiar with the file listed below that is located on your desktop?
 
(bartblaze) C:\Users\User\Desktop\wordwrm.exe,
 
If so, do you know what its purpose is?
 
Next:
 
Let's begin with the fixing:
  • Please copy and paste the following text in its entirety into Notepad:
CloseProcesses:
CreateRestorePoint:
BootExecute: autocheck autochk * PCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bitPCloudBroom.exe \systemroot\system32\BroomData.bit
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-2344209301-3139434391-2345241000-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\53.0.2785.116\PepperFlash\pepflashplayer.dll => No File
CustomCLSID: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-2344209301-3139434391-2345241000-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll => No File
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE (No File)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
S3 TAZZEF; C:\Users\User\AppData\Local\Temp\TAZZEF.exe [X]
S3 TMPXBQEMCDCBZ; C:\Users\User\AppData\Local\Temp\TMPXBQEMCDCBZ.exe [X]
S3 UOOBJ; C:\Users\User\AppData\Local\Temp\UOOBJ.exe [X]
S4 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
S4 cpuz137; \??\C:\Users\User\AppData\Local\Temp\cpuz137\cpuz137_x32.sys [X]
S3 rootrepeal; \??\C:\Windows\system32\drivers\rootrepeal.sys [X]
U3 aswMBR; \??\C:\Users\User\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\User\AppData\Local\Temp\aswVmm.sys [X]
C:\Users\User\AppData\LocalLow\wbk9D8A.tmp
C:\Windows\system32\PNWCAIQZRVB
Folder: C:\Fuzion
  • Save the file to your Desktop as fixlist.txt
  • Note the fix will not work unless FRST.exe and fixlist.txt are in the same location (your Desktop)
  • Run FRST again
  • When the window opens, click on the Fix button
  • The fix should only take a few moments
  • If the computer needs to restart, let it restart
  • When the fix has completed, a file will be created, Fixlog.txt, a copy of which will be saved to your Desktop
  • Copy and paste Fixlog into your next reply to me
Next:
 
I would like to evaluate the file, C:\Windows\system32\csrsrv.dll, flagged by aswMBR.
  • Run FRST again
  • In the search box type, csrsrv.dll
  • Click on Search Files
  • When the search has completed, a log will appear on your desktop named, Search.txt
  • Copy and paste the Search log into your next reply to me
In summary I will need from you:
  • What you know about the file, wordwrm.exe
  • Fixlog
  • Search log
  • How is your computer performing now?
Let me know if you have any questions.
 
polskamachina

Edited by Oh My!, 16 October 2016 - 06:46 PM.


#9 polskamachina

polskamachina

  • Malware Response Team
  • 3,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 18 October 2016 - 11:05 PM

Hi raymj49 :)

 

It's been a while since you've checked in. Did you need any more help with this? If not, this topic will be closed in 48 hours.
 
Please let me know if you have any questions.

 

polskamachina



#10 raymj49

raymj49
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:36 PM

Posted 21 October 2016 - 01:27 AM

No I have no idea, I now have. A new Computer and I think the infection followed me lots of users anonymous and otherwise I did not create... Want a fss log and a first log? Can run some rootkit pro G's if you want sorry for the delay I thought my new.compiter was good
Programs * not pro gs

#11 polskamachina

polskamachina

  • Malware Response Team
  • 3,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 21 October 2016 - 03:59 PM

Hi raymj49 :)
 
If you would like to continue fixing your original computer, then see this post and follow the directions there.
 
If you would like to check the status of your new computer, I would suggest posting a new topic in this Forum.
 
polskamachina

Edited by Oh My!, 31 October 2016 - 02:57 PM.


#12 polskamachina

polskamachina

  • Malware Response Team
  • 3,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 24 October 2016 - 04:21 PM

Hi raymj49 :)
 
It's been a while since you've checked in. Did you need any more help with this? If not, this topic will be closed in 48 hours.
 
Please let me know if you have any questions.
 
polskamachina



#13 raymj49

raymj49
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:36 PM

Posted 26 October 2016 - 12:00 AM

sorry spent sometime in the hosp for kidney failure and a concussion, i guess i will post in the new section, there is only the blue screen of death on the old one. should i be concerned, can that same infection have corrupted a new computer through knowing my networking information, or is it not something that's possible? thanks, will make a new post either way i was jsut curious if u knew



#14 polskamachina

polskamachina

  • Malware Response Team
  • 3,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 26 October 2016 - 04:09 PM

HI raymj49 :)
 
Sorry to hear about your health issues. I hope you make a speedy recovery.
 
In my opinion, it's not likely that your old computer could infect your new computer unless you did more than a little file copying from one to the other. Also, a blue screen of death is not necessarily caused by malware. It can be caused by hardware or system corruption issues and there are ways to troubleshoot that. If you're interested in pursuing that option, please let me know.
 
polskamachina



#15 raymj49

raymj49
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:36 PM

Posted 30 October 2016 - 07:01 PM

Thank you, so here's the thing, Boopme asked me to continue in this topic, can we start over from the beginning (step 6) of removal guide?  The new computer seems .. okay, but there are somehow still new users being created and i can't seem to figure out why






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users