Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

loadstart.net browser was redirecting and now every program takes time to load


  • Please log in to reply
8 replies to this topic

#1 super goku

super goku

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 06 October 2016 - 05:30 PM

 
When I first start any web-browser. I am usually redirected to a page called loadstart.net and sometimes I get re-directed to random web sites that inform me of a security breach on my computer. However, currently, it has stopped redirecting me but has made every time i run an application take a really long time to load (as if something is being loaded in the background).
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2016
Ran by SMART Team (administrator) on SMARTTEAM-PC (06-10-2016 18:20:40)
Running from C:\Users\SMART Team\Desktop
Loaded Profiles: SMART Team (Available Profiles: SMART Team & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Microsoft) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUI.exe
(Google Inc.) C:\Users\SMART Team\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\SMART Team\AppData\Local\Google\Chrome\Application\chrome.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Google Inc.) C:\Users\SMART Team\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\SMART Team\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google Inc.) C:\Users\SMART Team\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9955872 2010-01-12] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [563744 2010-03-25] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-03-17] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6718224 2016-08-26] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1026851276-3128757221-3139530111-1000\...\Run: [Google Update] => C:\Users\SMART Team\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2016-01-23] (Google Inc.)
HKU\S-1-5-21-1026851276-3128757221-3139530111-1000\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\SMART Team\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid a07baa908f7e47d3b061d16f6bd4d383-e01e8d8218abddd8caaaed76a45b785a09ed6828 --CMPID 0913b
HKU\S-1-5-21-1026851276-3128757221-3139530111-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-12-18]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Canada ULC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-12-18]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Canada ULC.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 activation.acronis.com 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9DB365FB-A6DB-4A98-BBDC-4DB6BD131DEA}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1026851276-3128757221-3139530111-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
HKU\S-1-5-21-1026851276-3128757221-3139530111-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_x1400&r=173612115307p0438v145w45m1v201
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-1026851276-3128757221-3139530111-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enCA463CA463
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-05] (Google Inc.)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-05] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-05] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-05] (Google Inc.)
Toolbar: HKU\S-1-5-21-1026851276-3128757221-3139530111-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-05] (Google Inc.)
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} -  No File
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} -  No File
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} -  No File
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2014-12-10] (Intuit, Inc.)
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2015-12-23] (Intuit, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
 
FireFox:
========
FF HKU\S-1-5-21-1026851276-3128757221-3139530111-1000\...\Firefox\Extensions: [dict@www.youdao.com] - C:\Users\SMART Team\AppData\Local\Youdao\Dict\Application\stable\extensions\firefox => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [No File]
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll [No File]
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [No File]
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-1026851276-3128757221-3139530111-1000: @tools.google.com/Google Update;version=3 -> C:\Users\SMART Team\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-1026851276-3128757221-3139530111-1000: @tools.google.com/Google Update;version=9 -> C:\Users\SMART Team\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-10] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR Plugin: (Native Client) - C:\Users\SMART Team\AppData\Local\Google\Chrome\Application\53.0.2785.143\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\SMART Team\AppData\Local\Google\Chrome\Application\53.0.2785.143\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\SMART Team\AppData\Local\Google\Chrome\Application\53.0.2785.143\gcswf32.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\SMART Team\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\SMART Team\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll => No File
CHR Profile: C:\Users\SMART Team\AppData\Local\Google\Chrome\User Data\Default [2016-10-06]
CHR Extension: (YouTube) - C:\Users\SMART Team\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-03]
CHR Extension: (Google Search) - C:\Users\SMART Team\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-06-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SMART Team\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-03]
CHR Extension: (Gmail) - C:\Users\SMART Team\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-01]
CHR Extension: (Chrome Media Router) - C:\Users\SMART Team\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-02]
CHR HKLM-x32\...\Chrome\Extension: [aohddidmgooofkgohkbkaohadkolgejj] - C:\Users\SMART Team\AppData\Local\Youdao\Dict\Application\stable\YDChromeTextExtractor.crx <not found>
StartMenuInternet: Google Chrome - C:\Users\SMART Team\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [674552 2016-08-26] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5285344 2016-08-26] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1149712 2016-09-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [760024 2016-08-26] (AVG Technologies CZ, s.r.o.)
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-02-06] (Macrovision Europe Ltd.) [File not signed]
S4 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-12-23] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [310016 2016-08-23] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272640 2016-07-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [262400 2016-08-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-28] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-06] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-06 18:20 - 2016-10-06 18:20 - 00019732 _____ C:\Users\SMART Team\Desktop\FRST.txt
2016-10-06 18:11 - 2016-10-06 18:18 - 00000000 ____D C:\FRST
2016-10-06 18:09 - 2016-10-06 18:09 - 02405376 _____ (Farbar) C:\Users\SMART Team\Desktop\FRST64.exe
2016-10-05 22:13 - 2016-10-05 22:13 - 00000000 ____D C:\Users\SMART Team\AppData\Local\ESET
2016-10-05 21:39 - 2016-10-05 21:39 - 00003347 _____ C:\Users\SMART Team\Desktop\JRT.txt
2016-10-05 21:18 - 2016-10-05 21:23 - 00000000 ____D C:\AdwCleaner
2016-10-05 21:18 - 2016-10-05 21:18 - 01631928 _____ (Malwarebytes) C:\Users\SMART Team\Desktop\JRT.exe
2016-10-05 21:17 - 2016-10-05 21:17 - 03861056 _____ C:\Users\SMART Team\Downloads\AdwCleaner.exe
2016-10-05 20:36 - 2016-10-06 18:06 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-05 20:36 - 2016-10-05 20:36 - 00001070 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-05 20:36 - 2016-10-05 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-05 20:36 - 2016-10-05 20:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-05 20:36 - 2016-10-05 20:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-05 20:36 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-05 20:36 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-05 20:36 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-05 20:34 - 2016-10-06 18:04 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-05 20:34 - 2016-10-05 22:44 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-05 20:34 - 2016-10-05 20:39 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-10-05 20:34 - 2016-10-05 20:39 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-10-05 20:34 - 2016-10-05 20:34 - 22851472 _____ (Malwarebytes ) C:\Users\SMART Team\Downloads\mbam-setup-2.2.1.1043.exe
2016-10-05 20:34 - 2016-10-05 20:34 - 00002808 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-10-05 20:34 - 2016-10-05 20:34 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-10-05 20:34 - 2016-10-05 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-05 20:34 - 2016-10-05 20:34 - 00000000 ____D C:\Program Files\CCleaner
2016-10-03 00:00 - 2016-10-06 18:18 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-10-02 21:34 - 2016-09-02 11:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-02 21:34 - 2016-09-02 11:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-02 21:34 - 2016-09-02 11:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-02 21:34 - 2016-09-02 11:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-02 21:34 - 2016-09-02 11:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-02 21:34 - 2016-09-02 11:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-02 21:34 - 2016-09-02 11:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-02 21:34 - 2016-09-02 11:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-02 21:34 - 2016-09-02 11:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-02 21:34 - 2016-09-02 11:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-02 21:34 - 2016-09-02 11:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-02 21:34 - 2016-09-02 11:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-02 21:34 - 2016-09-02 11:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-02 21:34 - 2016-09-02 11:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-02 21:34 - 2016-09-02 11:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-02 21:34 - 2016-09-02 11:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-02 21:34 - 2016-09-02 11:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-02 21:34 - 2016-09-02 11:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-02 21:34 - 2016-09-02 11:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-02 21:34 - 2016-09-02 11:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-02 21:34 - 2016-09-02 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-02 21:34 - 2016-09-02 11:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-02 21:34 - 2016-09-02 11:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-02 21:34 - 2016-09-02 11:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-02 21:34 - 2016-09-02 11:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-02 21:34 - 2016-09-02 11:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-02 21:34 - 2016-09-02 11:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-02 21:34 - 2016-09-02 11:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-02 21:34 - 2016-09-02 10:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-02 21:34 - 2016-09-02 10:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-02 21:34 - 2016-09-02 10:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-02 21:34 - 2016-09-01 15:26 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-02 21:34 - 2016-09-01 14:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-02 21:34 - 2016-08-31 23:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-02 21:34 - 2016-08-31 23:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-02 21:34 - 2016-08-31 22:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-02 21:34 - 2016-08-31 22:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-02 21:34 - 2016-08-31 22:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-02 21:34 - 2016-08-31 22:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-02 21:34 - 2016-08-31 22:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-02 21:34 - 2016-08-31 22:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-02 21:34 - 2016-08-31 22:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-02 21:34 - 2016-08-31 22:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-02 21:34 - 2016-08-31 22:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-02 21:34 - 2016-08-31 22:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-02 21:34 - 2016-08-31 22:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-02 21:34 - 2016-08-31 22:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-02 21:34 - 2016-08-31 22:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-02 21:34 - 2016-08-31 21:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-02 21:34 - 2016-08-31 21:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-02 21:34 - 2016-08-31 21:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-02 21:34 - 2016-08-31 21:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-02 21:34 - 2016-08-31 21:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-02 21:34 - 2016-08-31 21:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-02 21:34 - 2016-08-31 21:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-02 21:34 - 2016-08-31 21:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-02 21:34 - 2016-08-31 21:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-02 21:34 - 2016-08-31 21:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-02 21:34 - 2016-08-31 21:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-02 21:34 - 2016-08-31 21:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-02 21:34 - 2016-08-31 20:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-02 21:34 - 2016-08-31 20:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-02 21:34 - 2016-08-31 20:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-02 21:34 - 2016-08-31 20:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-02 21:34 - 2016-08-31 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-02 21:34 - 2016-08-31 20:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-02 21:34 - 2016-08-31 20:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-02 21:34 - 2016-08-31 20:24 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-02 21:34 - 2016-08-31 20:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-02 21:34 - 2016-08-31 20:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-02 21:34 - 2016-08-31 20:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-02 21:34 - 2016-08-31 20:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-02 21:34 - 2016-08-31 20:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-02 21:34 - 2016-08-31 20:15 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-02 21:34 - 2016-08-31 20:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-02 21:34 - 2016-08-31 20:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-02 21:34 - 2016-08-31 20:11 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-02 21:34 - 2016-08-31 20:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-02 21:34 - 2016-08-31 20:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-02 21:34 - 2016-08-31 20:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-02 21:34 - 2016-08-31 20:03 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-02 21:34 - 2016-08-31 19:59 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-02 21:34 - 2016-08-31 19:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-02 21:34 - 2016-08-31 19:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-02 21:34 - 2016-08-31 19:47 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-02 21:34 - 2016-08-31 19:46 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-02 21:34 - 2016-08-31 19:44 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-02 21:34 - 2016-08-31 19:42 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-02 21:34 - 2016-08-31 19:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-02 21:34 - 2016-08-31 19:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-02 21:34 - 2016-08-31 19:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-02 21:34 - 2016-08-31 19:27 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-02 21:34 - 2016-08-31 19:26 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-02 21:34 - 2016-08-31 19:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-02 21:34 - 2016-08-31 19:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-02 21:34 - 2016-08-31 18:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-02 21:34 - 2016-08-31 18:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-02 21:34 - 2016-08-12 12:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-10-02 21:34 - 2016-08-12 12:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-10-02 21:34 - 2016-08-12 12:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-10-02 21:34 - 2016-06-06 12:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-02 21:34 - 2016-06-06 12:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-02 21:34 - 2016-06-06 12:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-02 21:34 - 2016-06-06 12:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-02 21:34 - 2016-06-06 11:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-02 21:34 - 2016-06-06 11:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-02 21:34 - 2016-05-13 18:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-10-02 21:34 - 2016-05-13 18:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-10-02 21:34 - 2016-05-13 18:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-10-02 21:34 - 2016-05-13 18:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-10-02 21:34 - 2016-05-13 17:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-10-02 21:34 - 2016-05-13 17:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-10-02 21:34 - 2016-05-13 17:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-10-02 21:34 - 2016-05-13 17:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-10-02 21:34 - 2016-05-13 17:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-10-02 21:34 - 2016-05-13 17:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-10-02 21:34 - 2016-05-13 17:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-10-02 21:34 - 2016-05-13 17:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-10-02 21:34 - 2016-05-13 17:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-10-02 21:34 - 2016-05-13 17:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-10-02 21:34 - 2016-05-13 17:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-10-02 21:34 - 2016-05-13 17:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-10-02 21:34 - 2016-05-12 13:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-10-02 21:34 - 2016-05-12 11:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-10-02 21:34 - 2016-05-12 11:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-10-02 21:34 - 2016-05-04 13:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-10-02 21:34 - 2016-05-04 13:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-10-02 21:34 - 2016-05-04 13:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-10-02 21:34 - 2016-05-04 11:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-10-02 21:34 - 2016-05-04 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-10-02 21:33 - 2016-09-02 11:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-02 21:33 - 2016-09-02 11:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-02 21:33 - 2016-09-02 11:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-02 21:33 - 2016-09-02 11:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-02 21:33 - 2016-09-02 11:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-02 21:33 - 2016-09-02 11:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 11:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-02 21:33 - 2016-09-02 10:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-02 21:33 - 2016-09-02 10:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-02 21:33 - 2016-09-02 10:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-02 21:33 - 2016-09-02 10:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-02 21:33 - 2016-09-02 10:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-02 21:33 - 2016-09-02 10:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-02 21:33 - 2016-09-02 10:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-02 21:33 - 2016-09-02 10:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-02 21:33 - 2016-09-02 10:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-02 21:33 - 2016-09-02 10:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-02 21:33 - 2016-09-02 10:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 10:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 10:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-02 21:33 - 2016-09-02 10:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-02 21:33 - 2016-08-16 13:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-10-02 21:33 - 2016-08-15 22:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-10-02 21:33 - 2016-08-15 22:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-02 21:33 - 2016-08-06 11:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-10-02 21:33 - 2016-08-06 11:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-10-02 21:33 - 2016-08-05 11:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-10-02 21:33 - 2016-08-05 11:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-10-02 21:33 - 2016-07-07 11:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-10-02 21:33 - 2016-07-07 11:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-10-02 21:33 - 2016-07-07 11:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-10-02 21:33 - 2016-07-07 11:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-10-02 21:33 - 2016-07-01 11:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-02 21:33 - 2016-07-01 11:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-02 21:33 - 2016-07-01 11:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-02 21:33 - 2016-07-01 11:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-02 21:33 - 2016-06-06 11:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-02 21:33 - 2016-06-06 11:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-02 21:33 - 2016-05-04 13:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-10-02 21:33 - 2016-05-04 13:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-10-02 21:33 - 2016-05-04 13:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-10-02 21:33 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-10-02 21:33 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-10-02 21:33 - 2016-05-04 13:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-02 21:33 - 2016-05-04 13:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-10-02 12:57 - 2016-10-02 13:04 - 00000000 ____D C:\Users\SMART Team\AppData\Roaming\Acronis
2016-10-02 12:54 - 2016-10-02 12:54 - 00000000 ____D C:\Program Files (x86)\Acronis
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-06 18:20 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-06 18:20 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-06 18:10 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-06 18:10 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-10-06 18:05 - 2013-03-30 13:58 - 00000000 ____D C:\ProgramData\MFAData
2016-10-06 18:04 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-06 18:04 - 2007-10-10 15:30 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-05 23:02 - 2012-04-01 14:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-05 22:38 - 2011-12-25 04:27 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1026851276-3128757221-3139530111-1000UA.job
2016-10-05 21:37 - 2011-12-25 04:27 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1026851276-3128757221-3139530111-1000Core.job
2016-10-05 21:21 - 2011-12-25 04:27 - 00000000 ____D C:\Users\SMART Team\AppData\Local\ElevatedDiagnostics
2016-10-05 21:14 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
2016-10-05 20:35 - 2011-12-25 05:01 - 00000000 ____D C:\Users\SMART Team\Tracing
2016-10-05 20:35 - 2007-07-11 21:49 - 00000000 ____D C:\Windows\Panther
2016-10-05 20:34 - 2010-04-21 15:52 - 00000000 ____D C:\ProgramData\Google
2016-10-05 20:34 - 2010-04-21 15:52 - 00000000 ____D C:\Program Files\Google
2016-10-05 20:34 - 2010-04-21 15:52 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-03 19:39 - 2011-12-25 04:29 - 00002409 _____ C:\Users\SMART Team\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-03 19:39 - 2011-12-25 04:29 - 00002401 _____ C:\Users\SMART Team\Desktop\Google Chrome.lnk
2016-10-03 14:02 - 2012-04-25 17:02 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-03 14:02 - 2012-04-01 14:45 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-03 14:02 - 2012-04-01 14:45 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-03 14:02 - 2012-04-01 14:45 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-03 14:02 - 2010-04-21 16:01 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-03 04:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-10-03 03:32 - 2013-03-13 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-03 03:32 - 2013-03-13 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-03 03:32 - 2009-07-14 00:45 - 00435432 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-03 03:09 - 2013-03-13 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-03 03:07 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
2016-10-03 03:01 - 2012-01-08 21:22 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-03 00:07 - 2016-01-24 05:48 - 00000984 _____ C:\Users\Public\Desktop\AVG.lnk
2016-10-03 00:07 - 2016-01-24 05:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-10-03 00:04 - 2016-05-23 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-10-02 13:58 - 2011-12-25 04:25 - 00000000 ____D C:\Users\SMART Team\AppData\Local\Google
 
==================== Files in the root of some directories =======
 
2014-04-24 16:11 - 2014-04-24 16:21 - 0000000 _____ () C:\Users\SMART Team\AppData\Roaming\bibstats
2014-04-16 15:28 - 2015-01-19 18:50 - 0003173 _____ () C:\Users\SMART Team\AppData\Roaming\QBFileDrTool.log
 
Some files in TEMP:
====================
C:\Users\SMART Team\AppData\Local\Temp\libeay32.dll
C:\Users\SMART Team\AppData\Local\Temp\msvcr120.dll
C:\Users\SMART Team\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-10-05 00:03
 
==================== End of FRST.txt ============================

When I first start any web-browser. I am usually redirected to a page called loadstart.net and sometimes I get re-directed to random web sites that inform me of a security breach on my computer.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,557 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:33 AM

Posted 07 October 2016 - 09:50 AM


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL => No File
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} -  No File
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} -  No File
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} -  No File
FF HKU\S-1-5-21-1026851276-3128757221-3139530111-1000\...\Firefox\Extensions: [dict@www.youdao.com] - C:\Users\SMART Team\AppData\Local\Youdao\Dict\Application\stable\extensions\firefox => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [No File]
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll [No File]
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [No File]
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [No File]
CHR Plugin: (Native Client) - C:\Users\SMART Team\AppData\Local\Google\Chrome\Application\53.0.2785.143\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\SMART Team\AppData\Local\Google\Chrome\Application\53.0.2785.143\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\SMART Team\AppData\Local\Google\Chrome\Application\53.0.2785.143\gcswf32.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\SMART Team\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => No File
CHR Plugin: (Google Update) - C:\Users\SMART Team\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\SMART Team\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-03]
CHR HKLM-x32\...\Chrome\Extension: [aohddidmgooofkgohkbkaohadkolgejj] - C:\Users\SMART Team\AppData\Local\Youdao\Dict\Application\stable\YDChromeTextExtractor.crx <not found>
S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141
===

p.s.
I did not find any references to loadstart.net as I did on the other computer.

After a restart of this computer let me know if the problem persists in IE and in any other browsers you use.

#3 super goku

super goku
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 07 October 2016 - 03:53 PM

The problem is still there even though IE is faster now.

 

To give you more context, I first installed a specific software on the first computer and got the loadstart.net. On the second computer, I got the loadstart.net and then once I removed the software it went away but the computer has been slow ever since.

 

Is there a way or a log i can post that would help you determine if I am infected with anything else?

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-10-2016
Ran by SMART Team (07-10-2016 16:42:30) Run:1
Running from C:\Users\SMART Team\Desktop
Loaded Profiles: SMART Team (Available Profiles: SMART Team & UpdatusUser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL => No File
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} -  No File
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} -  No File
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} -  No File
FF HKU\S-1-5-21-1026851276-3128757221-3139530111-1000\...\Firefox\Extensions: [dict@www.youdao.com] - C:\Users\SMART Team\AppData\Local\Youdao\Dict\Application\stable\extensions\firefox => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [No File]
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll [No File]
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [No File]
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [No File]
CHR Plugin: (Native Client) - C:\Users\SMART Team\AppData\Local\Google\Chrome\Application\53.0.2785.143\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\SMART Team\AppData\Local\Google\Chrome\Application\53.0.2785.143\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\SMART Team\AppData\Local\Google\Chrome\Application\53.0.2785.143\gcswf32.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\SMART Team\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => No File
CHR Plugin: (Google Update) - C:\Users\SMART Team\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\SMART Team\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-03]
CHR HKLM-x32\...\Chrome\Extension: [aohddidmgooofkgohkbkaohadkolgejj] - C:\Users\SMART Team\AppData\Local\Youdao\Dict\Application\stable\YDChromeTextExtractor.crx <not found>
S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [X]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
"HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found. 
"HKCR\PROTOCOLS\Handler\intu-help-qb2" => key removed successfully
HKCR\CLSID\{84D77A00-41B5-4b8b-8ADF-86486D72E749} => key not found. 
"HKCR\PROTOCOLS\Handler\intu-help-qb5" => key removed successfully
HKCR\CLSID\{867FCB77-9823-4cd6-8210-D85F968D466F} => key not found. 
"HKCR\PROTOCOLS\Handler\intu-help-qb6" => key removed successfully
HKCR\CLSID\{6898B29B-BF49-43cb-A0B1-D0B9496AF491} => key not found. 
HKU\S-1-5-21-1026851276-3128757221-3139530111-1000\Software\Mozilla\Firefox\Extensions\\dict@www.youdao.com => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QQPhotoDrawEx" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QzoneMusic" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tencent.com/npQQMailWebKit,version=1.0.0.1" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tencent.com/nptxftnWebKit,version=1.0.0.1" => key removed successfully
C:\Users\SMART Team\AppData\Local\Google\Chrome\Application\53.0.2785.143\ppGoogleNaClPluginChrome.dll => not found.
C:\Users\SMART Team\AppData\Local\Google\Chrome\Application\53.0.2785.143\pdf.dll => not found.
C:\Users\SMART Team\AppData\Local\Google\Chrome\Application\53.0.2785.143\gcswf32.dll => not found.
C:\Users\SMART Team\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll => not found.
C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => not found.
C:\Users\SMART Team\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found.
c:\progra~2\mcafee\msc\npmcsn~1.dll => not found.
C:\Users\SMART Team\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aohddidmgooofkgohkbkaohadkolgejj" => key removed successfully
McMPFSvc => service removed successfully
MREMP50 => service removed successfully
MREMP50a64 => service removed successfully
MREMPR5 => service removed successfully
MRENDIS5 => service removed successfully
MRESP50 => service removed successfully
MRESP50a64 => service removed successfully
pbfilter => service removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12565694 B
Java, Flash, Steam htmlcache => 595 B
Windows/system/drivers => 35467 B
Edge => 0 B
Chrome => 41586438 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128671 B
systemprofile32 => 72410 B
LocalService => 132244 B
NetworkService => 66228 B
SMART Team => 9183273 B
UpdatusUser => 66228 B
 
RecycleBin => 0 B
EmptyTemp: => 60.9 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 16:43:12 ====


#4 super goku

super goku
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 07 October 2016 - 04:32 PM

Actually, i take it back. once i restarted the computer...the problem seems to be gone.

 

are you able to confirm my computer is free from infections?



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,557 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:33 AM

Posted 08 October 2016 - 08:23 AM

No malware was found. All I did was a cleanup.


To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#6 super goku

super goku
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 08 October 2016 - 10:12 AM

awesome! thank you so much Nasdaq.

 

was the loadstart.net a malware? do you know how it got installed on my computer?



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,557 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:33 AM

Posted 08 October 2016 - 12:17 PM

It's known as a browser hijacker.

Unable to know how it got in. Possibly by installing 3rd party software. It gets in without you consent.

#8 super goku

super goku
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 09 October 2016 - 11:35 PM

I installed the same program I n both computers, is ot possible that only one of the computers got infected?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,557 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:33 AM

Posted 10 October 2016 - 10:46 AM

It may have been compromised.

Start a new topic for this second computer.

Run the Farbar tool on it and post the FRST and Addition.txt logs.

When posted give me the URL in your next reply here.
I will expedite the matter.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users