Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes Reports "Trojan.0Access" Folders Found


  • This topic is locked This topic is locked
9 replies to this topic

#1 mindstorms81

mindstorms81

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 16 October 2016 - 04:18 AM

Hello,

 

After a scan by Malwarebytes, some folders have been detected as, "Trojan.0Access". I have also attached the Malwarebytes Root Kit scanner report. I did not choose to clean any infections yet in these folders.

 

It appears there are no files in this folder, however, it looks like this folder may be active when looking at "Previous Versions" as shown below:

 

Attached File  Screenshot.jpg   64.9KB   0 downloads

 

I have not noticed any other weird behaviour with my computer.

 

Thanks in advance for your time in helping out.

 

Kind Regards,

 

Ben.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-10-2016
Ran by Ben (administrator) on DSL-2730B (16-10-2016 18:01:17)
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben (Available Profiles: Ben)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-11-03] (Intel® Corporation)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-22] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2014-04-08] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-12-31] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5107232 2010-03-27] (Acronis)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6718224 2016-08-26] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-01-25] (cyberlink)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [UsbCipHelper] => C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe [443176 2014-01-10] (Rockwell Automation, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-08] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2013-03-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25366584 2016-10-11] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2420124301-4185568838-3241564264-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\S-1-5-21-2420124301-4185568838-3241564264-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-2420124301-4185568838-3241564264-1000\...\MountPoints2: {14c30cdf-887f-11e6-b5e1-cc52af86b6f8} - E:\startme.exe
HKU\S-1-5-21-2420124301-4185568838-3241564264-1000\...\MountPoints2: {1556e0e4-9274-11e5-a010-ce117944917e} - E:\startme.exe
HKU\S-1-5-21-2420124301-4185568838-3241564264-1000\...\MountPoints2: {27a30da5-e3bf-11e2-8008-2c27d7a9969c} - D:\Setup.exe
HKU\S-1-5-21-2420124301-4185568838-3241564264-1000\...\MountPoints2: {3d66753b-1abe-11e3-97e7-95ec32960685} - F:\Setup.exe
HKU\S-1-5-21-2420124301-4185568838-3241564264-1000\...\MountPoints2: {6c81a01e-41ea-11e4-a451-e7fbd1ed7687} - F:\Setup.exe
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-11] (Dropbox, Inc.)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Privatefirewall 7.0.lnk [2013-12-30]
ShortcutTarget: Privatefirewall 7.0.lnk -> C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe (Privacyware/PWI, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{4BC1D4A2-6E54-46FE-8E8E-6EB5D3087B0A}: [DhcpNameServer] 192.168.200.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2420124301-4185568838-3241564264-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.au/
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKU\S-1-5-21-2420124301-4185568838-3241564264-1000 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2420124301-4185568838-3241564264-1000 -> {A1FBEAF6-6AD4-4BC1-AE2D-D79FEAB52348} URL = hxxp://www.ant.com/search?s=browser&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2420124301-4185568838-3241564264-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2420124301-4185568838-3241564264-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2420124301-4185568838-3241564264-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2420124301-4185568838-3241564264-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll => No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-20] (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2010-12-08] (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-20] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll => No File
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-20] (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2010-12-08] (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-20] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2420124301-4185568838-3241564264-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2420124301-4185568838-3241564264-1000 -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} -  No File
Toolbar: HKU\S-1-5-21-2420124301-4185568838-3241564264-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553542500} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Ben\AppData\Roaming\Pencil\Profiles\bbcwlcgz.default [2015-09-13]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-08-21] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-08-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll [2008-04-05] (Viewpoint Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-12-19] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default [2016-10-16]
CHR Extension: (Google Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (HelloFax: 5 Free Fax Pages) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2016-09-08]
CHR Extension: (Google Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-10-10]
CHR Extension: (NetBeans Connector) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\hafdlehgocfcodbgjnpecfajgkeejnaa [2016-03-11]
CHR Extension: (Codebender App) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\magknjdfniglanojbpadmpjlglepnlko [2016-08-18]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2016-08-05]
CHR Extension: (Website Logon) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfpefkeidlhbjljfdojcnngjbddgein [2014-01-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
CHR HKLM-x32\...\Chrome\Extension: [nhfpefkeidlhbjljfdojcnngjbddgein] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2010-11-18]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [576904 2013-12-22] (Autodesk Inc.)
S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [674552 2016-08-26] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5285344 2016-08-26] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1149712 2016-09-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [760024 2016-08-26] (AVG Technologies CZ, s.r.o.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-25] (CyberLink)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-18] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-18] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [38000 2016-10-11] (Dropbox, Inc.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2013-06-18] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
S3 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [69964448 2015-04-03] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-03] ()
R2 PFNet; C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 RSLinx; C:\Program Files (x86)\Rockwell Software\RSLinx\RSLINX.EXE [3306528 2014-10-30] (Rockwell Automation, Inc.)
S4 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2011-11-23] (SolidWorks) [File not signed]
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441512 2015-04-03] (Microsoft Corporation)
S3 Talk2MVpnService; C:\Program Files (x86)\eCatcher-Talk2M\Talk2mVpnService\bin\Talk2MVpnService.exe [352768 2015-06-09] (eWON s.a.) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 Viewpoint Service; C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [30152 2008-04-05] (Viewpoint Corporation)
S3 Visual Studio Analyzer RPC bridge; C:\Program Files (x86)\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-06] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [310016 2016-08-23] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272640 2016-07-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [262400 2016-08-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
S2 DS1410D; C:\Windows\SysWow64\Drivers\DS1410D.sys [6689 2005-07-08] (Dallas Semiconductor MAXIM) [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel  Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 qcusbnet; C:\Windows\System32\DRIVERS\simusbnet.sys [152576 2011-05-11] (QUALCOMM Incorporated)
S3 qcusbser; C:\Windows\System32\DRIVERS\simusbser.sys [121856 2011-05-11] (QUALCOMM Incorporated)
S3 RAUSBCIP; C:\Windows\System32\drivers\rausbcipwdf.sys [87552 2013-10-10] (Rockwell Automation, Inc.)
S3 RSSERIAL; C:\Windows\SysWOW64\RSSERIAL.SYS [155440 2014-09-19] (Rockwell Software Inc.) [File not signed]
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [12400 2016-03-10] (Macrovision Europe Ltd) [File not signed]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [25608 2016-04-23] (SlimWare Utilities, Inc.)
R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [1477728 2012-01-08] (Acronis)
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [48344 2015-12-11] (USBPcap)
R1 VirtualBackplane; C:\Windows\System32\Drivers\VirtualBackplane.sys [51200 2013-10-10] (Rockwell Automation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-08-04] (VMware, Inc.)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [268800 2014-01-28] (Jungo Connectivity)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 pcidnt; \SystemRoot\System32\Drivers\pcidnt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-16 18:01 - 2016-10-16 18:02 - 00038843 _____ C:\Users\Ben\Desktop\FRST.txt
2016-10-16 18:00 - 2016-10-16 18:01 - 00000000 ____D C:\FRST
2016-10-16 18:00 - 2016-10-16 18:00 - 02406912 _____ (Farbar) C:\Users\Ben\Desktop\FRST64.exe
2016-10-16 17:38 - 2016-10-16 17:38 - 00002064 _____ C:\Users\Ben\Desktop\dfk.txt
2016-10-16 16:05 - 2016-10-16 16:06 - 00000000 ____D C:\Users\Ben\Desktop\delphi
2016-10-13 10:01 - 2016-10-13 10:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-13 09:41 - 2016-07-23 01:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-13 09:41 - 2016-07-23 01:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-10-13 09:24 - 2016-10-13 09:24 - 00442624 _____ C:\Windows\Minidump\101316-185360-01.dmp
2016-10-12 21:19 - 2016-10-12 21:19 - 00000967 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arduino.lnk
2016-10-12 21:19 - 2016-10-12 21:19 - 00000955 _____ C:\Users\Public\Desktop\Arduino.lnk
2016-10-12 20:02 - 2016-10-12 20:02 - 00002160 _____ C:\Users\Ben\AppData\Local\recently-used.xbel
2016-10-12 11:34 - 2016-10-01 07:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-12 11:34 - 2016-10-01 06:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-12 11:34 - 2016-10-01 02:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-12 11:34 - 2016-10-01 02:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-12 11:34 - 2016-10-01 02:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-12 11:34 - 2016-09-30 18:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-12 11:34 - 2016-09-30 17:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-12 11:34 - 2016-09-30 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-12 11:34 - 2016-09-30 17:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-12 11:34 - 2016-09-30 17:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-12 11:34 - 2016-09-30 17:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-12 11:34 - 2016-09-30 17:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-12 11:34 - 2016-09-30 17:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-12 11:34 - 2016-09-30 17:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-12 11:34 - 2016-09-30 17:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-12 11:34 - 2016-09-30 17:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-12 11:34 - 2016-09-30 17:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-12 11:34 - 2016-09-30 17:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-12 11:34 - 2016-09-30 17:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-12 11:34 - 2016-09-30 17:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-12 11:34 - 2016-09-30 17:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-12 11:34 - 2016-09-30 17:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-12 11:34 - 2016-09-30 17:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-12 11:34 - 2016-09-30 17:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-12 11:34 - 2016-09-30 16:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-12 11:34 - 2016-09-30 16:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-12 11:34 - 2016-09-30 16:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-12 11:34 - 2016-09-30 16:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-12 11:34 - 2016-09-30 16:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-12 11:34 - 2016-09-30 16:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-12 11:34 - 2016-09-30 16:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-12 11:34 - 2016-09-30 16:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-12 11:34 - 2016-09-30 16:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-12 11:34 - 2016-09-30 16:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-12 11:34 - 2016-09-30 16:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-12 11:34 - 2016-09-30 16:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-12 11:34 - 2016-09-30 16:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-12 11:34 - 2016-09-30 16:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-12 11:34 - 2016-09-30 16:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-12 11:34 - 2016-09-30 16:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-12 11:34 - 2016-09-30 16:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-12 11:34 - 2016-09-30 16:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-12 11:34 - 2016-09-30 16:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-12 11:34 - 2016-09-30 16:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-12 11:34 - 2016-09-30 16:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-12 11:34 - 2016-09-30 16:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-12 11:34 - 2016-09-30 16:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-12 11:34 - 2016-09-30 16:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-12 11:34 - 2016-09-30 16:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-12 11:34 - 2016-09-30 16:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-12 11:34 - 2016-09-30 16:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-12 11:34 - 2016-09-30 16:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-12 11:34 - 2016-09-30 16:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-12 11:34 - 2016-09-30 16:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-12 11:34 - 2016-09-30 16:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-12 11:34 - 2016-09-30 16:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-12 11:34 - 2016-09-30 16:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-12 11:34 - 2016-09-30 16:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-12 11:34 - 2016-09-30 16:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-12 11:34 - 2016-09-30 16:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-12 11:34 - 2016-09-30 16:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-12 11:34 - 2016-09-30 16:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-12 11:34 - 2016-09-30 16:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-12 11:34 - 2016-09-30 16:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-12 11:34 - 2016-09-30 16:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-12 11:34 - 2016-09-30 15:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-12 11:34 - 2016-09-30 15:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-12 11:34 - 2016-09-30 15:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-12 11:34 - 2016-09-30 15:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-12 11:34 - 2016-09-16 02:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-12 11:34 - 2016-09-16 02:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-12 11:34 - 2016-09-16 02:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-12 11:34 - 2016-09-16 02:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-12 11:34 - 2016-09-13 08:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-12 11:34 - 2016-09-13 08:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-12 11:34 - 2016-09-13 08:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-12 11:34 - 2016-09-13 08:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-12 11:34 - 2016-09-13 08:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-12 11:34 - 2016-09-13 08:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-12 11:34 - 2016-09-13 08:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-12 11:34 - 2016-09-13 08:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-12 11:34 - 2016-09-13 08:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-12 11:34 - 2016-09-13 08:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-12 11:34 - 2016-09-13 08:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-12 11:34 - 2016-09-13 08:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-12 11:34 - 2016-09-13 08:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-12 11:34 - 2016-09-13 08:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-12 11:34 - 2016-09-13 08:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-12 11:34 - 2016-09-13 08:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-12 11:34 - 2016-09-13 08:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-12 11:34 - 2016-09-13 08:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-12 11:34 - 2016-09-13 08:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-12 11:34 - 2016-09-13 08:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-12 11:34 - 2016-09-13 08:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-12 11:34 - 2016-09-13 07:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-12 11:34 - 2016-09-13 07:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-12 11:34 - 2016-09-13 07:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-12 11:34 - 2016-09-13 07:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-12 11:34 - 2016-09-13 07:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-12 11:34 - 2016-09-13 07:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-12 11:34 - 2016-09-13 07:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-12 11:34 - 2016-09-13 07:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-12 11:34 - 2016-09-13 07:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-12 11:34 - 2016-09-13 07:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-12 11:34 - 2016-09-13 07:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-12 11:34 - 2016-09-13 07:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-12 11:34 - 2016-09-13 07:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-12 11:34 - 2016-09-13 07:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-12 11:34 - 2016-09-13 07:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-12 11:34 - 2016-09-13 07:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-12 11:34 - 2016-09-13 07:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-12 11:34 - 2016-09-13 07:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-12 11:34 - 2016-09-13 07:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-12 11:34 - 2016-09-13 07:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-12 11:34 - 2016-09-13 07:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-12 11:34 - 2016-09-13 07:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-12 11:34 - 2016-09-13 07:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-12 11:34 - 2016-09-13 07:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-12 11:34 - 2016-09-13 06:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-12 11:34 - 2016-09-13 05:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-12 11:34 - 2016-09-13 05:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-12 11:34 - 2016-09-11 03:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-12 11:34 - 2016-09-11 02:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-12 11:34 - 2016-09-10 05:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-12 11:34 - 2016-09-10 05:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-12 11:34 - 2016-09-10 05:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 05:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-12 11:34 - 2016-09-10 05:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-12 11:34 - 2016-09-10 05:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-12 11:34 - 2016-09-10 05:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-12 11:34 - 2016-09-10 05:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-12 11:34 - 2016-09-10 04:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-12 11:34 - 2016-09-10 04:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-12 11:34 - 2016-09-10 04:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-12 11:34 - 2016-09-10 04:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-12 11:34 - 2016-09-10 04:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-12 11:34 - 2016-09-10 04:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-12 11:34 - 2016-09-10 04:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-12 11:34 - 2016-09-10 04:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-12 11:34 - 2016-09-10 04:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-12 11:34 - 2016-09-10 04:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-12 11:34 - 2016-09-10 04:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-12 11:34 - 2016-09-09 07:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-12 11:34 - 2016-09-09 07:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-12 11:34 - 2016-09-09 07:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-12 11:34 - 2016-09-09 07:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-12 11:34 - 2016-09-09 01:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-12 11:34 - 2016-09-09 01:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-12 11:28 - 2016-09-13 08:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-12 11:28 - 2016-09-13 08:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-12 11:28 - 2016-09-10 02:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-12 11:28 - 2016-09-10 02:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-12 11:28 - 2016-09-10 02:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-12 11:28 - 2016-09-10 02:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-12 11:28 - 2016-09-10 02:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-12 11:28 - 2016-09-10 02:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-12 11:28 - 2016-09-10 02:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-11 19:59 - 2016-10-11 19:59 - 00020345 _____ C:\Users\Ben\Documents\DSL-2730B_Ben_2016_10_11.csv
2016-10-11 05:30 - 2016-10-11 05:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-10-11 05:30 - 2016-10-11 05:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-10-11 05:30 - 2016-10-11 05:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-10-10 09:41 - 2016-10-10 10:07 - 153454533 _____ C:\Users\Ben\Desktop\Borland Delphi 7 Studio Enterprise.rar
2016-10-09 15:37 - 2016-10-09 15:37 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tftpd64
2016-10-09 15:37 - 2016-10-09 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tftpd64
2016-10-09 15:37 - 2016-10-09 15:37 - 00000000 ____D C:\Program Files\Tftpd64
2016-10-07 18:46 - 2016-10-07 18:46 - 00000000 ____D C:\Users\Ben\AppData\Local\CEF
2016-10-07 18:30 - 2016-10-07 18:30 - 00020415 _____ C:\Users\Ben\Documents\DSL-2730B_Ben_2016_10_ 7.csv
2016-10-07 08:06 - 2016-10-11 05:30 - 00038000 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-10-07 08:06 - 2016-10-07 08:06 - 00042792 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\SET9908.tmp
2016-09-30 13:39 - 2011-05-11 12:30 - 00152576 _____ (QUALCOMM Incorporated) C:\Windows\system32\Drivers\simusbnet.sys
2016-09-30 13:39 - 2011-05-11 12:29 - 00121856 _____ (QUALCOMM Incorporated) C:\Windows\system32\Drivers\simusbser.sys
2016-09-27 16:42 - 2016-09-27 16:42 - 00001069 _____ C:\Users\Ben\Desktop\AT Command Tester.lnk
2016-09-27 16:42 - 2016-09-27 16:42 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AT Command Tester
2016-09-27 16:42 - 2016-09-27 16:42 - 00000000 ____D C:\Program Files (x86)\AT Command Tester
2016-09-24 14:31 - 2016-08-06 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-24 14:31 - 2016-08-06 02:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-09-24 14:30 - 2016-08-30 02:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-09-24 14:30 - 2016-08-30 02:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-09-24 14:30 - 2016-08-30 02:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-09-24 14:30 - 2016-08-30 02:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-09-24 14:30 - 2016-08-30 02:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-09-24 14:30 - 2016-08-30 02:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-09-24 14:30 - 2016-08-30 02:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-09-24 14:30 - 2016-08-30 01:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-09-24 14:30 - 2016-08-17 07:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-09-24 14:30 - 2016-08-17 07:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-09-24 14:30 - 2016-08-17 07:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-09-24 14:30 - 2016-08-17 07:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-09-24 14:30 - 2016-08-17 07:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-09-24 14:30 - 2016-08-17 07:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-09-24 14:30 - 2016-08-17 07:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-09-24 14:30 - 2016-08-13 04:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-09-24 14:30 - 2016-08-13 04:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-09-24 14:30 - 2016-08-13 04:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-09-24 14:30 - 2016-08-13 04:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-09-24 14:30 - 2016-08-13 04:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-09-24 14:30 - 2016-08-13 03:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-09-24 14:30 - 2016-08-13 03:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-09-24 14:30 - 2016-08-13 03:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-09-24 14:30 - 2016-08-13 03:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-09-24 14:30 - 2016-08-13 03:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-09-24 14:30 - 2016-08-13 03:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-09-24 14:30 - 2016-08-07 02:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-09-24 14:30 - 2016-08-07 02:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-09-24 14:30 - 2016-08-07 02:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-09-24 14:30 - 2016-08-07 02:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-09-24 14:30 - 2016-08-07 02:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-09-24 14:30 - 2016-08-07 02:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-09-24 14:30 - 2016-08-07 02:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-09-24 14:30 - 2016-08-07 02:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-09-24 14:30 - 2016-08-07 02:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-09-24 14:30 - 2016-08-07 02:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-09-24 14:30 - 2016-08-07 02:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-09-24 14:30 - 2016-08-07 02:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-09-24 14:30 - 2016-08-07 02:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-09-24 14:30 - 2016-08-07 01:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-09-24 14:30 - 2016-08-07 01:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-09-24 14:30 - 2016-08-07 01:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-09-24 14:30 - 2016-06-15 04:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-09-24 14:30 - 2016-06-15 04:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-09-24 14:30 - 2016-06-15 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-09-24 14:30 - 2016-06-15 04:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-09-24 14:30 - 2016-06-15 02:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-09-24 14:30 - 2016-06-15 02:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-09-24 14:30 - 2016-06-15 02:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-09-24 14:30 - 2016-06-15 02:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-09-24 14:30 - 2016-06-15 02:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-09-24 14:30 - 2016-06-15 02:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-09-24 14:30 - 2016-06-15 02:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-09-24 14:30 - 2016-06-15 02:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-09-24 14:30 - 2016-06-15 02:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-09-24 14:30 - 2016-06-15 02:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-09-24 14:30 - 2016-06-15 02:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-09-24 14:30 - 2016-06-15 02:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-09-24 14:30 - 2016-06-15 02:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-09-24 14:30 - 2016-06-15 02:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-09-24 14:30 - 2016-06-15 02:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-09-24 14:30 - 2016-06-15 02:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-09-24 14:30 - 2016-06-15 02:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-09-24 14:30 - 2016-06-15 02:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-09-24 14:30 - 2016-06-15 02:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-09-24 14:30 - 2016-06-15 02:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-09-24 14:30 - 2016-06-15 02:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-09-24 14:30 - 2016-06-15 02:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-09-24 14:30 - 2016-06-15 02:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-09-24 14:30 - 2016-06-15 02:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-09-24 14:30 - 2016-06-15 02:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-09-24 14:30 - 2016-06-15 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-09-24 14:30 - 2016-06-15 02:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-09-24 14:30 - 2016-06-15 02:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-09-24 14:30 - 2016-06-15 02:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-09-23 15:09 - 2016-09-23 15:09 - 00063862 _____ C:\Users\Ben\Desktop\Ethernet.zip
2016-09-22 20:46 - 2016-09-22 20:46 - 00020473 _____ C:\Users\Ben\Documents\DSL-2730B_Ben_2016_ 9_22.csv
2016-09-21 21:17 - 2016-10-15 21:21 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-09-17 16:52 - 2016-09-17 16:52 - 00020473 _____ C:\Users\Ben\Documents\DSL-2730B_Ben_2016_ 9_17.csv
2016-09-17 16:32 - 2016-08-17 04:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-17 16:32 - 2016-08-16 13:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-17 16:32 - 2016-08-13 03:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-17 16:32 - 2016-08-13 03:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-17 16:32 - 2016-08-13 03:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-17 16:28 - 2016-08-07 02:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-17 16:28 - 2016-08-07 02:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-16 18:01 - 2011-11-20 05:44 - 00000000 ____D C:\Users\Ben\AppData\LocalLow\AuthenTec
2016-10-16 17:57 - 2016-08-18 11:52 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-10-16 17:21 - 2014-01-01 20:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-16 16:19 - 2014-01-01 20:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-16 16:16 - 2016-08-18 11:52 - 00000898 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-10-16 16:12 - 2014-08-09 17:51 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-16 16:07 - 2012-05-10 16:25 - 00000000 ____D C:\ProgramData\MFAData
2016-10-15 21:43 - 2009-07-14 16:13 - 00880262 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-15 21:43 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\inf
2016-10-15 21:21 - 2016-03-21 20:18 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBen
2016-10-15 21:21 - 2016-03-21 20:18 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForBen.job
2016-10-14 08:24 - 2014-04-17 18:57 - 00000000 ____D C:\Users\Ben\Documents\OllyDBG
2016-10-14 08:23 - 2016-08-02 20:45 - 00000000 ____D C:\A420
2016-10-13 10:01 - 2016-08-18 11:52 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-10-13 09:38 - 2009-07-14 15:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-13 09:38 - 2009-07-14 15:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-13 09:24 - 2015-12-07 07:09 - 00000091 _____ C:\HaxLogs.txt
2016-10-13 09:24 - 2012-09-17 12:32 - 00000000 ____D C:\Windows\Minidump
2016-10-13 09:24 - 2012-04-28 12:12 - 00000000 ____D C:\ProgramData\VMware
2016-10-13 09:24 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-13 09:24 - 2009-07-14 15:45 - 00475552 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-13 09:23 - 2016-09-13 09:27 - 963735238 _____ C:\Windows\MEMORY.DMP
2016-10-13 09:23 - 2012-05-17 13:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-13 09:23 - 2012-05-17 13:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-12 21:21 - 2015-06-08 13:54 - 00000000 ____D C:\Users\Ben\AppData\Local\Arduino15
2016-10-12 21:21 - 2015-04-17 10:38 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-12 21:21 - 2014-05-20 14:25 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-12 21:20 - 2015-09-19 15:14 - 00000000 ____D C:\Users\Ben\.oracle_jre_usage
2016-10-12 21:16 - 2012-05-16 20:30 - 00000000 ____D C:\Program Files (x86)\arduino
2016-10-12 20:03 - 2016-05-10 19:03 - 00000000 ____D C:\Users\Ben\.gimp-2.8
2016-10-12 11:50 - 2015-04-17 10:14 - 00000000 ____D C:\Windows\system32\MRT
2016-10-12 11:38 - 2015-04-17 10:13 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-12 11:37 - 2012-05-17 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-11 19:54 - 2016-09-06 22:27 - 00001513 _____ C:\Users\Ben\Desktop\Work Diary.txt
2016-10-10 10:46 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\rescache
2016-10-10 09:49 - 2015-08-22 16:54 - 00000000 ____D C:\Users\Ben\Documents\Pneumatic Bench Press
2016-10-09 13:49 - 2013-05-01 17:28 - 00000000 ____D C:\Users\Ben\Documents\Work Dad
2016-10-09 13:33 - 2015-01-17 00:00 - 00000000 ____D C:\Users\Ben\Desktop\Mum Camera
2016-10-07 22:45 - 2012-04-10 15:28 - 00000000 ____D C:\Users\Ben\AppData\Roaming\vlc
2016-10-07 18:55 - 2015-12-27 14:54 - 00000000 ____D C:\Users\Ben\AppData\Roaming\eM Client
2016-10-07 18:46 - 2015-12-27 14:53 - 00000000 ____D C:\Program Files (x86)\eM Client
2016-10-07 18:45 - 2015-12-27 14:53 - 00000926 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
2016-10-05 16:23 - 2014-03-07 16:15 - 00000000 ____D C:\Program Files\SharePoint Client Components
2016-09-30 12:47 - 2014-01-01 20:57 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-24 16:07 - 2014-10-21 13:54 - 00000863 _____ C:\Users\Ben\Desktop\mfb excel notes.txt
2016-09-24 15:25 - 2015-12-15 11:47 - 00004015 _____ C:\Users\Ben\AppData\Roaming\LTspiceIV.ini
2016-09-24 15:25 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-09-24 15:25 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\system32\Dism
2016-09-24 14:36 - 2011-12-04 14:05 - 00864572 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-09-23 14:46 - 2015-03-25 14:59 - 00000000 ____D C:\Users\Ben\Documents\Type B Course
2016-09-22 13:35 - 2012-02-19 18:41 - 00000000 ____D C:\Users\Ben\Documents\Visual Studio 2010
2016-09-22 12:22 - 2015-09-19 14:28 - 00001169 _____ C:\Users\Public\Desktop\B4A.lnk
2016-09-22 12:22 - 2015-09-19 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B4A
2016-09-21 14:58 - 2012-02-23 12:31 - 00000000 ____D C:\Users\Ben\AppData\Local\Deployment
 
==================== Files in the root of some directories =======
 
2015-12-15 11:47 - 2016-09-24 15:25 - 0004015 _____ () C:\Users\Ben\AppData\Roaming\LTspiceIV.ini
2015-11-28 09:46 - 2015-11-28 09:46 - 29380776 _____ (Sony Mobile Communications                                  ) C:\Users\Ben\AppData\Local\pcc.exe
2011-11-22 11:06 - 2011-11-22 11:06 - 0001543 _____ () C:\Users\Ben\AppData\Local\PDLSetup.20111122.110622.txt
2011-12-31 15:03 - 2011-12-31 15:04 - 0001566 _____ () C:\Users\Ben\AppData\Local\PDLSetup.20111231.150358.txt
2016-10-12 20:02 - 2016-10-12 20:02 - 0002160 _____ () C:\Users\Ben\AppData\Local\recently-used.xbel
2011-12-11 12:59 - 2016-01-16 18:34 - 0007614 _____ () C:\Users\Ben\AppData\Local\Resmon.ResmonCfg
2011-05-22 13:45 - 2011-05-22 13:45 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2011-01-30 15:19 - 2011-01-30 15:19 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-05-22 13:45 - 2011-05-22 13:45 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2011-01-30 15:18 - 2011-01-30 15:19 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-05-22 13:44 - 2011-05-22 13:44 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2011-01-30 15:18 - 2011-01-30 15:18 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
ZeroAccess:
C:\Users\Ben\AppData\Local\Google\Desktop\Install
 
Some files in TEMP:
====================
C:\Users\Ben\AppData\Local\Temp\avguirn_081333590741.exe
C:\Users\Ben\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmylqb3.dll
C:\Users\Ben\AppData\Local\Temp\i4jdel0.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-10-10 10:39
 
==================== End of FRST.txt ============================

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:29 AM

Posted 16 October 2016 - 12:14 PM

Hi mindstorms81

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.
6. Please follow steps in the correct order.

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Bearshare, uTorrent etc.) and downloading files from non-documented sources, you can expect infestations of malware and system problems to occur.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.


Step 1
Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


Step 2
Please download RogueKiller Anti-malware (Free) onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on RogueKiller Anti-malware to install the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Select Accept the User Agreement then continue to click Next then finally click Install
  • Click Finish
    .
  • When the program opens..... click Scan

    rk1_zpsn7bfbew7.png
  • Click Start Scan

    rk2_zpszu8aygv0.png

    rk4_zpsj0fwsy1w.png
  • Double check anything found and tick to select items to be removed

    rk3_zps0k0uqbtb.png
  • Click Remove Selected
  • When the items have been removed.... Click Open Report >> Open TXT.
  • Copy and paste that report into your next reply.
In your next reply, please submit:
Fixlog.txt
RogueKiller report


Thanks.

Attached Files


BBPP6nz.png


#3 mindstorms81

mindstorms81
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 17 October 2016 - 06:31 AM

Hello,
 
Please find attached requested reports,
 
Regards,
 
Ben.
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 16-10-2016
Ran by Ben (17-10-2016 07:03:55) Run:1
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben (Available Profiles: Ben)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2420124301-4185568838-3241564264-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-2420124301-4185568838-3241564264-1000\...\MountPoints2: {14c30cdf-887f-11e6-b5e1-cc52af86b6f8} - E:\startme.exe
HKU\S-1-5-21-2420124301-4185568838-3241564264-1000\...\MountPoints2: {1556e0e4-9274-11e5-a010-ce117944917e} - E:\startme.exe
HKU\S-1-5-21-2420124301-4185568838-3241564264-1000\...\MountPoints2: {27a30da5-e3bf-11e2-8008-2c27d7a9969c} - D:\Setup.exe
HKU\S-1-5-21-2420124301-4185568838-3241564264-1000\...\MountPoints2: {3d66753b-1abe-11e3-97e7-95ec32960685} - F:\Setup.exe
HKU\S-1-5-21-2420124301-4185568838-3241564264-1000\...\MountPoints2: {6c81a01e-41ea-11e4-a451-e7fbd1ed7687} - F:\Setup.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll => No File
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll => No File
Toolbar: HKU\S-1-5-21-2420124301-4185568838-3241564264-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2420124301-4185568838-3241564264-1000 -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} -  No File
Toolbar: HKU\S-1-5-21-2420124301-4185568838-3241564264-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 pcidnt; \SystemRoot\System32\Drivers\pcidnt.sys [X]
C:\Users\Ben\AppData\Local\Google\Desktop\Install
C:\Users\Ben\AppData\Local\Temp\avguirn_081333590741.exe
C:\Users\Ben\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmylqb3.dll
C:\Users\Ben\AppData\Local\Temp\i4jdel0.exe
Task: {16419238-8938-48FB-973D-959E9961686E} - System32\Tasks\{A4DD50A5-C617-44E7-835E-67EF16568EFC} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {DBD7205B-FE3F-4C70-B553-3376AEB6DDF0} - System32\Tasks\{00622409-A5FF-4371-860D-8E5991A3E568} => pcalua.exe -a C:\Users\Ben\AppData\Local\Temp\jre-8u91-windows-au.exe -d "C:\Program Files\Java\jre1.8.0_77\bin" -c /installmethod=jau-m FAMILYUPGRADE=1 <==== ATTENTION
Task: {C1A3563F-0ED0-4828-B9D2-A8CBEBD9082D} - System32\Tasks\{309D8C97-79DB-4CF2-9A4E-4A70723DDBB8} => pcalua.exe -a "C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SS5SCI0\vmp_full_installer.exe" -d C:\Users\Ben\Desktop
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
 
 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2420124301-4185568838-3241564264-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully
"HKU\S-1-5-21-2420124301-4185568838-3241564264-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14c30cdf-887f-11e6-b5e1-cc52af86b6f8}" => key removed successfully
HKCR\CLSID\{14c30cdf-887f-11e6-b5e1-cc52af86b6f8} => key not found. 
"HKU\S-1-5-21-2420124301-4185568838-3241564264-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1556e0e4-9274-11e5-a010-ce117944917e}" => key removed successfully
HKCR\CLSID\{1556e0e4-9274-11e5-a010-ce117944917e} => key not found. 
"HKU\S-1-5-21-2420124301-4185568838-3241564264-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27a30da5-e3bf-11e2-8008-2c27d7a9969c}" => key removed successfully
HKCR\CLSID\{27a30da5-e3bf-11e2-8008-2c27d7a9969c} => key not found. 
"HKU\S-1-5-21-2420124301-4185568838-3241564264-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d66753b-1abe-11e3-97e7-95ec32960685}" => key removed successfully
HKCR\CLSID\{3d66753b-1abe-11e3-97e7-95ec32960685} => key not found. 
"HKU\S-1-5-21-2420124301-4185568838-3241564264-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c81a01e-41ea-11e4-a451-e7fbd1ed7687}" => key removed successfully
HKCR\CLSID\{6c81a01e-41ea-11e4-a451-e7fbd1ed7687} => key not found. 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => key removed successfully
"HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => key removed successfully
HKU\S-1-5-21-2420124301-4185568838-3241564264-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
HKU\S-1-5-21-2420124301-4185568838-3241564264-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2E924F4F-67F0-4BD8-9560-49F468E843D2} => value removed successfully
HKCR\CLSID\{2E924F4F-67F0-4BD8-9560-49F468E843D2} => key not found. 
HKU\S-1-5-21-2420124301-4185568838-3241564264-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found. 
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => key removed successfully
BTCFilterService => service removed successfully
clwvd => service removed successfully
dbx => service removed successfully
motandroidusb => service removed successfully
motccgp => service removed successfully
motccgpfl => service removed successfully
motmodem => service removed successfully
MotoSwitchService => service removed successfully
Motousbnet => service removed successfully
motusbdevice => service removed successfully
pcidnt => service removed successfully
C:\Users\Ben\AppData\Local\Google\Desktop\Install => moved successfully
C:\Users\Ben\AppData\Local\Temp\avguirn_081333590741.exe => moved successfully
C:\Users\Ben\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmylqb3.dll => moved successfully
C:\Users\Ben\AppData\Local\Temp\i4jdel0.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16419238-8938-48FB-973D-959E9961686E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16419238-8938-48FB-973D-959E9961686E}" => key removed successfully
C:\Windows\System32\Tasks\{A4DD50A5-C617-44E7-835E-67EF16568EFC} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A4DD50A5-C617-44E7-835E-67EF16568EFC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DBD7205B-FE3F-4C70-B553-3376AEB6DDF0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBD7205B-FE3F-4C70-B553-3376AEB6DDF0}" => key removed successfully
C:\Windows\System32\Tasks\{00622409-A5FF-4371-860D-8E5991A3E568} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{00622409-A5FF-4371-860D-8E5991A3E568}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1A3563F-0ED0-4828-B9D2-A8CBEBD9082D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1A3563F-0ED0-4828-B9D2-A8CBEBD9082D}" => key removed successfully
C:\Windows\System32\Tasks\{309D8C97-79DB-4CF2-9A4E-4A70723DDBB8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{309D8C97-79DB-4CF2-9A4E-4A70723DDBB8}" => key removed successfully
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 125878103 B
Java, Flash, Steam htmlcache => 1683 B
Windows/system/drivers => 182799000 B
Edge => 0 B
Chrome => 608009700 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 83708 B
Public => 0 B
ProgramData => 0 B
systemprofile => 43353641 B
systemprofile32 => 764161 B
LocalService => 66228 B
NetworkService => 69878 B
Ben => 1321462267 B
 
 
 
RogueKiller V12.7.2.0 (x64) [Oct 15 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ben [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 10/17/2016 07:14:01 (Duration : 15:07:23)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 22 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\MetaStream -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Viewpoint -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\W3i -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-21-2420124301-4185568838-3241564264-1000\Software\eSupport.com -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-21-2420124301-4185568838-3241564264-1000\Software\SlimWare Utilities Inc -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-21-2420124301-4185568838-3241564264-1000\Software\Viewpoint -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-21-2420124301-4185568838-3241564264-1000\Software\eSupport.com -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-21-2420124301-4185568838-3241564264-1000\Software\SlimWare Utilities Inc -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-21-2420124301-4185568838-3241564264-1000\Software\Viewpoint -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Viewpoint Service ("C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe") -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Viewpoint Service ("C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe") -> Deleted
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2420124301-4185568838-3241564264-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Replaced (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2420124301-4185568838-3241564264-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Replaced (http://search.msn.com/spbasic.htm)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AB680061-2260-40AE-BB31-81A6C0962486} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=c:\users\ben\appdata\roaming\allmyapps\allmyapps.exe|Name=Allmyapps| [x] -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AB680061-2260-40AE-BB31-81A6C0962486} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=c:\users\ben\appdata\roaming\allmyapps\allmyapps.exe|Name=Allmyapps| [x] -> Deleted
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2420124301-4185568838-3241564264-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2420124301-4185568838-3241564264-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Replaced (1)
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 3 ¤¤¤
[PUP][Folder] C:\Users\Ben\AppData\Roaming\Allmyapps -> Deleted
[PUP][Folder] C:\ProgramData\Viewpoint -> Deleted
[PUP][File] C:\ProgramData\Viewpoint\Viewpoint Manager\config.ini -> Deleted
[PUP][File] C:\ProgramData\Viewpoint\Viewpoint Manager\Downloads\Cache\63ECC6E2C349425BA550B27F54E93D8A38C9E4E5.dat -> Deleted
[PUP][File] C:\ProgramData\Viewpoint\Viewpoint Manager\Downloads\Cache\6637A0A24788498B3F31D5E68500FED78348AC77.dat -> Deleted
[PUP][File] C:\ProgramData\Viewpoint\Viewpoint Manager\Downloads\Cache\6A166E84C45EC276DBB65A7996EFB86E493B4957.dat -> Deleted
[PUP][File] C:\ProgramData\Viewpoint\Viewpoint Manager\Downloads\Cache\8222A8889710CA16BC92F3A16611AD25AB7B8F46.dat -> Deleted
[PUP][File] C:\ProgramData\Viewpoint\Viewpoint Manager\Downloads\Cache\8275D32A80F42B9352E82330BF30951492F85414.dat -> Deleted
[PUP][File] C:\ProgramData\Viewpoint\Viewpoint Manager\Downloads\Cache\8523BA4BDD26C9015372E0612388D3A693ECF825.dat -> Deleted
[PUP][File] C:\ProgramData\Viewpoint\Viewpoint Manager\Downloads\Cache\cache.ini -> Deleted
[PUP][File] C:\ProgramData\Viewpoint\Viewpoint Manager\Downloads\Cache\EA9989A475C1C7E141B4CF4C02FDC7F94A1A6D74.dat -> Deleted
[PUP][File] C:\ProgramData\Viewpoint\Viewpoint Manager\Downloads\Cache\FBC98F6BFA9328F33B48DFB25539F435C30FFA74.dat -> Deleted
[PUP][Folder] C:\ProgramData\Viewpoint\Viewpoint Manager\Downloads\Cache -> Deleted
[PUP][Folder] C:\ProgramData\Viewpoint\Viewpoint Manager\Downloads -> Deleted
[PUP][File] C:\ProgramData\Viewpoint\Viewpoint Manager\history.ini -> Deleted
[PUP][File] C:\ProgramData\Viewpoint\Viewpoint Manager\locate-akamai.mtx -> Deleted
[PUP][File] C:\ProgramData\Viewpoint\Viewpoint Manager\locate.mtz -> Deleted
[PUP][File] C:\ProgramData\Viewpoint\Viewpoint Manager\policy-akamai.mtx -> Deleted
[PUP][File] C:\ProgramData\Viewpoint\Viewpoint Manager\ServicesRegistry.xml -> Deleted
[PUP][File] C:\ProgramData\Viewpoint\Viewpoint Manager\updates-akamai.mtx -> Deleted
[PUP][File] C:\ProgramData\Viewpoint\Viewpoint Manager\vdt.dat -> Deleted
[PUP][Folder] C:\ProgramData\Viewpoint\Viewpoint Manager -> Deleted
[PUP][Folder] C:\Program Files (x86)\Viewpoint -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Common\VistaBoot.sdll -> Deleted
[PUP][Folder] C:\Program Files (x86)\Viewpoint\Common -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\CPtask.xml -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewCP.cpl -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewCPData\images\s.gif -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_av.gif -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_up.gif -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif -> Deleted
[PUP][Folder] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewCPData\images -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewCPData\options.ini -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewCPData\viewpoint.ico -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewCPData\vmctrl.html -> Deleted
[PUP][Folder] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewCPData -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewCPexe.exe -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewMgrCore.dll -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe -> Deleted
[PUP][Folder] C:\Program Files (x86)\Viewpoint\Viewpoint Manager -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\AxMetaStream.dll -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\ComponentMgr.dll -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\Components\Cursors.dll -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\Components\SWFView.dll -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\Components\SWFViewHost.dll -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\Components\VETScriptInterpreter.dll -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll -> Deleted
[PUP][Folder] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\Components -> Deleted
[PUP][Folder] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\DownloadedComponents -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\HostRegistry.ini -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\MetaStreamID.ini -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt -> Deleted
[PUP][Folder] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\NewComponents -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.xpt -> Deleted
[PUP][Folder] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\UserShell\AOL9 -> Deleted
[PUP][Folder] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus -> Deleted
[PUP][Folder] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\UserShell -> Deleted
[PUP][File] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\VMPUpdateCount.ini -> Deleted
[PUP][Folder] C:\Program Files (x86)\Viewpoint\Viewpoint Media Player -> Deleted
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1059GSM +++++
--- User ---
[MBR] cf15d1a50f2a19fe1e0a297a2f09cc6f
[BSP] 0c41d3f5e40c8e0c3d69ba32c69b35ac : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 912847 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 1869922302 | Size: 40821 MB
User = LL1 ... OK
User = LL2 ... OK


#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:29 AM

Posted 17 October 2016 - 06:55 AM

That's looking a lot better.
How's the system running now?

BBPP6nz.png


#5 mindstorms81

mindstorms81
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 18 October 2016 - 04:59 AM

Cheers Starbuck. The system seems to be running fine.

Would any of the issues found have caused any security breaches? e.g. Stolen passwords etc.?

#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:29 AM

Posted 18 October 2016 - 11:37 AM

Hi mindstorms
 

Would any of the issues found have caused any security breaches? e.g. Stolen passwords etc.?

With this type of malware we have no way of telling what has been done, so yes I'd suggest changing your passwords for anything you use the PC for. (best to be safe than sorry)

I have a little more work for you :)

Security Issues

These are out of date and pose a security risk:

Adobe Flash Player 19
Adobe Reader XI
Adobe Shockwave Player 11.5


You can download the latest versions from the links below.

Adobe Flash Player

Latest version: https://get.adobe.com/flashplayer/

Unclick the optional offer of installing McAfee Security Scan and True Key by Intel Security before clicking Install now.


Adobe Reader

Latest version: https://get.adobe.com/uk/reader/

Unclick the optional offer of installing McAfee Security Scan and True Key by Intel Security before clicking Install now.


Adobe Shockwave Player

Latest version: https://get.adobe.com/shockwave/

-----------------
As you have the latest version of Java, these older versions should be removed.
Older versions have vulnerabilities that malware can use to infect your system

Java SE Development Kit 7 Update 45
Java SE Development Kit 8 Update 60


----------------
QuickTime 7

Please uninstall Quicktime for Windows.

It is now a security risk:
Apple is deprecating QuickTime for Microsoft Windows.
They will no longer be issuing security updates for the product on the Windows Platform and as such they recommend users uninstall it.

And because Apple is no longer providing security updates for QuickTime on Windows, the present vulnerabilities are never going to be patched.



After a scan by Malwarebytes, some folders have been detected as, "Trojan.0Access".

Run MBAM again.....
Is the MBAM scan showing clean now?

BBPP6nz.png


#7 mindstorms81

mindstorms81
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 18 October 2016 - 06:55 PM

Starbuck,

 

I have uninstalled/updated the applications you mentioned.

 

Completed another MBAM scan and the report is as follows:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 19/10/2016
Scan Time: 9:57 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.10.18.14
Rootkit Database: v2016.09.26.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ben
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 446216
Time Elapsed: 52 min, 50 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.DriverUpdate, C:\WINDOWS\SYSTEM32\drivers\SWDUMon.sys, , [4c2d24eb13f611ac742809a2aaa25be1], 
PUP.Optional.DriverUpdate, C:\Users\Ben\AppData\Local\AVG Netherlands BV\AVG Driver Updater\SWDUMon.sys, , [b7ff4852f2a83bfbf29d5cb762a3f808], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
AVG had completed an auto-update today.


#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:29 AM

Posted 19 October 2016 - 11:09 AM

Hi mindstorms

All looking good now. :)

Let's finish the cleaning process and remove the tools we have used.

Step 1
Restart MBAM.
Click on the History tab >> Quarantine
Tick to select all items (if any there ) and then click the Delete button.
Close MBAM.

Step 2
FRST can now be removed:

Right click on the FRST icon and select delete.
Right click on any fixlog.txt or fixlist.txt files and select delete.
Navigate to: C:\frst and delete the frst folder

Step 3
RogueKiller AntiMalware can be uninstalled from the uninstall list:

Win7:
Click the Start button >> Control Panel >> Programs >> Programs and Features.

Win8:
Right click on the Start button >> select Programs and Features

Win10:
Right click on the Start button >> select Programs and Features


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Use an AntiVirus Software

Only install one AntiVirus program at a time

Use a Firewall

Only install one software Firewall

Scan regularly with a 'Stand Alone' Anti-Malware scanner:
Installing another scanner that you can run once or twice a week is always beneficial.
Something like:Remember to update these programs each time before running.
You can install more than one of these if you only run them as stand alone programs.

Install an AdBlocker
Firefox: uBlock Origin
Google Chrome: uBlock Origin

uBlock Origin is NOT an "ad blocker" as such: it is a wide-spectrum blocker -- which happens to be able to function as a mere "ad blocker".
The default behavior of uBlock Origin when newly installed is to block ads, trackers and malware sites
.

Internet Explorer:
Adblock Plus for Internet Explorer

P2P programs/Torrents
Don't be tempted to use Peer to Peer programs.
Many of the downloads are bundled with malware.

Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

Safe surfing. Computer_addict__by_Sinister_Starfeesh.g

Edited by Starbuck, 19 October 2016 - 11:10 AM.

BBPP6nz.png


#9 mindstorms81

mindstorms81
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 20 October 2016 - 04:36 PM

Thanks Starbuck for all your help. Much appreciated.

 

This topic can now be removed from the forums.

 

Kind Regards,

 

Ben.



#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:29 AM

Posted 20 October 2016 - 04:53 PM

You are more than welcome mindstorms

We don't remove threads, but we do lock them.

As this topic has been resolved this thread will now be closed.

If you need this topic reopened, please contact one of the moderating team by PM and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users