Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected, computer running slow when on internet


  • This topic is locked This topic is locked
12 replies to this topic

#1 Webtracker

Webtracker

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:10:55 PM

Posted 06 November 2016 - 02:21 PM

I have been having some issues for the last few weeks with my internet. The computer does seem to be running fine most of the time but when I am responding to my emails, or writing new emails using internet explorer 11, it just is so slow, I start typing and takes a few seconds for the typing to catch up, and I am not even a fast typer.  There is a delay of at least two to three seconds before I can continue typing my email. Browsing and downloading speeds seem to be fine. I ran a number of tools to see if this would be a virus, some tools I ran I do not know how to interpret the results. I am using windows 7 professional. Office 2007 (I am not using outlook for my emails I log into the webbased interface to do the majority of my emails. I have ran the following tools with no malware found: Malwarebytes, JRT, adwcleaner, roguekiller, and the Emisoft emergency Kit. Nothing serious was found except for false positives and browser settings. I did use the TFC (temp file cleaner) tool to remove old temp files.   I do have spybot search and destroy, and MS security essentials installed and running in the background. I have run FRST64 but I do not understand what to look for or how to fix problems. All my other applications seem to be running fine. I normally log on as user without admin rights and only when I want to install applications or configure my computer I log with the administrator account. I have noticed some strange behavior when I do log on as administrator such as popups with MS security essentials. it says it found some thing and wants me to restart my computer to finish clean up but after the restart I get the same popup. I can attach the frst files for analysis. Then you can recommend how to proceed. I have chrome installed and use it as my default browser when checking for my outlook (Hotmail) email or my gmail. Oh I do have 4gb ram and a quad core processor. The computer works fine most of the time as far as speed is concerned it is just when I am composing my emails in chrome and now with issues in MS security essentials. Maybe I just need to reinstall the app. Chrome has the latest updates installed.

Attached Files


Edited by Webtracker, 06 November 2016 - 02:28 PM.


BC AdBot (Login to Remove)

 


#2 Webtracker

Webtracker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:10:55 PM

Posted 06 November 2016 - 02:41 PM

Attached File  popup.PNG   23.86KB   0 downloads I am getting a new popup after I updated chrome and restarted it. I never seen this type of popup and do not know if it is legit... I have attached the snip file that I have created using the snipping tool. The popup states MS security essentials wants to reset your chrome settings to default and change my home page, etc. see attachment.

 

I actually found out the reason microsoft security essentials was asking to restart is because it detected a severe trojan horse virus. Behavior:Win32/Powessere.D   which it did quarantine, but rogue killer runs so far then it quits. 


Edited by Webtracker, 06 November 2016 - 04:29 PM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:55 AM

Posted 08 November 2016 - 11:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-3625527535-722659519-321427626-1001 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-3625527535-722659519-321427626-1001 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-3625527535-722659519-321427626-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-3625527535-722659519-321427626-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3625527535-722659519-321427626-1001\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3625527535-722659519-321427626-1000\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-3625527535-722659519-321427626-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-30]
CHR Extension: (Chrome Media Router) - C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-15]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S4 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

===

Reset Chrome THIS WAY.
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.
===

If Firefox is giving you some problems.
Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox
<<<>>>

Please post the Fixlog.txt and let me know what problem persists.

#4 Webtracker

Webtracker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:10:55 PM

Posted 09 November 2016 - 09:06 PM

First I want to thankyou for helping me. I did not realize you post an answer to my thread, until I checked this evening. Here are my results

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Robert (09-11-2016 18:51:21) Run:1
Running from C:\Users\Robert\Desktop
Loaded Profiles: Robert (Available Profiles: Robert & Blinky)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-21-3625527535-722659519-321427626-1001 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-3625527535-722659519-321427626-1001 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-3625527535-722659519-321427626-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-3625527535-722659519-321427626-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3625527535-722659519-321427626-1001\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3625527535-722659519-321427626-1000\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-3625527535-722659519-321427626-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-30]
CHR Extension: (Chrome Media Router) - C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-15]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S4 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
End
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
HKU\S-1-5-21-3625527535-722659519-321427626-1001 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION => not found
HKU\S-1-5-21-3625527535-722659519-321427626-1001 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION => not found
HKU\S-1-5-21-3625527535-722659519-321427626-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION => not found
HKU\S-1-5-21-3625527535-722659519-321427626-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION => not found
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key could not remove. Access Denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key could not remove. Access Denied.
HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key could not remove. Access Denied.
HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key could not remove. Access Denied.
HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key could not remove. Access Denied.
HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found. 
 
"C:\Windows\system32\GroupPolicy\Machine" folder move:
 
Could not move "C:\Windows\system32\GroupPolicy\Machine" => Scheduled to move on reboot.
 
Could not move "C:\Windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
Could not move "C:\Windows\SysWOW64\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
 
"C:\Windows\system32\GroupPolicy\User" folder move:
 
Could not move "C:\Windows\system32\GroupPolicy\User" => Scheduled to move on reboot.
 
Could not move "C:\Windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
Could not move "C:\Windows\SysWOW64\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3625527535-722659519-321427626-1001\User" => not found.
Could not move "C:\Windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
Could not move "C:\Windows\SysWOW64\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
 
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3625527535-722659519-321427626-1000\User" folder move:
 
Could not move "C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3625527535-722659519-321427626-1000\User" => Scheduled to move on reboot.
 
Could not move "C:\Windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
Could not move "C:\Windows\SysWOW64\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
 
"C:\Windows\system32\GroupPolicy\Machine" folder move:
 
Could not move "C:\Windows\system32\GroupPolicy\Machine" => Scheduled to move on reboot.
 
Could not move "C:\Windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
Could not move "C:\Windows\SysWOW64\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
HKLM\SOFTWARE\Policies\Google => key could not remove. Access Denied.
HKU\S-1-5-21-3625527535-722659519-321427626-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-3625527535-722659519-321427626-1000-{{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-3625527535-722659519-321427626-1000-{{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key could not remove. Access Denied.
C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => not found
C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => not found
dgderdrv => service could not remove
DgiVecp => service could not remove
"C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24296290 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 49421354 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 0 B
Robert => 1517297 B
Blinky => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 71.7 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 09-11-2016 18:59:35)
 
==> ATTENTION: System is not rebooted.
"C:\Windows\system32\GroupPolicy\Machine" => Could not move
"C:\Windows\system32\GroupPolicy\GPT.ini" => Could not move
"C:\Windows\SysWOW64\GroupPolicy\GPT.ini" => Could not move
"C:\Windows\system32\GroupPolicy\User" => Could not move
"C:\Windows\system32\GroupPolicy\GPT.ini" => Could not move
"C:\Windows\SysWOW64\GroupPolicy\GPT.ini" => Could not move
"C:\Windows\system32\GroupPolicy\GPT.ini" => Could not move
"C:\Windows\SysWOW64\GroupPolicy\GPT.ini" => Could not move
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3625527535-722659519-321427626-1000\User" => Could not move
"C:\Windows\system32\GroupPolicy\GPT.ini" => Could not move
"C:\Windows\SysWOW64\GroupPolicy\GPT.ini" => Could not move
"C:\Windows\system32\GroupPolicy\Machine" => Could not move
"C:\Windows\system32\GroupPolicy\GPT.ini" => Could not move
"C:\Windows\SysWOW64\GroupPolicy\GPT.ini" => Could not move
 
==== End of Fixlog 18:59:35 ====
 
Waiting to see where to go next. Thanks again for your help. I do not have firefox installed, but I cleared the browser settings in chrome and set them to factory default as suggested. I also cleared the browsing history and cleared the cache. 
 
I also reset my internet explorer settings as well. cleared the cache and reset setting to default. 
 
Before I received your response I tried to run rogue killer several time it goes so far then it just shuts down then all of a sudden MS security essentials says it found an infection and is cleaning it. Then when I opened chrome I get a message saying that MS security essentials has found an infection and I get that popup previously posted. Even after manually resetting the chrome settings and clearing the browsing history and cookies.  I tried unplugging my network cable as I did not want to be further infected but I noticed that when I run the FRST application  is you instructed it tries to update so I replugged in the network cable. The FRST application did what it was supposed to it ran then it restarted the computer and took quite a while to apply settings. It rebooted twice while installing updates, which is a good sign that it was doing something. Now windows is asking to install windows updates. But I want to wait for further advice before I do so. I am running the rogue killer, as it scanned so far a number of times then it crashes and ms security essentials found an infection and is cleaning it. I am wondering if it has to do with the malware that rogue killer found and was quaritined it and MS security essentials caught the error and halted the application. As that is what seemed like what had happened. I am running a scan with Rogue killer once more, just to see if it can run with out crashing again. It has already found six items. Sorry for going ahead of you. I just wanted to make sure I am clean now. 
I guess I am still infected as MS security essentials did a scan and found Behavior: Win32/Powessere.D 
See attachment. 
 

Attached Files


Edited by Webtracker, 09 November 2016 - 09:55 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:55 AM

Posted 10 November 2016 - 10:11 AM



Apparently Windows Defender can remove this infection.
https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Behavior%3AWin32%2FPowessere.D

Disable Microsoft Security Essential and run the Windows defender security program..

Restart the computer normally.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

p.s.
Please run the Farbar program normally and post fresh FRST and Addition.txt files for my review.

#6 Webtracker

Webtracker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:10:55 PM

Posted 11 November 2016 - 01:31 AM

I think I am clean... I did a scan with windows defender offline scan (created a bootable device that booted to the windows defender offline scan and ran the scan that way). It did not find any infections although it took over 2 hours to run. 

I then ran the zoek app. Here are the results

 

 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Blinky on Thu 11/10/2016 at 22:50:33.64.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: I:\virus help\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
11/10/2016 10:51:33 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\MarkAny deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\Program Files\CDBurnerXP deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\Users\Blinky\AppData\Local\CrashDumps deleted successfully
C:\Users\Blinky\AppData\Local\VirtualStore deleted successfully
C:\Users\Robert\AppData\Local\FluxSoftware deleted successfully
C:\Users\Robert\AppData\Local\MigWiz deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\MarkAny not found
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\Users\Robert\.android deleted
C:\Users\Blinky\AppData\Roaming\WB.CFG deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
"C:\Users\Blinky\AppData\Roaming\Lesulecege" deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn" [02/07/2016 02:31 PM]
 
==== Chromium Look ======================
 
Google Chrome Version: 44.0.2403.89
 
 
Chrome Media Router - Blinky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Kindle Cloud Reader - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfcidnhfgllloclgemladhopcimnmokl
Chrome Media Router - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{d4fee3d1-1014-4db8-a824-573bf9ab51c7}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown  Url="Not_Found"
 
==== Reset Google Chrome ======================
 
C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-3625527535-722659519-321427626-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GwxControlPanelMonitor deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Blinky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Blinky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=9 folders=6 24412 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Blinky\AppData\Local\Temp will be emptied at reboot
C:\Users\Robert\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Blinky\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Thu 11/10/2016 at 23:09:12.69 ======================
 
 
Here is the FRST and addition txt that I ran from the FRST test
 
can result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by Blinky (administrator) on OFFICE (10-11-2016 23:10:26)
Running from C:\Users\Blinky\Desktop
Loaded Profiles: Blinky (Available Profiles: Robert & Blinky)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-3625527535-722659519-321427626-1001 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-3625527535-722659519-321427626-1001 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-01-20] (Microsoft Corporation)
HKU\S-1-5-18\...A8F59079A8D5}\localserver32:  <==== ATTENTION
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll [2016-06-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll [2016-06-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll [2016-06-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [2016-06-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [2016-06-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [2016-06-19] (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-3625527535-722659519-321427626-1001\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3625527535-722659519-321427626-1000\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 64.59.184.17 64.59.191.229 64.59.191.229
Tcpip\..\Interfaces\{A5768643-7B94-4822-B286-032FE8645313}: [DhcpNameServer] 64.59.184.17 64.59.191.229 64.59.191.229
 
Internet Explorer:
==================
HKU\S-1-5-21-3625527535-722659519-321427626-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131232194830317979&GUID=7932557E-05B6-4F15-BFC0-0845A2846F66
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3625527535-722659519-321427626-1001 -> DefaultScope {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3625527535-722659519-321427626-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3625527535-722659519-321427626-1001 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-16] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-16] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-02-07] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-20] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Ctxusbr; C:\Windows\System32\DRIVERS\ctxusbr.sys [79192 2015-07-01] (Citrix Systems, Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp; C:\EEK\bin64\epp.sys [116944 2016-06-30] (Emsisoft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [49752 2010-11-09] (Sunbelt Software)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-11-09] ()
S4 dgderdrv; System32\drivers\dgderdrv.sys [X]
S4 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-10 23:05 - 2016-11-10 22:50 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-11-10 22:50 - 2016-11-10 23:02 - 00000000 ____D C:\zoek_backup
2016-11-10 19:58 - 2016-11-10 19:58 - 00000000 ____D C:\Windows\Microsoft Antimalware
2016-11-09 19:25 - 2016-11-09 19:25 - 25531464 _____ C:\Users\Blinky\Desktop\RogueKillerX64.exe
2016-11-09 18:51 - 2016-11-09 18:59 - 00009547 _____ C:\Users\Robert\Desktop\Fixlog.txt
2016-11-07 01:22 - 2016-11-07 01:22 - 00000000 ____D C:\Users\Blinky\Desktop\tdsskiller
2016-11-07 01:12 - 2016-11-07 01:12 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2016-11-07 00:50 - 2016-11-07 04:29 - 00000000 ____D C:\VIPRERESCUE
2016-11-07 00:50 - 2016-11-07 00:50 - 00000000 _____ C:\Windows\SysWOW64\SBRC.dat
2016-11-07 00:50 - 2010-11-09 14:56 - 00049752 _____ (Sunbelt Software) C:\Windows\system32\Drivers\SBREDrv.sys
2016-11-07 00:50 - 2010-11-09 14:56 - 00027472 _____ (Sunbelt Software) C:\Windows\system32\sbbd.exe
2016-11-07 00:44 - 2016-11-07 00:46 - 00197286 _____ C:\TDSSKiller.3.1.0.11_07.11.2016_00.44.41_log.txt
2016-11-07 00:43 - 2016-11-10 22:43 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-11-07 00:43 - 2016-11-07 00:43 - 00000366 _____ C:\TDSSKiller.3.0.0.19_07.11.2016_00.43.51_log.txt
2016-11-07 00:41 - 2016-11-07 00:41 - 00138521 _____ C:\Users\Blinky\Desktop\ThreatList.txt
2016-11-07 00:38 - 2016-11-07 00:46 - 00000112 ___RH C:\Users\Blinky\Desktop\Stinger.opt
2016-11-07 00:34 - 2016-11-07 00:34 - 00000000 ____D C:\Program Files\McAfee
2016-11-07 00:33 - 2016-11-07 00:46 - 00000000 ____D C:\Program Files (x86)\stinger
2016-11-07 00:33 - 2016-11-07 00:33 - 16787824 _____ (McAfee Inc) C:\Users\Blinky\Desktop\stinger32.exe
2016-11-07 00:25 - 2016-11-07 01:27 - 00000000 ____D C:\Users\Blinky\Desktop\mbar
2016-11-06 21:59 - 2016-11-06 21:59 - 00001879 _____ C:\Users\Blinky\Desktop\JRT.txt
2016-11-06 21:59 - 2016-11-06 10:59 - 02410496 _____ (Farbar) C:\Users\Robert\Desktop\FRST64.exe
2016-11-06 21:59 - 2016-11-03 22:43 - 03910208 _____ C:\Users\Robert\Desktop\adwcleaner_6.030.exe
2016-11-06 21:59 - 2016-07-17 09:40 - 01610560 _____ (Malwarebytes) C:\Users\Robert\Desktop\JRT.exe
2016-11-06 21:53 - 2016-11-06 21:56 - 00001420 _____ C:\Users\Blinky\Desktop\Rkill.txt
2016-11-06 16:33 - 2016-11-06 16:33 - 00000000 ____D C:\Users\Robert\AppData\Local\GlassWire
2016-11-06 12:01 - 2016-11-06 12:01 - 00000000 ____D C:\Users\Blinky\AppData\Local\GlassWire
2016-11-06 11:44 - 2016-11-06 11:44 - 00000000 ____D C:\ProgramData\GlassWire
2016-11-06 11:01 - 2016-11-06 23:02 - 00028543 _____ C:\Users\Blinky\Desktop\Addition.txt
2016-11-06 10:59 - 2016-11-10 23:11 - 00010859 _____ C:\Users\Blinky\Desktop\FRST.txt
2016-11-06 10:59 - 2016-11-06 10:59 - 02410496 _____ (Farbar) C:\Users\Blinky\Desktop\FRST64.exe
2016-11-06 10:55 - 2016-11-06 10:55 - 33651696 _____ (Adlice Software ) C:\Users\Blinky\Desktop\Rogue killer.exe
2016-11-03 23:24 - 2016-11-03 23:25 - 00004358 _____ C:\Users\Robert\Desktop\Rkill.txt
2016-11-03 23:03 - 2016-11-03 23:03 - 00000000 ____D C:\Users\Blinky\AppData\Local\Deployment
2016-11-03 23:03 - 2016-11-03 23:03 - 00000000 ____D C:\Users\Blinky\AppData\Local\Apps\2.0
2016-11-03 22:43 - 2016-11-03 22:43 - 03910208 _____ C:\Users\Blinky\Desktop\adwcleaner_6.030.exe
2016-11-03 22:40 - 2016-06-18 22:15 - 00448512 _____ (OldTimer Tools) C:\Users\Blinky\Desktop\TFC.exe
2016-11-03 19:24 - 2016-09-15 07:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-03 19:24 - 2016-09-13 08:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-03 19:24 - 2016-09-13 08:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-03 19:24 - 2016-09-09 11:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-03 19:24 - 2016-09-09 11:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-03 19:24 - 2016-08-22 09:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-02 22:18 - 2016-11-02 22:31 - 00013560 _____ C:\Users\Robert\Downloads\DellSystemDetectLauncher.Application
2016-11-02 21:48 - 2016-11-02 21:48 - 08402902 _____ C:\Users\Robert\Downloads\optiplex-9030-aio_owner's manual_en-us.pdf
2016-11-02 20:39 - 2016-11-02 20:39 - 00054548 _____ C:\Users\Robert\Downloads\technet.microsoft.com-Slmgrvbs Options for Volume Activation.pdf
2016-11-02 20:37 - 2016-11-02 20:37 - 00404226 _____ C:\Users\Robert\Downloads\howtogeek.com-How to Use Slmgr to Change Remove or Extend Your Windows License.pdf
2016-11-02 19:02 - 2016-11-02 19:02 - 00277360 _____ C:\Users\Robert\Downloads\103116-80293-01.dmp
2016-11-02 18:47 - 2016-11-02 18:47 - 00031135 _____ C:\Users\Robert\Downloads\EsponExample.pdf
2016-11-01 18:11 - 2016-11-01 18:11 - 00807385 _____ C:\Users\Robert\Downloads\20161101073125335.pdf
2016-10-31 19:50 - 2016-10-31 19:50 - 00005099 _____ C:\Users\Robert\Documents\disjoin_rejoin_2_domain.txt
2016-10-31 18:48 - 2016-10-31 18:48 - 00066740 _____ C:\Users\Robert\Downloads\muscleforlife.com-How to Track Your Body Composition in 3 Simple Steps.pdf
2016-10-31 18:18 - 2016-10-31 18:18 - 00317618 _____ C:\Users\Robert\Downloads\Christtheway -EvangelismFundingRequest-Sept2016-1.pdf
2016-10-30 20:36 - 2016-10-30 20:36 - 00000000 ____D C:\Users\Blinky\AppData\Roaming\Canneverbe Limited
2016-10-30 20:08 - 2016-10-30 20:07 - 71166464 _____ C:\Users\Robert\Downloads\Lenovo Solution Center.msi
2016-10-30 20:08 - 2016-10-30 20:07 - 00028672 _____ C:\Users\Robert\Downloads\1033.MST
2016-10-30 20:03 - 2016-10-30 20:04 - 62336184 _____ (Lenovo) C:\Users\Robert\Downloads\lscsetup_x64_33003.exe
2016-10-30 19:48 - 2016-10-30 19:51 - 396767232 _____ C:\Users\Robert\Downloads\linux-bootable-cd-41308857.iso
2016-10-28 21:17 - 2016-10-28 21:17 - 00095758 _____ C:\Users\Robert\Downloads\87 Christ The Way SDA Church Bulletin - 29-Oct-2016.pdf
2016-10-26 22:03 - 2016-10-26 22:03 - 00123963 _____ C:\Users\Robert\Downloads\Blood pressure chart for adults.pdf
2016-10-26 20:49 - 2016-10-26 20:49 - 04079083 _____ C:\Users\Robert\Downloads\perfect_abs_for_every_athlete (1).pdf
2016-10-26 20:48 - 2016-10-26 20:48 - 04079083 _____ C:\Users\Robert\Downloads\perfect_abs_for_every_athlete.pdf
2016-10-25 18:56 - 2016-10-25 18:56 - 00095654 _____ C:\Users\Robert\Downloads\21 Christ The Way SDA Church Board Meeting Minutes - September 27%2c 2016.pdf
2016-10-20 21:29 - 2016-10-20 21:29 - 00108254 _____ C:\Users\Robert\Documents\how to be happy.pdf
2016-10-20 21:28 - 2016-10-20 21:28 - 00103659 _____ C:\Users\Robert\Downloads\articles.mercola.com-Ancient Wisdom Teachings for Greater Happiness.pdf
2016-10-15 21:17 - 2016-10-15 21:17 - 00438583 _____ C:\Users\Robert\Documents\crunchless core  Receipt.pdf
2016-10-15 19:54 - 2016-10-15 21:03 - 00000000 ____D C:\Users\Robert\Documents\shuttle MANUAL
2016-10-12 22:20 - 2016-10-12 22:20 - 00000000 ____D C:\Windows\PCHEALTH
2016-10-12 21:13 - 2016-09-30 00:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-12 21:12 - 2016-09-30 13:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-12 21:12 - 2016-09-30 12:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-12 21:12 - 2016-09-30 08:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-12 21:12 - 2016-09-30 08:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-12 21:12 - 2016-09-30 08:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-12 21:12 - 2016-09-29 23:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-12 21:12 - 2016-09-29 23:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-12 21:12 - 2016-09-29 23:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-12 21:12 - 2016-09-29 23:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-12 21:12 - 2016-09-29 23:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-12 21:12 - 2016-09-29 23:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-12 21:12 - 2016-09-29 23:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-12 21:12 - 2016-09-29 23:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-12 21:12 - 2016-09-29 23:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-12 21:12 - 2016-09-29 23:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-12 21:12 - 2016-09-29 23:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-12 21:12 - 2016-09-29 23:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-12 21:12 - 2016-09-29 23:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-12 21:12 - 2016-09-29 23:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-12 21:12 - 2016-09-29 23:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-12 21:12 - 2016-09-29 23:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-12 21:12 - 2016-09-29 23:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-12 21:12 - 2016-09-29 23:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-12 21:12 - 2016-09-29 22:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-12 21:12 - 2016-09-29 22:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-12 21:12 - 2016-09-29 22:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-12 21:12 - 2016-09-29 22:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-12 21:12 - 2016-09-29 22:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-12 21:12 - 2016-09-29 22:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-12 21:12 - 2016-09-29 22:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-12 21:12 - 2016-09-29 22:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-12 21:12 - 2016-09-29 22:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-12 21:12 - 2016-09-29 22:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-12 21:12 - 2016-09-29 22:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-12 21:12 - 2016-09-29 22:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-12 21:12 - 2016-09-29 22:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-12 21:12 - 2016-09-29 22:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-12 21:12 - 2016-09-29 22:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-12 21:12 - 2016-09-29 22:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-12 21:12 - 2016-09-29 22:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-12 21:12 - 2016-09-29 22:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-12 21:12 - 2016-09-29 22:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-12 21:12 - 2016-09-29 22:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-12 21:12 - 2016-09-29 22:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-12 21:12 - 2016-09-29 22:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-12 21:12 - 2016-09-29 22:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-12 21:12 - 2016-09-29 22:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-12 21:12 - 2016-09-29 22:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-12 21:12 - 2016-09-29 22:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-12 21:12 - 2016-09-29 22:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-12 21:12 - 2016-09-29 22:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-12 21:12 - 2016-09-29 22:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-12 21:12 - 2016-09-29 22:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-12 21:12 - 2016-09-29 22:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-12 21:12 - 2016-09-29 22:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-12 21:12 - 2016-09-29 22:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-12 21:12 - 2016-09-29 22:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-12 21:12 - 2016-09-29 22:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-12 21:12 - 2016-09-29 22:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-12 21:12 - 2016-09-29 22:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-12 21:12 - 2016-09-29 22:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-12 21:12 - 2016-09-29 22:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-12 21:12 - 2016-09-29 22:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-12 21:12 - 2016-09-29 22:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-12 21:12 - 2016-09-29 21:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-12 21:12 - 2016-09-29 21:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-12 21:12 - 2016-09-29 21:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-12 21:12 - 2016-09-29 21:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-12 21:12 - 2016-09-15 08:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-12 21:12 - 2016-09-15 08:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-12 21:12 - 2016-09-15 08:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-12 21:12 - 2016-09-15 08:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-12 21:12 - 2016-09-12 14:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-12 21:12 - 2016-09-12 14:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-12 21:12 - 2016-09-12 14:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-12 21:12 - 2016-09-12 14:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-12 21:12 - 2016-09-12 14:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-12 21:12 - 2016-09-12 14:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-12 21:12 - 2016-09-12 14:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-12 21:12 - 2016-09-12 14:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-12 21:12 - 2016-09-12 14:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-12 21:12 - 2016-09-12 14:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-12 21:12 - 2016-09-12 14:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-12 21:12 - 2016-09-12 14:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-12 21:12 - 2016-09-12 14:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-12 21:12 - 2016-09-12 14:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-12 21:12 - 2016-09-12 14:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-12 21:12 - 2016-09-12 14:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-12 21:12 - 2016-09-12 14:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-12 21:12 - 2016-09-12 14:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-12 21:12 - 2016-09-12 14:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-12 21:12 - 2016-09-12 14:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-12 21:12 - 2016-09-12 14:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-12 21:12 - 2016-09-12 13:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-12 21:12 - 2016-09-12 13:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-12 21:12 - 2016-09-12 13:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-12 21:12 - 2016-09-12 13:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-12 21:12 - 2016-09-12 13:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-12 21:12 - 2016-09-12 13:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-12 21:12 - 2016-09-12 13:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-12 21:12 - 2016-09-12 13:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-12 21:12 - 2016-09-12 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-12 21:12 - 2016-09-12 13:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-12 21:12 - 2016-09-12 13:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-12 21:12 - 2016-09-12 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-12 21:12 - 2016-09-12 13:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-12 21:12 - 2016-09-12 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-12 21:12 - 2016-09-12 13:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-12 21:12 - 2016-09-12 13:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-12 21:12 - 2016-09-12 13:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-12 21:12 - 2016-09-12 13:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-12 21:12 - 2016-09-12 13:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-12 21:12 - 2016-09-12 13:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-12 21:12 - 2016-09-12 13:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-12 21:12 - 2016-09-12 13:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-12 21:12 - 2016-09-12 13:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-12 21:12 - 2016-09-12 13:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-12 21:12 - 2016-09-12 12:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-12 21:12 - 2016-09-12 11:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-12 21:12 - 2016-09-12 11:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-12 21:12 - 2016-09-10 09:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-12 21:12 - 2016-09-10 08:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-12 21:12 - 2016-09-09 11:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-12 21:12 - 2016-09-09 11:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-12 21:12 - 2016-09-09 11:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 11:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-12 21:12 - 2016-09-09 11:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-12 21:12 - 2016-09-09 11:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-12 21:12 - 2016-09-09 11:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-12 21:12 - 2016-09-09 11:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-12 21:12 - 2016-09-09 10:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-12 21:12 - 2016-09-09 10:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-12 21:12 - 2016-09-09 10:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-12 21:12 - 2016-09-09 10:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-12 21:12 - 2016-09-09 10:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-12 21:12 - 2016-09-09 10:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-12 21:12 - 2016-09-09 10:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-12 21:12 - 2016-09-09 10:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-12 21:12 - 2016-09-09 10:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-12 21:12 - 2016-09-09 10:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-12 21:12 - 2016-09-09 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-12 21:12 - 2016-09-08 13:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-12 21:12 - 2016-09-08 13:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-12 21:12 - 2016-09-08 13:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-12 21:12 - 2016-09-08 13:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-12 21:12 - 2016-09-08 07:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-12 21:12 - 2016-09-08 07:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-12 21:12 - 2016-08-12 10:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-12 21:12 - 2016-08-12 10:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-12 21:12 - 2016-08-12 10:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-12 21:12 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-12 21:12 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-12 21:12 - 2016-08-12 09:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-12 21:12 - 2016-08-12 09:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-12 21:12 - 2016-08-12 09:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-12 21:12 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-12 21:12 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-12 21:12 - 2016-08-12 09:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-12 21:12 - 2016-08-06 08:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-12 21:12 - 2016-08-06 08:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-12 21:12 - 2016-08-06 08:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-12 21:12 - 2016-08-06 08:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-12 21:12 - 2016-08-06 08:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-12 21:12 - 2016-08-06 08:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-12 21:12 - 2016-08-06 08:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-12 21:12 - 2016-08-06 08:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-12 21:12 - 2016-08-06 08:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-12 21:12 - 2016-08-06 08:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-12 21:12 - 2016-08-06 08:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-12 21:12 - 2016-08-06 08:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-12 21:12 - 2016-08-06 08:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-12 21:12 - 2016-08-06 07:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-12 21:12 - 2016-08-06 07:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-12 21:12 - 2016-08-06 07:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-12 21:12 - 2016-06-14 10:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-12 21:12 - 2016-06-14 10:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-12 21:12 - 2016-06-14 10:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-12 21:12 - 2016-06-14 10:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-12 21:12 - 2016-06-14 08:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-12 21:12 - 2016-06-14 08:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-12 21:12 - 2016-06-14 08:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-12 21:12 - 2016-06-14 08:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-12 21:12 - 2016-06-14 08:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-12 21:12 - 2016-06-14 08:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-12 21:12 - 2016-06-14 08:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-12 21:12 - 2016-06-14 08:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-12 21:12 - 2016-06-14 08:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-12 21:12 - 2016-06-14 08:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-12 21:12 - 2016-06-14 08:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-12 21:12 - 2016-06-14 08:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-12 21:12 - 2016-06-14 08:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-12 21:12 - 2016-06-14 08:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-12 21:12 - 2016-06-14 08:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-12 21:12 - 2016-06-14 08:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-12 21:12 - 2016-06-14 08:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-12 21:12 - 2016-06-14 08:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-12 21:12 - 2016-06-14 08:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-12 21:12 - 2016-06-14 08:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-12 21:12 - 2016-06-14 08:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-12 21:12 - 2016-06-14 08:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-12 21:12 - 2016-06-14 08:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-12 21:12 - 2016-06-14 08:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-12 21:12 - 2016-06-14 08:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-12 21:12 - 2016-06-14 08:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-12 21:12 - 2016-06-14 08:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-12 21:12 - 2016-06-14 08:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-12 21:12 - 2016-06-14 08:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-12 21:11 - 2016-09-12 14:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-12 21:11 - 2016-09-12 14:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-12 21:11 - 2016-09-09 08:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-12 21:11 - 2016-09-09 08:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-12 21:11 - 2016-09-09 08:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-12 21:11 - 2016-09-09 08:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-12 21:11 - 2016-09-09 08:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-12 21:11 - 2016-09-09 08:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-12 21:11 - 2016-09-09 08:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-12 21:11 - 2016-08-29 08:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-12 21:11 - 2016-08-29 08:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-12 21:11 - 2016-08-29 08:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-10-12 21:11 - 2016-08-29 08:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-10-12 21:11 - 2016-08-29 08:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-10-12 21:11 - 2016-08-29 08:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-10-12 21:11 - 2016-08-29 08:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-12 21:11 - 2016-08-29 07:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-10-12 21:11 - 2016-08-16 13:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-10-12 21:11 - 2016-08-16 13:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-10-12 21:11 - 2016-08-16 13:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-10-12 21:11 - 2016-08-16 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-10-12 21:11 - 2016-08-16 13:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-10-12 21:11 - 2016-08-16 13:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-10-12 21:11 - 2016-08-16 13:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-10-12 21:11 - 2016-07-22 07:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-12 21:11 - 2016-07-22 07:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-10 23:10 - 2016-07-17 09:36 - 00000000 ____D C:\FRST
2016-11-10 23:09 - 2016-06-19 08:44 - 00003962 __RSH C:\Users\Blinky\ntuser.pol
2016-11-10 23:09 - 2016-06-19 08:44 - 00000000 ____D C:\Users\Blinky
2016-11-10 23:08 - 2016-05-23 13:21 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-11-10 23:07 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-10 23:02 - 2016-01-20 13:09 - 00000000 ____D C:\Users\Robert
2016-11-10 23:02 - 2009-07-13 20:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-11-10 23:02 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-11-10 22:51 - 2009-07-13 22:13 - 00785942 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-10 22:51 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-11-10 22:43 - 2009-07-13 21:45 - 00025552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-10 22:43 - 2009-07-13 21:45 - 00025552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-09 22:31 - 2016-01-20 13:14 - 00000000 ____D C:\Windows\system32\MRT
2016-11-09 22:27 - 2016-01-20 13:14 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-09 19:25 - 2016-03-18 22:04 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-11-09 18:49 - 2012-03-08 11:25 - 00000000 ____D C:\Users\Robert\Documents\personal Stuff
2016-11-07 01:13 - 2016-03-18 23:40 - 00000000 ____D C:\ProgramData\HitmanPro
2016-11-07 00:26 - 2016-02-07 15:36 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-07 00:25 - 2016-02-07 15:36 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-06 23:54 - 2016-03-18 22:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-11-06 23:42 - 2014-03-23 12:09 - 00000000 ____D C:\Users\Robert\Documents\tech software
2016-11-06 22:35 - 2016-06-19 08:45 - 00000000 ____D C:\Users\Blinky\AppData\Local\Google
2016-11-06 22:01 - 2016-06-18 21:48 - 00000000 ____D C:\AdwCleaner
2016-11-06 14:09 - 2016-05-19 18:37 - 00000000 ____D C:\Users\Robert\AppData\Local\Deployment
2016-11-06 12:45 - 2016-02-14 08:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-06 12:44 - 2016-01-23 22:20 - 00000000 ____D C:\EEK
2016-11-06 12:24 - 2016-01-20 14:32 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-06 12:24 - 2016-01-20 14:32 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-06 10:32 - 2016-06-19 08:45 - 00000000 ____D C:\Users\Blinky\AppData\Local\Adobe
2016-11-06 10:32 - 2016-02-14 08:04 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-06 10:32 - 2016-01-30 22:19 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-06 10:32 - 2016-01-30 22:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-06 10:32 - 2016-01-20 14:31 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-06 10:32 - 2016-01-20 14:31 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-04 18:33 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-11-03 21:47 - 2016-01-20 23:44 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-03 19:27 - 2016-01-21 06:44 - 00778064 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-10-30 20:35 - 2016-06-19 08:45 - 00111224 _____ C:\Users\Blinky\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-30 20:34 - 2009-07-13 21:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-10-27 21:32 - 2016-02-07 16:00 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-10-27 20:14 - 2016-01-20 14:31 - 00000000 ____D C:\Users\Robert\AppData\Local\Google
2016-10-27 18:22 - 2016-01-20 13:13 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-19 20:27 - 2016-01-20 14:30 - 00000000 ____D C:\Users\Robert\.oracle_jre_usage
2016-10-18 20:18 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-10-16 22:39 - 2012-03-08 11:20 - 00000000 ____D C:\Users\Robert\Documents\health
2016-10-15 21:00 - 2012-03-08 11:25 - 00000000 ____D C:\Users\Robert\Documents\Relationships
2016-10-15 20:53 - 2016-05-21 17:27 - 00000000 ____D C:\Users\Robert\Documents\Purchases
2016-10-13 18:18 - 2016-01-20 23:45 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-13 18:00 - 2009-07-13 21:45 - 00418336 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-13 17:58 - 2016-02-04 05:27 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-13 17:58 - 2016-02-04 05:27 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-13 17:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-13 17:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-13 17:57 - 2009-07-13 22:08 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-12 22:15 - 2016-01-22 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-12 22:14 - 2016-01-22 19:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-12 22:14 - 2016-01-22 19:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2016-07-01 21:19 - 2016-07-01 21:19 - 0000001 _____ () C:\Users\Blinky\AppData\Local\llftool.4.05.agreement
2016-06-08 12:41 - 2016-06-08 12:45 - 0000734 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Users\Robert\cygwin1.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-04 18:25
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Blinky (10-11-2016 23:12:21)
Running from C:\Users\Blinky\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-01-20 20:08:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3625527535-722659519-321427626-500 - Administrator - Disabled)
Blinky (S-1-5-21-3625527535-722659519-321427626-1001 - Administrator - Enabled) => C:\Users\Blinky
Guest (S-1-5-21-3625527535-722659519-321427626-501 - Limited - Disabled)
Robert (S-1-5-21-3625527535-722659519-321427626-1000 - Limited - Enabled) => C:\Users\Robert
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.6059 - CDBurnerXP)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dell Laser MFP 1815 Software Uninstall (HKLM-x32\...\Dell Laser MFP 1815) (Version:  - DELL Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.87 - Google Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Reader (HKLM-x32\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version:  - )
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Online Plug-in (x32 Version: 14.3.100.10 - Citrix Systems, Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Self-service Plug-in (x32 Version: 4.3.100.10167 - Citrix Systems, Inc.) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\88EB56038379B8B7DCFB4D2448A60F52E064B265) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - Silicon Laboratories (silabenm) Ports  (10/18/2013 6.6.1.0) (HKLM\...\F92C2D6CB4EA0EE558BDF5F8BDD69083DFC62179) (Version: 10/18/2013 6.6.1.0 - Silicon Laboratories)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3625527535-722659519-321427626-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3625527535-722659519-321427626-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3625527535-722659519-321427626-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3625527535-722659519-321427626-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3625527535-722659519-321427626-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1CA2B84F-7959-4B75-BC4A-E262F91F1781} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {7D04E9C1-F6D0-4F55-97FC-083F90C67E7F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-06] (Adobe Systems Incorporated)
Task: {7F6233A1-7A03-4EAA-BCC1-A46FDEC5E16A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {80B4D5E1-F439-4E99-9050-8AAEB13DF55E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-08-30] (Microsoft Corporation)
Task: {BB68082F-3610-4EB9-844D-0E1EC71461F4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {CD3ABCDE-C90A-46E0-84DD-5AD15BC80C88} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-20] (Google Inc.)
Task: {E942D4FB-88CE-48E5-BF8C-C829358C4C95} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-20] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-01-21 01:11 - 2008-07-09 08:54 - 00253440 _____ () C:\Windows\system32\ssminidriver.dll
2016-02-07 16:00 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-02-07 16:00 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-02-07 16:00 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:9638A27E [123]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7916 more sites.
 
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\123simsen.com -> www.123simsen.com
 
There are 7916 more sites.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3625527535-722659519-321427626-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Blinky\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DellNSCST_GRNCH => "C:\Program Files (x86)\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe" /HIDEUI
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{DB903015-B40C-4E42-88B8-BF2592EBE56F}C:\program files (x86)\dell\dell laser mfp 1815\networkscan\dnscst.exe] => (Allow) C:\program files (x86)\dell\dell laser mfp 1815\networkscan\dnscst.exe
FirewallRules: [UDP Query User{AA2E373B-9E1A-428F-913B-6DDF25F9DEE4}C:\program files (x86)\dell\dell laser mfp 1815\networkscan\dnscst.exe] => (Allow) C:\program files (x86)\dell\dell laser mfp 1815\networkscan\dnscst.exe
FirewallRules: [{37CD75ED-1786-4245-A584-21D19F25A8D0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{256431EB-FFD0-4206-8C4D-4B17CA2FC49A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [{80A431FC-28C7-4A67-A71B-AB85D1B62084}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{998E42B3-AD91-4944-99D6-79677E56934D}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{C166BD20-9DF5-489B-A5AD-174DD4C5A217}] => (Allow) C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{5CB6904B-50C2-4EBB-B3EA-5013F4185743}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
03-11-2016 22:47:27 JRT Pre-Junkware Removal
03-11-2016 23:28:01 JRT Pre-Junkware Removal
06-11-2016 10:41:52 JRT Pre-Junkware Removal
06-11-2016 21:52:34 Windows Update
07-11-2016 00:55:07 Malwarebytes Anti-Rootkit Restore Point
07-11-2016 01:10:41 Checkpoint by HitmanPro
07-11-2016 01:12:25 Checkpoint by HitmanPro
09-11-2016 22:25:39 Windows Update
10-11-2016 22:51:21 zoek.exe restore point
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/10/2016 10:51:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.
 
System Error:
The system cannot find the file specified.
.
 
Error: (11/07/2016 01:13:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000190,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000001C0EE40.72).  hr = 0x80070005, Access is denied.
.
 
Error: (11/07/2016 01:13:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000008b8,(null),0,REG_BINARY,00000000028BE1A0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {f58477f4-3e37-441a-9d40-60831a326f35}
 
Error: (11/07/2016 01:13:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000308,(null),0,REG_BINARY,0000000002CEE300.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {93fb0c25-e6db-4af6-a816-87173f2857d9}
 
Error: (11/07/2016 01:13:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000cd8,(null),0,REG_BINARY,0000000007D5DFB0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {0a8249d2-5707-403a-a3a8-bf4821c40cbb}
 
Error: (11/07/2016 01:13:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000008b8,(null),0,REG_BINARY,00000000028BE1A0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {f58477f4-3e37-441a-9d40-60831a326f35}
 
Error: (11/07/2016 01:13:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b8,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,0000000002DFEAF0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {4d1cb713-708d-43ce-9617-bbb1806d88c8}
 
Error: (11/07/2016 01:13:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000308,(null),0,REG_BINARY,0000000002CEE300.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {93fb0c25-e6db-4af6-a816-87173f2857d9}
 
Error: (11/07/2016 01:13:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001c4,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,000000000123F320.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {4c4c3bed-cabe-4bfa-952c-32e18252a535}
 
Error: (11/07/2016 01:13:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f4,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,0000000002C8EDC0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {5f87d353-e161-4f85-a6b3-04721d5234a1}
 
 
System errors:
=============
Error: (11/10/2016 11:09:09 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (11/10/2016 11:08:19 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (11/10/2016 11:08:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/10/2016 11:08:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (11/10/2016 11:02:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (11/10/2016 11:02:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (11/10/2016 11:02:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (11/10/2016 11:02:36 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (11/10/2016 11:02:36 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (11/10/2016 10:46:17 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 116.65.0.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: Network Inspection System
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 2.1.12706.0
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 36%
Total physical RAM: 3965.18 MB
Available physical RAM: 2535.8 MB
Total Virtual: 7928.54 MB
Available Virtual: 6525.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:233.93 GB) (Free:105.79 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:231.83 GB) (Free:80.17 GB) NTFS
Drive h: (WDO_MEDIA64) (Removable) (Total:0.47 GB) (Free:0.17 GB) FAT32
Drive i: (BOOT_DISC) (Removable) (Total:1.86 GB) (Free:1.11 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7BF0A948)
Partition 1: (Active) - (Size=233.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=231.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 0098B5F8)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0C)
 
========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 489 MB) (Disk ID: 01D1A2BB)
Partition 1: (Active) - (Size=489 MB) - (Type=0C)
 
==================== End of Addition.txt ============================
 
I am not sure if the system is clean, I did renable the ms security essentials. It does seem like it is running better. I did see it cleaned up some registry junk that stuck around after I uninstalled some apps.  Oh I will be going away for the weekend and will not have access to my home computer, so if I dont reply right away I am still interesting continuing your assistance. So dont close the ticket. 


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:55 AM

Posted 11 November 2016 - 09:38 AM

Let me know what problem persists when you return.

#8 Webtracker

Webtracker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:10:55 PM

Posted 13 November 2016 - 06:33 PM

I am back but I am not sure if my logs show that my system is clean. I am not able to download windows defender for windows 7 as it keeps trying to download security essentials instead. I did run the off line version that requires the creation of bootable media and you boot up the computer with the bootable media, then run the scan that way. I did not find any infections. When I try to download the windows version and try to run it it will not install. So it looks like the offline version is not detecting this virus. But security essentials states it is still there but it does not seem to be able to remove it. So I am not sure if the logs I submitted show that I am still infected. 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:55 AM

Posted 14 November 2016 - 10:10 AM




I am not able to download windows defender for windows 7 as it keeps trying to download security essentials instead.

Accept it. Security Essentials has replaced the Windows defender in Windows 7.

SE is already installed so it should only update.

===

Run the application and let me know the exact error message that SE will create.


Run the Farbar tool one more time and post fresh FRST and Addition.txt files for my review.

#10 Webtracker

Webtracker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:10:55 PM

Posted 14 November 2016 - 11:53 PM

I was having problems with Chrome the updates kept on crashing. So I uninstalled the application, then reinstalled it and then ran updates, it seems to be working fine now. Computer seems to be functioning normally. The FRST files look cleaner after running the Temp file cleaner (TFC). 

 

Here are my results. 

 

can result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Blinky (administrator) on OFFICE (14-11-2016 21:20:01)
Running from C:\Users\Blinky\Desktop
Loaded Profiles: Blinky (Available Profiles: Robert & Blinky)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
HKU\S-1-5-21-3625527535-722659519-321427626-1001 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-3625527535-722659519-321427626-1001 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-01-20] (Microsoft Corporation)
HKU\S-1-5-18\...A8F59079A8D5}\localserver32:  <==== ATTENTION
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll [2016-06-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll [2016-06-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll [2016-06-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [2016-06-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [2016-06-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [2016-06-19] (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-3625527535-722659519-321427626-1001\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3625527535-722659519-321427626-1000\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 64.59.184.17 64.59.191.229 64.59.191.229
Tcpip\..\Interfaces\{A5768643-7B94-4822-B286-032FE8645313}: [DhcpNameServer] 64.59.184.17 64.59.191.229 64.59.191.229
 
Internet Explorer:
==================
HKU\S-1-5-21-3625527535-722659519-321427626-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/?gws_rd=ssl
HKU\S-1-5-21-3625527535-722659519-321427626-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3625527535-722659519-321427626-1001 -> DefaultScope {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3625527535-722659519-321427626-1001 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-16] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-16] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-02-07] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-20] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-11-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-13]
CHR Extension: (Chrome Media Router) - C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-13]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Ctxusbr; C:\Windows\System32\DRIVERS\ctxusbr.sys [79192 2015-07-01] (Citrix Systems, Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp; C:\EEK\bin64\epp.sys [116944 2016-06-30] (Emsisoft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [49752 2010-11-09] (Sunbelt Software)
S4 dgderdrv; System32\drivers\dgderdrv.sys [X]
S4 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-14 21:20 - 2016-11-14 21:20 - 00010568 _____ C:\Users\Blinky\Desktop\FRST.txt
2016-11-14 21:13 - 2016-11-14 21:13 - 00000000 ____D C:\Users\Blinky\Desktop\ccsetup523
2016-11-13 23:49 - 2016-10-12 11:51 - 02841880 _____ C:\Users\Blinky\Documents\download.zip
2016-11-13 23:44 - 2016-11-13 23:44 - 00000000 ____D C:\Users\Robert\Desktop\ccsetup523
2016-11-13 20:45 - 2016-11-13 20:45 - 00000000 ____D C:\ProgramData\Sophos
2016-11-13 20:44 - 2016-11-13 20:44 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-11-13 20:44 - 2016-11-13 20:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-11-13 20:44 - 2016-11-13 20:44 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-11-13 20:42 - 2016-11-13 21:16 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-13 19:11 - 2016-11-13 19:11 - 09296344 _____ C:\Users\Blinky\Downloads\RevoUninstaller_Portable.zip
2016-11-13 18:30 - 2016-11-13 18:30 - 00000085 _____ C:\Windows\wininit.ini
2016-11-13 17:43 - 2016-11-13 17:43 - 00000000 _____ C:\autoexec.bat
2016-11-13 16:56 - 2016-11-13 16:56 - 00000112 ___RH C:\Users\Blinky\Desktop\Stinger.opt
2016-11-13 15:55 - 2016-11-13 15:55 - 00000000 ____D C:\Users\Blinky\AppData\Local\VirtualStore
2016-11-11 08:41 - 2016-11-02 08:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-11 08:41 - 2016-11-02 08:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-11 08:41 - 2016-10-27 20:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-11 08:41 - 2016-10-27 20:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-11 08:41 - 2016-10-27 11:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-11 08:41 - 2016-10-27 11:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-11 08:41 - 2016-10-27 11:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-11 08:41 - 2016-10-27 11:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-11 08:41 - 2016-10-27 11:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-11 08:41 - 2016-10-27 11:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-11 08:41 - 2016-10-27 11:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-11 08:41 - 2016-10-27 10:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-11 08:41 - 2016-10-27 10:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-11 08:41 - 2016-10-27 10:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-11 08:41 - 2016-10-27 10:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-11 08:41 - 2016-10-27 10:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-11 08:41 - 2016-10-27 10:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-11 08:41 - 2016-10-27 10:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-11 08:41 - 2016-10-27 10:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-11 08:41 - 2016-10-27 08:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-11 08:41 - 2016-10-25 08:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-11 08:41 - 2016-10-22 10:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-11 08:41 - 2016-10-22 10:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-11 08:41 - 2016-10-22 10:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-11 08:41 - 2016-10-22 09:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-11 08:41 - 2016-10-22 09:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-11 08:41 - 2016-10-22 09:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-11 08:41 - 2016-10-22 09:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-11 08:41 - 2016-10-22 09:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-11 08:41 - 2016-10-22 09:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-11 08:41 - 2016-10-22 09:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-11 08:41 - 2016-10-22 09:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-11 08:41 - 2016-10-22 09:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-11 08:41 - 2016-10-22 09:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-11 08:41 - 2016-10-22 09:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-11 08:41 - 2016-10-15 08:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-11 08:41 - 2016-10-15 08:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-11 08:41 - 2016-10-11 08:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-11 08:41 - 2016-10-11 08:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-11 08:41 - 2016-10-11 08:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-11 08:41 - 2016-10-11 08:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-11 08:41 - 2016-10-11 08:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-11 08:41 - 2016-10-11 08:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-11 08:41 - 2016-10-11 08:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-11 08:41 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-11 08:41 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-11 08:41 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-11 08:41 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-11 08:41 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-11 08:41 - 2016-10-11 08:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-11 08:41 - 2016-10-11 08:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-11 08:41 - 2016-10-11 08:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-11 08:41 - 2016-10-11 08:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-11 08:41 - 2016-10-11 08:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-11 08:41 - 2016-10-11 08:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-11 08:41 - 2016-10-11 08:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-11 08:41 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-11 08:41 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-11 08:41 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-11 08:41 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-11 08:41 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-11 08:41 - 2016-10-11 08:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-11 08:41 - 2016-10-11 06:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-11 08:41 - 2016-10-11 06:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-11 08:41 - 2016-10-10 08:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-11 08:41 - 2016-10-10 08:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-11 08:41 - 2016-10-10 08:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-11 08:41 - 2016-10-10 08:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-11 08:41 - 2016-10-10 08:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-11 08:41 - 2016-10-10 08:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-11 08:41 - 2016-10-10 08:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-11 08:41 - 2016-10-07 08:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-11 08:41 - 2016-10-07 08:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-11 08:41 - 2016-10-07 08:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-11 08:41 - 2016-10-07 08:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-11 08:41 - 2016-10-07 08:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-11 08:41 - 2016-10-07 08:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-11 08:41 - 2016-10-07 08:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-11 08:41 - 2016-10-07 08:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-11 08:41 - 2016-10-07 08:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-11 08:41 - 2016-10-07 08:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-11 08:41 - 2016-10-07 08:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-11 08:41 - 2016-10-07 08:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-11 08:41 - 2016-10-07 08:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-11 08:41 - 2016-10-05 07:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-11 08:40 - 2016-11-02 08:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-11 08:40 - 2016-11-02 08:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-11 08:40 - 2016-11-02 08:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-11 08:40 - 2016-11-02 08:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-11 08:40 - 2016-11-02 08:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-11 08:40 - 2016-11-02 08:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-11 08:40 - 2016-11-02 08:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-11 08:40 - 2016-11-02 07:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-11 08:40 - 2016-10-27 12:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-11 08:40 - 2016-10-27 12:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-11 08:40 - 2016-10-27 11:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-11 08:40 - 2016-10-27 11:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-11 08:40 - 2016-10-27 11:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-11 08:40 - 2016-10-27 11:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-11 08:40 - 2016-10-27 11:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-11 08:40 - 2016-10-27 11:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-11 08:40 - 2016-10-27 11:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-11 08:40 - 2016-10-27 11:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-11 08:40 - 2016-10-27 11:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-11 08:40 - 2016-10-27 11:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-11 08:40 - 2016-10-27 11:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-11 08:40 - 2016-10-27 11:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-11 08:40 - 2016-10-27 11:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-11 08:40 - 2016-10-27 11:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-11 08:40 - 2016-10-27 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-11 08:40 - 2016-10-27 11:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-11 08:40 - 2016-10-27 09:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-11 08:40 - 2016-10-22 10:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-11 08:40 - 2016-10-22 10:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-11 08:40 - 2016-10-22 10:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-11 08:40 - 2016-10-22 10:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-11 08:40 - 2016-10-22 10:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-11 08:40 - 2016-10-22 10:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-11 08:40 - 2016-10-22 10:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-11 08:40 - 2016-10-22 10:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-11 08:40 - 2016-10-22 10:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-11 08:40 - 2016-10-22 10:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-11 08:40 - 2016-10-22 10:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-11 08:40 - 2016-10-22 10:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-11 08:40 - 2016-10-22 10:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-11 08:40 - 2016-10-22 09:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-11 08:40 - 2016-10-22 09:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-11 08:40 - 2016-10-15 08:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-11 08:40 - 2016-10-15 08:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-11 08:40 - 2016-10-10 08:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-11 08:40 - 2016-10-10 08:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-11 08:40 - 2016-10-10 08:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-11 08:40 - 2016-10-10 08:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-11 08:40 - 2016-10-10 08:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-11 08:40 - 2016-10-10 08:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-11 08:40 - 2016-10-10 08:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-11 08:40 - 2016-10-10 08:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-11 08:40 - 2016-10-10 08:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-11 08:40 - 2016-10-10 08:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-11 08:40 - 2016-10-10 08:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-11 08:40 - 2016-10-10 08:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-11 08:40 - 2016-10-10 08:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-11 08:40 - 2016-10-10 08:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-11 08:40 - 2016-10-10 08:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-11 08:40 - 2016-10-10 08:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-11 08:40 - 2016-10-10 08:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-11 08:40 - 2016-10-10 08:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-11 08:40 - 2016-10-10 08:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-11 08:40 - 2016-10-10 08:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-11 08:40 - 2016-10-10 08:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-11 08:40 - 2016-10-10 08:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-11 08:40 - 2016-10-10 08:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-11 08:40 - 2016-10-10 08:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-11 08:40 - 2016-10-10 08:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-11 08:40 - 2016-10-10 08:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-11 08:40 - 2016-10-10 08:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-11 08:40 - 2016-10-10 08:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-11 08:40 - 2016-10-10 08:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-11 08:40 - 2016-10-10 07:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-11 08:40 - 2016-10-10 07:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-11 08:40 - 2016-10-10 07:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-11 08:40 - 2016-10-10 07:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-11 08:40 - 2016-10-10 07:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-11 08:40 - 2016-10-10 07:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 08:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-11 08:40 - 2016-10-07 08:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-11 08:40 - 2016-10-07 08:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-11 08:40 - 2016-10-07 08:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-11 08:40 - 2016-10-07 08:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-11 08:40 - 2016-10-07 07:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-11 08:40 - 2016-10-07 07:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-11 08:40 - 2016-10-07 07:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-11 08:40 - 2016-10-07 07:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-11 08:40 - 2016-10-07 07:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-11 08:40 - 2016-10-07 07:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 07:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 07:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-11 08:40 - 2016-10-07 07:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-10 23:05 - 2016-11-10 22:50 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-11-10 22:50 - 2016-11-10 23:02 - 00000000 ____D C:\zoek_backup
2016-11-10 19:58 - 2016-11-10 19:58 - 00000000 ____D C:\Windows\Microsoft Antimalware
2016-11-07 01:12 - 2016-11-07 01:12 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2016-11-07 00:50 - 2016-11-07 00:50 - 00000000 _____ C:\Windows\SysWOW64\SBRC.dat
2016-11-07 00:50 - 2010-11-09 14:56 - 00049752 _____ (Sunbelt Software) C:\Windows\system32\Drivers\SBREDrv.sys
2016-11-07 00:50 - 2010-11-09 14:56 - 00027472 _____ (Sunbelt Software) C:\Windows\system32\sbbd.exe
2016-11-07 00:43 - 2016-11-10 22:43 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-11-07 00:34 - 2016-11-07 00:34 - 00000000 ____D C:\Program Files\McAfee
2016-11-07 00:33 - 2016-11-13 16:56 - 00000000 ____D C:\Program Files (x86)\stinger
2016-11-06 16:33 - 2016-11-06 16:33 - 00000000 ____D C:\Users\Robert\AppData\Local\GlassWire
2016-11-06 12:01 - 2016-11-06 12:01 - 00000000 ____D C:\Users\Blinky\AppData\Local\GlassWire
2016-11-06 11:44 - 2016-11-06 11:44 - 00000000 ____D C:\ProgramData\GlassWire
2016-11-06 10:59 - 2016-11-14 21:19 - 02411520 _____ (Farbar) C:\Users\Blinky\Desktop\FRST64.exe
2016-11-03 23:03 - 2016-11-03 23:03 - 00000000 ____D C:\Users\Blinky\AppData\Local\Deployment
2016-11-03 23:03 - 2016-11-03 23:03 - 00000000 ____D C:\Users\Blinky\AppData\Local\Apps\2.0
2016-11-03 22:40 - 2016-06-18 22:15 - 00448512 _____ (OldTimer Tools) C:\Users\Blinky\Desktop\TFC.exe
2016-11-03 19:24 - 2016-09-15 07:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-03 19:24 - 2016-09-13 08:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-03 19:24 - 2016-09-13 08:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-03 19:24 - 2016-09-09 11:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-03 19:24 - 2016-09-09 11:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-03 19:24 - 2016-08-22 09:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-02 21:48 - 2016-11-02 21:48 - 08402902 _____ C:\Users\Robert\Documents\optiplex-9030-aio_owner's manual_en-us.pdf
2016-11-02 20:39 - 2016-11-02 20:39 - 00054548 _____ C:\Users\Robert\Documents\Slmgrvbs Options for Volume Activation.pdf
2016-11-02 20:37 - 2016-11-02 20:37 - 00404226 _____ C:\Users\Robert\Documents\Use Slmgr to Change Remove or Extend Your Windows License.pdf
2016-11-02 19:02 - 2016-11-02 19:02 - 00277360 _____ C:\Users\Robert\Documents\103116-80293-01.dmp
2016-11-02 18:47 - 2016-11-02 18:47 - 00031135 _____ C:\Users\Robert\Documents\EsponExample.pdf
2016-10-31 19:50 - 2016-10-31 19:50 - 00005099 _____ C:\Users\Robert\Documents\disjoin_rejoin_2_domain.txt
2016-10-31 18:48 - 2016-10-31 18:48 - 00066740 _____ C:\Users\Robert\Documents\Track Body Composition .pdf
2016-10-30 20:36 - 2016-10-30 20:36 - 00000000 ____D C:\Users\Blinky\AppData\Roaming\Canneverbe Limited
2016-10-30 19:48 - 2016-10-30 19:51 - 396767232 _____ C:\Users\Robert\Documents\linux-bootable-cd-41308857.iso
2016-10-26 22:03 - 2016-10-26 22:03 - 00123963 _____ C:\Users\Robert\Documents\Blood pressure chart for adults.pdf
2016-10-26 20:48 - 2016-10-26 20:48 - 04079083 _____ C:\Users\Robert\Documents\perfect_abs_for_every_athlete.pdf
2016-10-20 21:29 - 2016-10-20 21:29 - 00108254 _____ C:\Users\Robert\Documents\how to be happy.pdf
2016-10-20 21:28 - 2016-10-20 21:28 - 00103659 _____ C:\Users\Robert\Documents\Happiness.pdf
2016-10-15 21:17 - 2016-10-15 21:17 - 00438583 _____ C:\Users\Robert\Documents\crunchless core  Receipt.pdf
2016-10-15 19:54 - 2016-10-15 21:03 - 00000000 ____D C:\Users\Robert\Documents\shuttle MANUAL
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-14 21:20 - 2016-07-17 09:36 - 00000000 ____D C:\FRST
2016-11-14 21:14 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-11-14 20:45 - 2009-07-13 21:45 - 00025552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-14 20:45 - 2009-07-13 21:45 - 00025552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-14 19:03 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-11-14 18:30 - 2009-07-13 22:13 - 00785942 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-14 18:26 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-13 23:40 - 2016-02-07 16:00 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-11-13 20:42 - 2016-02-07 15:36 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-13 20:42 - 2016-02-07 15:36 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-13 18:30 - 2016-03-18 22:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-11-13 17:30 - 2016-01-20 13:14 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-13 17:21 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-13 17:12 - 2016-01-23 22:20 - 00000000 ____D C:\EEK
2016-11-13 17:04 - 2014-03-23 12:09 - 00000000 ____D C:\Users\Robert\Documents\tech software
2016-11-13 16:35 - 2016-03-18 22:04 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-11-13 16:34 - 2012-03-08 11:25 - 00000000 ____D C:\Users\Robert\Documents\personal Stuff
2016-11-13 16:11 - 2016-01-20 23:45 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-13 15:58 - 2016-06-19 08:45 - 00000000 ____D C:\Users\Blinky\AppData\Local\Google
2016-11-13 15:57 - 2016-01-20 15:41 - 00002057 _____ C:\Windows\epplauncher.mif
2016-11-13 15:52 - 2009-07-13 21:45 - 00418336 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-11 07:46 - 2016-06-17 17:15 - 00000610 __RSH C:\Users\Robert\ntuser.pol
2016-11-11 07:46 - 2016-01-20 13:09 - 00000000 ____D C:\Users\Robert
2016-11-10 23:09 - 2016-06-19 08:44 - 00003962 __RSH C:\Users\Blinky\ntuser.pol
2016-11-10 23:09 - 2016-06-19 08:44 - 00000000 ____D C:\Users\Blinky
2016-11-10 23:08 - 2016-05-23 13:21 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-11-10 23:02 - 2009-07-13 20:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-11-10 23:02 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-11-09 22:31 - 2016-01-20 13:14 - 00000000 ____D C:\Windows\system32\MRT
2016-11-07 01:13 - 2016-03-18 23:40 - 00000000 ____D C:\ProgramData\HitmanPro
2016-11-06 14:09 - 2016-05-19 18:37 - 00000000 ____D C:\Users\Robert\AppData\Local\Deployment
2016-11-06 12:45 - 2016-02-14 08:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-06 12:24 - 2016-01-20 14:32 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-06 12:24 - 2016-01-20 14:32 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-06 10:32 - 2016-06-19 08:45 - 00000000 ____D C:\Users\Blinky\AppData\Local\Adobe
2016-11-06 10:32 - 2016-02-14 08:04 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-06 10:32 - 2016-01-30 22:19 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-06 10:32 - 2016-01-30 22:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-06 10:32 - 2016-01-20 14:31 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-06 10:32 - 2016-01-20 14:31 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-03 21:47 - 2016-01-20 23:44 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-03 19:27 - 2016-01-21 06:44 - 00778064 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-10-30 20:35 - 2016-06-19 08:45 - 00111224 _____ C:\Users\Blinky\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-30 20:34 - 2009-07-13 21:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-10-27 20:14 - 2016-01-20 14:31 - 00000000 ____D C:\Users\Robert\AppData\Local\Google
2016-10-27 18:22 - 2016-01-20 13:13 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-19 20:27 - 2016-01-20 14:30 - 00000000 ____D C:\Users\Robert\.oracle_jre_usage
2016-10-18 20:18 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-10-16 22:39 - 2012-03-08 11:20 - 00000000 ____D C:\Users\Robert\Documents\health
2016-10-15 21:00 - 2012-03-08 11:25 - 00000000 ____D C:\Users\Robert\Documents\Relationships
2016-10-15 20:53 - 2016-05-21 17:27 - 00000000 ____D C:\Users\Robert\Documents\Purchases
 
==================== Files in the root of some directories =======
 
2016-07-01 21:19 - 2016-07-01 21:19 - 0000001 _____ () C:\Users\Blinky\AppData\Local\llftool.4.05.agreement
2016-06-08 12:41 - 2016-06-08 12:45 - 0000734 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Users\Robert\cygwin1.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-14 18:56
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Blinky (14-11-2016 21:20:29)
Running from C:\Users\Blinky\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-01-20 20:08:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3625527535-722659519-321427626-500 - Administrator - Disabled)
Blinky (S-1-5-21-3625527535-722659519-321427626-1001 - Administrator - Enabled) => C:\Users\Blinky
Guest (S-1-5-21-3625527535-722659519-321427626-501 - Limited - Disabled)
Robert (S-1-5-21-3625527535-722659519-321427626-1000 - Limited - Enabled) => C:\Users\Robert
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.6059 - CDBurnerXP)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dell Laser MFP 1815 Software Uninstall (HKLM-x32\...\Dell Laser MFP 1815) (Version:  - DELL Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.87 - Google Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Reader (HKLM-x32\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version:  - )
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Online Plug-in (x32 Version: 14.3.100.10 - Citrix Systems, Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Self-service Plug-in (x32 Version: 4.3.100.10167 - Citrix Systems, Inc.) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Driver Package - Silicon Laboratories (silabenm) Ports  (10/18/2013 6.6.1.0) (HKLM\...\F92C2D6CB4EA0EE558BDF5F8BDD69083DFC62179) (Version: 10/18/2013 6.6.1.0 - Silicon Laboratories)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3625527535-722659519-321427626-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3625527535-722659519-321427626-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3625527535-722659519-321427626-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3625527535-722659519-321427626-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3625527535-722659519-321427626-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1CA2B84F-7959-4B75-BC4A-E262F91F1781} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {3CC8FACC-2153-4231-A06C-1141D3A02F40} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-08-30] (Microsoft Corporation)
Task: {464C04F6-A3C2-4DCA-BFA3-40E031B2EDDE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {7D04E9C1-F6D0-4F55-97FC-083F90C67E7F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-06] (Adobe Systems Incorporated)
Task: {CD3ABCDE-C90A-46E0-84DD-5AD15BC80C88} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-20] (Google Inc.)
Task: {E942D4FB-88CE-48E5-BF8C-C829358C4C95} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-20] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:9638A27E [123]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7916 more sites.
 
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3625527535-722659519-321427626-1001\...\123simsen.com -> www.123simsen.com
 
There are 7916 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-11-13 17:43 - 2016-11-13 17:43 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3625527535-722659519-321427626-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Blinky\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 64.59.184.17 - 64.59.191.229
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DellNSCST_GRNCH => "C:\Program Files (x86)\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe" /HIDEUI
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{DB903015-B40C-4E42-88B8-BF2592EBE56F}C:\program files (x86)\dell\dell laser mfp 1815\networkscan\dnscst.exe] => (Allow) C:\program files (x86)\dell\dell laser mfp 1815\networkscan\dnscst.exe
FirewallRules: [UDP Query User{AA2E373B-9E1A-428F-913B-6DDF25F9DEE4}C:\program files (x86)\dell\dell laser mfp 1815\networkscan\dnscst.exe] => (Allow) C:\program files (x86)\dell\dell laser mfp 1815\networkscan\dnscst.exe
FirewallRules: [{37CD75ED-1786-4245-A584-21D19F25A8D0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{256431EB-FFD0-4206-8C4D-4B17CA2FC49A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [{80A431FC-28C7-4A67-A71B-AB85D1B62084}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{998E42B3-AD91-4944-99D6-79677E56934D}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{C166BD20-9DF5-489B-A5AD-174DD4C5A217}] => (Allow) C:\Users\Blinky\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{5CB6904B-50C2-4EBB-B3EA-5013F4185743}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
06-11-2016 21:52:34 Windows Update
07-11-2016 00:55:07 Malwarebytes Anti-Rootkit Restore Point
07-11-2016 01:10:41 Checkpoint by HitmanPro
07-11-2016 01:12:25 Checkpoint by HitmanPro
09-11-2016 22:25:39 Windows Update
10-11-2016 22:51:21 zoek.exe restore point
11-11-2016 09:53:27 Windows Update
13-11-2016 16:52:58 JRT Pre-Junkware Removal
13-11-2016 19:08:00 Revo Uninstaller's restore point - SpyHunter 4
13-11-2016 20:43:18 Installed Sophos Virus Removal Tool.
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: 802.11n Wireless PCI Express Card LAN Adapter
Description: 802.11n Wireless PCI Express Card LAN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LITE-ON TECHNOLOGY CORPORATION
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 32%
Total physical RAM: 3965.18 MB
Available physical RAM: 2690.47 MB
Total Virtual: 7928.54 MB
Available Virtual: 6673.55 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:233.93 GB) (Free:105.7 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:231.83 GB) (Free:79.93 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7BF0A948)
Partition 1: (Active) - (Size=233.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=231.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:55 AM

Posted 15 November 2016 - 10:30 AM

I suggest you run this fix.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-3625527535-722659519-321427626-1001 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-3625527535-722659519-321427626-1001 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-18\...A8F59079A8D5}\localserver32:  <==== ATTENTION
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
GroupPolicyUsers\S-1-5-21-3625527535-722659519-321427626-1001\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3625527535-722659519-321427626-1000\User: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-13]
CHR Extension: (Chrome Media Router) - C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-13]
S4 dgderdrv; System32\drivers\dgderdrv.sys [X]
S4 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#12 Webtracker

Webtracker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:10:55 PM

Posted 15 November 2016 - 11:52 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Blinky (15-11-2016 21:31:53) Run:2
Running from C:\Users\Blinky\Desktop
Loaded Profiles: Blinky (Available Profiles: Robert & Blinky)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-21-3625527535-722659519-321427626-1001 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-3625527535-722659519-321427626-1001 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-18\...A8F59079A8D5}\localserver32:  <==== ATTENTION
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
GroupPolicyUsers\S-1-5-21-3625527535-722659519-321427626-1001\User:
Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3625527535-722659519-321427626-1000\User: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-13]
CHR Extension: (Chrome Media Router) - C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-13]
S4 dgderdrv; System32\drivers\dgderdrv.sys [X]
S4 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
reboot:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-3625527535-722659519-321427626-1001 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION => restored successfully
HKU\S-1-5-21-3625527535-722659519-321427626-1001 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION => restored successfully
HKU\S-1-5-18\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => key not found. 
"HKU\S-1-5-18\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => key removed successfully
HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => key removed successfully
HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found. 
"C:\Windows\system32\GroupPolicyUsers\GroupPolicyUsers\S-1-5-21-3625527535-722659519-321427626-1001\User:" => not found.
Restriction <======= ATTENTION => Error: No automatic fix found for this entry.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3625527535-722659519-321427626-1000\User => moved successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Blinky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
dgderdrv => service removed successfully
DgiVecp => service removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14277641 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 10738 B
Edge => 0 B
Chrome => 9169432 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 33058 B
LocalService => 0 B
NetworkService => 4240 B
Robert => 1773699 B
Blinky => 5307701 B
 
RecycleBin => 0 B
EmptyTemp: => 29.2 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:32:17 ====
 
 
System seems to be working great now. thanks for your help. 


#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:55 AM

Posted 16 November 2016 - 10:21 AM

Glad we could help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users