Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Issues, DDS Log


  • This topic is locked This topic is locked
2 replies to this topic

#1 Halogen

Halogen

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 15 December 2016 - 09:13 PM

Mod Edit:  Split from https://www.bleepingcomputer.com/forums/t/634214/cbs-log-errors-and-no-windows-updates, moved to MRL - Hamluis.
 
 
Same type issue with Windows 7. attached dds log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18538 BrowserJavaVersion: 11.111.2
Run by BOB at 19:24:10 on 2016-12-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8182.5136 [GMT -6:00]
.
AV: Trend Micro Antivirus+ *Enabled/Updated* {6458A697-CD62-2062-F924-44AA7F87C1E7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Trend Micro Antivirus+ *Enabled/Updated* {DF394773-EB58-2FEC-C394-7FD804008B5A}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\mqsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files (x86)\SolarWinds\Orion\SQLExpress\MSSQL10_50.SOLARWINDS_ORION\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\locator.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.roboform.com/
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mDefault_Page_URL = hxxp://www.google.com
uProxyOverride = localhost
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
BHO: Trend Micro Security Toolbar Helper: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
BHO: Trend Micro Network Filter Plugin: {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL
BHO: Trend Micro IE Protection: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Trend Micro Security Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [(default)] <no file>
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\tray.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DisableCAD = dword:1
mPolicies-System: LocalAccountTokenFilterPolicy = dword:1
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Fill Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Save Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
Trusted Zone: dell.com
Trusted Zone: www.google-analytics.com
Trusted Zone: www.google-analytics.com
DPF: {42B182F9-3F08-484E-9913-07193A5D36A9} - hxxp://192.168.5.80/web/WebClient.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {5C709EEC-DDE1-4738-8E57-7564E2637891} - hxxps://merchantaccount.quickbooks.com/sync/QBMASSyncCom1_2009.cab
DPF: {788539E8-002D-4E59-9089-40B694A99C9A} - hxxps://merchantaccount.quickbooks.com/sync/QBMASSyncCom2_2008.cab
TCP: Interfaces\{18043536-F3D0-41C7-B705-3AA9DA880D98} : NameServer = 192.168.1.5,192.168.5.1,8.8.8.8
Handler: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages = msv1_0 wvauth
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: Trend Micro Security Toolbar Helper: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -
x64-BHO: Trend Micro Network Filter Plugin: {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL
x64-BHO: Trend Micro IE Protection: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe64.dll
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-TB: Trend Micro Security Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-Trusted Zone: www.google-analytics.com
x64-Trusted Zone: www.google-analytics.com
x64-DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex64-2.2.6.2.cab
x64-Handler: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - <orphaned>
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe64.dll
x64-Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg.dll
x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\BOB\AppData\Roaming\Mozilla\Firefox\Profiles\680c7ljf.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.roboform.com
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Users\BOB\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\BOB\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\BOB\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.351\npGatewayNpapi-x64.dll
FF - plugin: C:\Users\BOB\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.351\npGatewayNpapi.dll
FF - plugin: C:\Users\BOB\AppData\Roaming\Mozilla\Plugins\npatgpc.dll
FF - plugin: C:\Users\BOB\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\BOB\AppData\Roaming\Mozilla\Plugins\npoff.dll
FF - plugin: C:\Users\BOB\AppData\Roaming\Mozilla\plugins\npoff.dll
FF - plugin: C:\Users\BOB\AppData\Roaming\Mozilla\Plugins\npoff64.dll
FF - plugin: C:\Users\BOB\AppData\Roaming\Mozilla\plugins\npoff64.dll
FF - plugin: C:\Users\BOB\AppData\Roaming\Mozilla\Plugins\npwbe.dll
FF - plugin: C:\Users\BOB\AppData\Roaming\Mozilla\plugins\npwbe.dll
FF - plugin: C:\Users\BOB\AppData\Roaming\Mozilla\Plugins\npwbe64.dll
FF - plugin: C:\Users\BOB\AppData\Roaming\Mozilla\plugins\npwbe64.dll
FF - plugin: C:\Users\BOB\AppData\Roaming\RingCentralMeetings\bin\nprcmsplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2013-3-3 137312]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2016-6-3 641672]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2016-6-3 28808]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-3-10 53488]
R0 TMEBC;TMEBC;C:\Windows\System32\drivers\TMEBC64.sys [2016-11-20 72504]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2016-2-15 211552]
R0 vidsflt67;Acronis Disk Storage Filter (67);C:\Windows\System32\drivers\vsflt67.sys [2016-2-15 146528]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\rsdrvx64.sys [2015-3-29 26024]
R1 RawDisk3;RawDisk3;C:\Windows\System32\drivers\rawdsk3.sys [2015-2-1 32912]
R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2013-2-27 55416]
R1 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2016-11-20 117984]
R1 tmumh;tmumh;C:\Windows\System32\drivers\TMUMH.sys [2016-11-20 111840]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2016-11-20 365576]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2016-7-29 2946304]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 Dokan;Dokan;C:\Windows\System32\drivers\dokanx.sys [2015-10-23 56504]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2013-4-29 1380592]
R2 MSSQL$SOLARWINDS_ORION;SQL Server (SOLARWINDS_ORION);C:\Program Files (x86)\SolarWinds\Orion\SQLExpress\MSSQL10_50.SOLARWINDS_ORION\MSSQL\Binn\sqlservr.exe [2011-6-17 43040096]
R2 tmusa;Trend Micro Osprey Driver;C:\Windows\System32\drivers\tmusa.sys [2016-11-20 132888]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2016-6-3 104984]
R3 DDDriver;DDDriver;C:\Windows\System32\drivers\DDDriver64Dcsa.sys [2015-9-11 32464]
R3 DellProf;DellProf;C:\Windows\System32\drivers\DellProf.sys [2015-5-22 24240]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2015-9-24 509104]
R3 ETDSMBus;ETDSMBus;C:\Windows\System32\drivers\ETDSMBus.sys [2016-6-3 31832]
R3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;C:\Windows\System32\drivers\jmccgp.sys [2015-9-24 17136]
R3 pmxmouse;pmxmouse;C:\Windows\System32\drivers\pmxmouse.sys [2015-9-24 22016]
R3 pmxusblf;pmxusblf;C:\Windows\System32\drivers\pmxusblf.sys [2015-9-24 24384]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);C:\Windows\System32\drivers\rusb3hub.sys [2015-9-23 114568]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);C:\Windows\System32\drivers\rusb3xhc.sys [2015-9-23 230280]
R3 tmeevw;tmeevw;C:\Windows\System32\drivers\tmeevw.sys [2016-11-20 143648]
R3 tmnciesc;tmnciesc;C:\Windows\System32\drivers\tmnciesc.sys [2016-11-20 561952]
R3 vNICdrv;Iomega Virtual Miniport;C:\Windows\System32\drivers\vNICdrv.sys [2013-5-19 20048]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-11-29 125112]
S2 YOICS Sharing Service;YOICS Sharing Service; [x]
S3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2016-2-15 367200]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2011-4-19 1254464]
S3 ChangeTracker;ChangeTracker;C:\Windows\System32\drivers\ChangeTracker.sys [2016-8-17 27272]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2016-9-5 131712]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2015-2-8 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2015-2-8 9096]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-12-13 114688]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-25 27008]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-10-9 192216]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-1-19 64896]
S3 mr8980;Digital Wireless Camera;C:\Windows\System32\drivers\dwcamx64.sys [2010-5-11 84992]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-10-25 96768]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-10-25 213504]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-27 19456]
S3 SliceDisk5;SliceDisk5;C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [2013-10-26 31824]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2015-9-23 45296]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2016-9-5 165504]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-2-27 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-16 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-27 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-27 1255736]
S4 Advanced Monitoring Agent;Advanced Monitoring Agent;C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe [2013-2-27 8790016]
S4 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2016-2-15 3459024]
S4 AllShare Framework DMS;AllShare Framework DMS;C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [2013-12-21 404360]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2015-9-25 239616]
S4 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2014-3-5 118056]
S4 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
S4 Backup Service Controller;Backup Service Controller;C:\Program Files\Backup Manager\ProcessController.exe [2015-5-9 3461832]
S4 CGVPNCliService;CyberGhost 5 Client Service;C:\Program Files\CyberGhost 5\Service.exe [2016-6-3 65128]
S4 Common Toolkit 2;Common Toolkit 2;C:\Program Files (x86)\Common Files\Common Toolkit Suite\Tools\x64\CommonToolkit2.exe [2014-8-13 344608]
S4 DellDataVault;Dell Data Vault;C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2016-6-23 2572024]
S4 DellDataVaultWiz;Dell Data Vault Wizard;C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [2016-6-23 202488]
S4 DLSDB;Dell Printer Status Database;D:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [2015-4-2 343400]
S4 DokanMounter;DokanMounter;C:\Program Files\VirtualDrive\dokanx_mount.exe [2015-10-23 155832]
S4 EmbassyService;EmbassyService;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2012-1-17 218504]
S4 EvLog30Service;EvLog 3.0 Service;C:\Program Files (x86)\EvLog 3.0\EvLog3Service.exe [2015-12-1 25456]
S4 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2014-10-20 697472]
S4 Garmin Device Interaction Service;Garmin Device Interaction Service;C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [2015-4-8 708616]
S4 gfi_lanss11_attservice;GFI LanGuard 11 Attendant Service;C:\PROGRA~2\ADVANC~1\patchman\lnssatt.exe [2015-1-30 167024]
S4 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-11-21 135496]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-1-19 1514464]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-1-19 1136608]
S4 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-4-22 25824]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2014-8-7 44896]
S4 ntopng;ntopng;C:\Program Files\ntopng\ntopng.exe [2016-5-2 3079168]
S4 Olympus DVR Service;Olympus DVR Service;C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [2009-2-25 167936]
S4 OS Selector;Acronis OS Selector activator;C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2011-11-15 2139400]
S4 PCloudd;PCloudd;C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe [2013-7-6 215040]
S4 Platinum Host Service;Platinum Host Service;C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [2016-11-20 1145856]
S4 PwmSvc;Trend Micro Password Manager Central Control Service;C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [2016-11-20 2458112]
S4 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2014-12-6 1248256]
S4 QuickBooksDB25;QuickBooksDB25;C:\PROGRA~2\Intuit\QUCB5A~1\QBDBMgrN.exe -hvQuickBooksDB25 --> C:\PROGRA~2\Intuit\QUCB5A~1\QBDBMgrN.exe -hvQuickBooksDB25 [?]
S4 redis;Redis Server;C:\Program Files\Redis\redis-service.exe [2016-5-2 73728]
S4 Samsung Link Service;Samsung Link Service;C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [2016-7-22 623848]
S4 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2012-11-8 15552]
S4 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-9-20 324224]
S4 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [2014-4-29 216608]
S4 SQLAgent$SOLARWINDS_ORION;SQL Server Agent (SOLARWINDS_ORION);C:\Program Files (x86)\SolarWinds\Orion\SQLExpress\MSSQL10_50.SOLARWINDS_ORION\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 370016]
S4 ss_conn_service;SAMSUNG Mobile Connectivity Service;C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2016-11-7 754784]
S4 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S4 Suite Service;Suite Service;C:\Program Files (x86)\Fighters\FighterSuiteService.exe [2015-11-13 1282592]
S4 SupportAssistAgent;Dell SupportAssist Agent;C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [2016-9-9 31704]
S4 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-6-28 5915352]
S4 TeamViewer;TeamViewer 11;C:\Program Files (x86)\Take Control Viewer\TeamViewer_Service.exe [2016-4-18 6942480]
S4 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2012-1-5 1679872]
S4 WvPCR;WvPCR;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [2012-1-16 198144]
.
=============== File Associations ===============
.
FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2016-12-05 20:20:08 -------- d-----w- C:\Users\BOB\AppData\Local\Take Control Viewer
2016-12-05 15:02:11 872408 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2016-12-05 15:02:11 41928 ----a-w- C:\Program Files (x86)\Mozilla Firefox\IA2Marshal.dll
2016-12-05 15:02:11 231880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2016-11-30 04:34:16 28352 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll
2016-11-30 04:34:16 19112 ----a-w- C:\Windows\SysWow64\msvcr110_clr0400.dll
2016-11-30 04:34:16 19112 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2016-11-30 04:34:16 19112 ----a-w- C:\Windows\SysWow64\msvcp110_clr0400.dll
2016-11-30 04:27:48 30400 ----a-w- C:\Windows\System32\aspnet_counters.dll
2016-11-30 04:27:48 19112 ----a-w- C:\Windows\System32\msvcr110_clr0400.dll
2016-11-30 04:27:48 19112 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2016-11-30 04:27:48 19112 ----a-w- C:\Windows\System32\msvcp110_clr0400.dll
2016-11-23 21:52:34 -------- d-----w- C:\Program Files\Microsoft Office 15
2016-11-20 23:51:46 -------- d--h--w- C:\TMRescueDisk
2016-11-20 23:46:47 561952 ----a-w- C:\Windows\System32\drivers\tmnciesc.sys
2016-11-20 23:46:47 143648 ----a-w- C:\Windows\System32\drivers\tmeevw.sys
2016-11-20 23:46:45 435416 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2016-11-20 23:46:45 142552 ----a-w- C:\Windows\System32\drivers\tmactmon.sys
2016-11-20 23:46:45 117984 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys
2016-11-20 23:46:45 111840 ----a-w- C:\Windows\System32\drivers\TMUMH.sys
2016-11-20 23:46:45 -------- d-----w- C:\Windows\SysWow64\tmumh
2016-11-20 23:46:45 -------- d-----w- C:\Windows\System32\tmumh
2016-11-20 23:46:44 72504 ----a-w- C:\Windows\System32\drivers\TMEBC64.sys
2016-11-20 23:46:44 132888 ----a-w- C:\Windows\System32\drivers\tmusa.sys
2016-11-20 23:46:22 59 ----a-w- C:\Windows\System32\SupportTool.exe.bat
2016-11-20 23:31:06 -------- d-----w- C:\ProgramData\Trend Micro Installer
2016-11-20 19:42:54 -------- d-----w- C:\Users\BOB\AppData\Roaming\Trend Micro
2016-11-20 19:42:53 -------- d-----w- C:\Users\BOB\AppData\Local\DP_Tower_3.7
2016-11-20 19:42:16 -------- d-----w- C:\ProgramData\TMDP_Setup
2016-11-20 19:42:16 -------- d-----w- C:\ProgramData\TMDP_Log
2016-11-20 19:42:12 -------- d-----w- C:\ProgramData\Trend Micro
2016-11-20 19:42:12 -------- d-----w- C:\Program Files\Trend Micro
2016-11-20 19:36:40 -------- d-----w- C:\Users\BOB\AppData\Local\Trend Micro
.
==================== Find3M ====================
.
2016-12-13 22:37:24 802904 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-12-13 22:37:24 144472 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-11-21 18:16:29 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-11-21 18:16:29 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-11-20 16:20:03 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-11-20 16:20:03 82944 ----a-w- C:\Windows\SysWow64\bcrypt.dll
2016-11-20 16:20:03 666112 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2016-11-20 16:20:01 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2016-11-20 16:20:01 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2016-11-20 16:19:57 254464 ----a-w- C:\Windows\SysWow64\schannel.dll
2016-11-20 16:19:57 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2016-11-20 16:19:57 141312 ----a-w- C:\Windows\SysWow64\rpchttp.dll
2016-11-20 16:19:53 261120 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2016-11-20 16:19:53 223232 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2016-11-20 16:19:52 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2016-11-20 16:19:51 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2016-11-20 16:19:49 553472 ----a-w- C:\Windows\SysWow64\kerberos.dll
2016-11-20 16:19:47 84992 ----a-w- C:\Windows\SysWow64\hlink.dll
2016-11-20 16:19:43 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2016-11-20 16:19:42 342528 ----a-w- C:\Windows\SysWow64\certcli.dll
2016-11-20 16:19:40 690688 ----a-w- C:\Windows\SysWow64\adtschema.dll
2016-11-20 16:04:54 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-11-20 15:58:19 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-11-20 15:57:45 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-11-20 15:57:43 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-11-20 15:57:01 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-11-20 15:57:00 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-11-20 15:52:42 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-11-20 14:07:52 467392 ----a-w- C:\Windows\System32\drivers\cng.sys
2016-11-17 16:41:49 370920 ----a-w- C:\Windows\System32\clfs.sys
2016-11-12 19:48:25 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-11-12 19:48:08 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-11-12 19:28:01 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-11-12 19:26:46 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-11-12 19:26:27 417792 ----a-w- C:\Windows\System32\html.iec
2016-11-12 19:25:50 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-11-12 19:25:41 576000 ----a-w- C:\Windows\System32\vbscript.dll
2016-11-12 19:08:26 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-11-12 19:08:24 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-11-12 19:07:47 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-11-12 18:56:20 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-11-12 18:53:10 6049280 ----a-w- C:\Windows\System32\jscript9.dll
2016-11-12 18:47:35 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-11-12 18:41:49 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-11-12 18:30:22 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-11-12 18:29:26 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-11-12 18:29:13 498688 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-11-12 18:29:05 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-11-12 18:27:51 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-11-12 18:14:53 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-11-12 18:14:16 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-11-12 18:08:54 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-11-12 18:08:32 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-11-12 17:57:35 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-11-12 17:37:20 4608000 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-11-12 17:36:39 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-11-12 17:36:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-11-12 17:35:33 2920960 ----a-w- C:\Windows\System32\wininet.dll
2016-11-12 17:05:59 2444800 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-11-10 16:32:41 1009152 ----a-w- C:\Windows\System32\user32.dll
2016-11-10 16:19:40 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2016-11-09 16:41:27 114408 ----a-w- C:\Windows\System32\consent.exe
2016-11-09 16:33:43 2048 ----a-w- C:\Windows\System32\tzres.dll
2016-11-09 16:33:34 504320 ----a-w- C:\Windows\System32\msihnd.dll
2016-11-09 16:33:34 3244032 ----a-w- C:\Windows\System32\msi.dll
2016-11-09 16:33:34 25088 ----a-w- C:\Windows\System32\msimsg.dll
2016-11-09 16:33:26 70144 ----a-w- C:\Windows\System32\appinfo.dll
2016-11-09 16:33:26 1941504 ----a-w- C:\Windows\System32\authui.dll
2016-11-09 16:17:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2016-11-09 16:17:31 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2016-11-09 16:17:31 25088 ----a-w- C:\Windows\SysWow64\msimsg.dll
2016-11-09 16:17:31 2365440 ----a-w- C:\Windows\SysWow64\msi.dll
2016-11-09 16:17:18 1806848 ----a-w- C:\Windows\SysWow64\authui.dll
2016-11-09 16:02:19 128512 ----a-w- C:\Windows\System32\msiexec.exe
2016-11-09 15:55:06 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
2016-11-06 16:33:24 404992 ----a-w- C:\Windows\System32\gdi32.dll
2016-11-06 16:16:46 312832 ----a-w- C:\Windows\SysWow64\gdi32.dll
2016-11-06 16:01:47 3219456 ----a-w- C:\Windows\System32\win32k.sys
2016-11-02 15:36:15 382696 ----a-w- C:\Windows\System32\atmfd.dll
2016-11-02 15:32:08 41472 ----a-w- C:\Windows\System32\lpk.dll
2016-11-02 15:32:05 100864 ----a-w- C:\Windows\System32\fontsub.dll
2016-11-02 15:32:03 14336 ----a-w- C:\Windows\System32\dciman32.dll
2016-11-02 15:32:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2016-11-02 15:22:36 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2016-11-02 15:16:31 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2016-11-02 15:16:15 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2016-11-02 15:16:14 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2016-11-02 14:53:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2016-10-27 15:33:31 802304 ----a-w- C:\Windows\System32\usp10.dll
2016-10-27 15:20:17 627712 ----a-w- C:\Windows\SysWow64\usp10.dll
2016-10-24 23:34:25 97856 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2016-10-15 15:31:21 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2016-10-15 15:31:21 84480 ----a-w- C:\Windows\System32\INETRES.dll
2016-10-15 15:13:55 84480 ----a-w- C:\Windows\SysWow64\INETRES.dll
2016-10-15 15:13:55 741888 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2016-10-11 15:40:56 631176 ----a-w- C:\Windows\System32\winresume.efi
2016-10-11 15:37:24 706792 ----a-w- C:\Windows\System32\winload.efi
2016-10-11 15:37:24 5547752 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-10-11 15:34:46 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2016-10-11 15:32:08 362496 ----a-w- C:\Windows\System32\wow64win.dll
.
============= FINISH: 19:24:55.82 ===============

Edited by Al1000, 16 December 2016 - 07:25 AM.
fix link


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,180 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:31 AM

Posted 16 December 2016 - 10:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,180 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:31 AM

Posted 22 December 2016 - 09:48 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users