Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help cleaning up computer


  • This topic is locked This topic is locked
15 replies to this topic

#1 tronk

tronk

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 08 January 2017 - 09:13 PM

I have a Dell E5500 laptop running Windows 10 OEM, which is infected with at least one known malware (Kairos.exe) that I haven't been able to completely remove, and I suspect there are several other things going on as my computer has been running slowly for a few days now.  Any help would be appreciated.  I'm attaching my FRST.txt file in case that helps.

Attached Files

  • Attached File  FRST.txt   111.53KB   5 downloads


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:27 PM

Posted 09 January 2017 - 07:01 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 tronk

tronk
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 10 January 2017 - 02:32 AM

Hi Jo,
 

Thank you for responding to my post and offering to help me with my computer.  I did run a different anti-malware program (wise uninstaller) last night, and it seems to have helped, but there are still some traces on my system.

 

-Trent

 

Security Check Log:

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Sophos Home        
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 21.0.0.197  
 Google Chrome (55.0.2883.87) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Sophos Sophos Anti-Virus SavService.exe  
 Sophos Sophos Anti-Virus SAVAdminService.exe  
 Sophos Sophos Anti-Virus Web Control swc_service.exe 
 Sophos Sophos Anti-Virus Web Intelligence swi_filter.exe 
 Sophos Sophos Anti-Virus Web Intelligence swi_service.exe 
 Windows Defender MSASCuiL.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
 
Malwarebytes Anti-Rootkit log:
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.576.14393.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 4247953408, free: 1213845504
 
Downloaded database version: v2017.01.10.01
Downloaded database version: v2016.11.20.01
Downloaded database version: v2016.12.16.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     01/09/2017 19:24:49
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\pcmcia.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\system32\DRIVERS\savonaccess.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\DRIVERS\swi_callout.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\usbuhci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\b57nd60a.sys
\SystemRoot\System32\drivers\1394ohci.sys
\SystemRoot\System32\drivers\sdbus.sys
\SystemRoot\System32\drivers\rimmpx64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\HdAudio.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\VSTAZL6.SYS
\SystemRoot\system32\DRIVERS\VSTDPV6.SYS
\SystemRoot\system32\DRIVERS\VSTCNXT6.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\System32\drivers\rassstp.sys
\SystemRoot\System32\DRIVERS\NDProxy.sys
\SystemRoot\System32\drivers\AgileVpn.sys
\SystemRoot\System32\drivers\rasl2tp.sys
\SystemRoot\System32\drivers\raspptp.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\drivers\ndiswan.sys
\SystemRoot\System32\drivers\asyncmac.sys
\SystemRoot\System32\drivers\NETwNs64.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.01.10.01
  rootkit: v2016.11.20.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffff9f019fb72060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff9f019fb72ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff9f019fb72060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffff9f019f7a9060, DeviceName: \Device\00000029\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9F9E7D39
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 975762107
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 975765504  Numsec = 1001472
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffff9f01a15e1060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff9f01a15de590, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff9f01a15e1060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffff9f01a15de060, DeviceName: \Device\0000003d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0
 
Partition information:
 
    Partition 0 type is Other (0x6)
    Partition is ACTIVE.
    Partition starts at LBA: 95  Numsec = 245921
    Partition is not bootable
    Partition file system is FAT
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 125960192 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffff9f01a15d9690, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff9f01a15d8040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff9f01a15d9690, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffff9f01a15deb10, DeviceName: \Device\0000003e\, DriverName: \Driver\USBSTOR\
------------ End ----------
File "C:\Users\trent\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Infected: C:\Windows\blemished.exe --> [Adware.DotDo]
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0971383532108B687C8DAA8E12782C8DB7BECEF1.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0971383532108B687C8DAA8E12782C8DB7BECEF1.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0971383532108B687C8DAA8E12782C8DB7BECEF1.bin.83" is compressed (flags = 1)
File "C:\ProgramData\Sophos\Sophos Anti-Virus\logs\SAV.txt" is compressed (flags = 1)
Infected: C:\Windows\System32\Tasks\Sak55338176k55338176 --> [Adware.DotDo.PrxySvrRST]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B9B58A0C-D0F1-4F88-87DB-A38B5B1FDE6B}|Path --> [Adware.DotDo.PrxySvrRST]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B9B58A0C-D0F1-4F88-87DB-A38B5B1FDE6B} --> [Adware.DotDo.PrxySvrRST]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Sak55338176k55338176 --> [Adware.DotDo.PrxySvrRST]
Infected: HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Publisher --> [Trojan.Agent.Generic]
Scan finished
User declined to cleanup malware.
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-975765504-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-95-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.576.14393.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 4247953408, free: 1726590976
 
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     01/09/2017 21:07:22
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\pcmcia.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\system32\DRIVERS\savonaccess.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\DRIVERS\swi_callout.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\usbuhci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\b57nd60a.sys
\SystemRoot\System32\drivers\1394ohci.sys
\SystemRoot\System32\drivers\sdbus.sys
\SystemRoot\System32\drivers\rimmpx64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\HdAudio.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\VSTAZL6.SYS
\SystemRoot\system32\DRIVERS\VSTDPV6.SYS
\SystemRoot\system32\DRIVERS\VSTCNXT6.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\System32\drivers\rassstp.sys
\SystemRoot\System32\DRIVERS\NDProxy.sys
\SystemRoot\System32\drivers\AgileVpn.sys
\SystemRoot\System32\drivers\rasl2tp.sys
\SystemRoot\System32\drivers\raspptp.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\drivers\ndiswan.sys
\SystemRoot\System32\drivers\asyncmac.sys
\SystemRoot\System32\drivers\NETwNs64.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.01.10.01
  rootkit: v2016.11.20.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffff9f019fb72060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff9f019fb72ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff9f019fb72060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffff9f019f7a9060, DeviceName: \Device\00000029\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9F9E7D39
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 975762107
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 975765504  Numsec = 1001472
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffff9f01a15e1060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff9f01a15de590, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff9f01a15e1060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffff9f01a15de060, DeviceName: \Device\0000003d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0
 
Partition information:
 
    Partition 0 type is Other (0x6)
    Partition is ACTIVE.
    Partition starts at LBA: 95  Numsec = 245921
    Partition is not bootable
    Partition file system is FAT
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 125960192 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffff9f01a15d9690, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff9f01a15d8040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff9f01a15d9690, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffff9f01a15deb10, DeviceName: \Device\0000003e\, DriverName: \Driver\USBSTOR\
------------ End ----------
File "C:\Users\trent\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Infected: C:\Windows\blemished.exe --> [Adware.DotDo]
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0971383532108B687C8DAA8E12782C8DB7BECEF1.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0971383532108B687C8DAA8E12782C8DB7BECEF1.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0971383532108B687C8DAA8E12782C8DB7BECEF1.bin.83" is compressed (flags = 1)
File "C:\ProgramData\Sophos\Sophos Anti-Virus\logs\SAV.txt" is compressed (flags = 1)
Infected: C:\Windows\System32\Tasks\Sak55338176k55338176 --> [Adware.DotDo.PrxySvrRST]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B9B58A0C-D0F1-4F88-87DB-A38B5B1FDE6B}|Path --> [Adware.DotDo.PrxySvrRST]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B9B58A0C-D0F1-4F88-87DB-A38B5B1FDE6B} --> [Adware.DotDo.PrxySvrRST]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Sak55338176k55338176 --> [Adware.DotDo.PrxySvrRST]
Infected: HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Publisher --> [Trojan.Agent.Generic]
Scan finished
 
 
Adware Cleaner log:
 
# AdwCleaner v6.042 - Logfile created 09/01/2017 at 23:26:38
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-09.3 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : trent - LAPTRESS
# Running from : C:\Users\trent\Downloads\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1295 Bytes] - [28/09/2016 14:25:21]
C:\AdwCleaner\AdwCleaner[C2].txt - [1333 Bytes] - [28/09/2016 17:42:11]
C:\AdwCleaner\AdwCleaner[C3].txt - [5893 Bytes] - [15/11/2016 12:18:06]
C:\AdwCleaner\AdwCleaner[C4].txt - [5549 Bytes] - [07/01/2017 12:56:03]
C:\AdwCleaner\AdwCleaner[S0].txt - [1350 Bytes] - [28/09/2016 14:20:03]
C:\AdwCleaner\AdwCleaner[S1].txt - [1432 Bytes] - [28/09/2016 17:41:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [5187 Bytes] - [15/11/2016 11:59:24]
C:\AdwCleaner\AdwCleaner[S3].txt - [5171 Bytes] - [07/01/2017 12:55:24]
C:\AdwCleaner\AdwCleaner[S4].txt - [1569 Bytes] - [09/01/2017 23:26:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1642 Bytes] ##########
 


#4 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:27 PM

Posted 10 January 2017 - 03:53 AM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Double click mbar.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Scan your system for malware
  • If malware is found, click on the Cleanup
  • button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


:step3: How the computer is running now?


***


:step4: FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the box next to Addition.txt and press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 tronk

tronk
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 10 January 2017 - 10:19 AM

JRT log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64 
Ran by trent (Administrator) on Tue 01/10/2017 at  7:00:39.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/10/2017 at  7:05:03.24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
My computer is now running very smoothly.  Using Task Manager, the CPU speed is running between 90% and just 104% of "Maximum Speed.  Thank you!  No other problems seem to be present.

FRST.txt log
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
Ran by trent (administrator) on LAPTRESS (10-01-2017 07:11:43)
Running from C:\Users\trent\Desktop
Loaded Profiles: trent (Available Profiles: trent)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [592240 2011-01-04] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [aconite] => "C:\Program Files (x86)\Clematis\kairos.exe"
HKLM-x32\...\Run: [aconiteaconite] => "C:\Program Files (x86)\Electron\kairos.exe"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\Run: [uTorrent] => C:\Users\trent\AppData\Roaming\uTorrent\uTorrent.exe [1979072 2016-12-23] (BitTorrent Inc.)
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [1690248 2016-12-01] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\Run: [Chromium] => c:\users\trent\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\Run: [viviana] => "C:\Program Files (x86)\Clematis\kairos.exe"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\Run: [vivianaviviana] => "C:\Program Files (x86)\Electron\kairos.exe"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\Run: [freedman] => "C:\Program Files (x86)\Clematis\kairos.exe"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\Run: [freedmanfreedman] => "C:\Program Files (x86)\Electron\kairos.exe"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\Run: [drinks] => "C:\Program Files (x86)\creativeness\drinks.exe"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\Run: [gobierno] => "C:\Program Files (x86)\Clematis\kairos.exe"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\MountPoints2: {708c9e20-8524-11e6-9de6-a4badb94db5a} - "G:\setup.exe" 
HKU\S-1-5-18\...\Run: [] => 0
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\\SOPHOS~1.DLL => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk [2016-10-26]
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\D-Link Wireless N USB Adapter DWA-130\wirelesscm.exe ( )
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0e7a32c0-2bf3-4898-92d5-4a86e628738e}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{4e4d73ec-ed39-4d29-88a3-7364b32b93bb}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{81d07a69-f83d-4cb3-a988-375ad4194730}: [DhcpNameServer] 75.75.75.75 75.75.76.76
ManualProxies: 
 
Internet Explorer:
==================
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1678287169-1903332064-1416524258-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-12-03] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-03] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-12-03] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-03] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-11-13] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-03] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-11-13] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-12-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default [2017-01-04]
CHR Extension: (Google Slides) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-27]
CHR Extension: (Google Docs) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-27]
CHR Extension: (Google Drive) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-27]
CHR Extension: (YouTube) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-27]
CHR Extension: (Adblock Plus) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (STRATEGO - Official) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ckpgdjbodiacocpojlgipgkphcihfbdo [2016-11-14]
CHR Extension: (FullTab) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\dcgefogogljdgjcegkpkdjocajhlpdko [2017-01-02]
CHR Extension: (Ultimate Game Collection) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\dkenanfbbddepieknfjcgmclhiakhdmm [2016-10-26]
CHR Extension: (Word Search) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj [2016-11-14]
CHR Extension: (Google Sheets) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-27]
CHR Extension: (Google Docs Offline) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-27]
CHR Extension: (Kickoff) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\heelhmibbjlnankkkmcdgbmcepajmddl [2016-11-14]
CHR Extension: (Search) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\hhlambmdchnamjafiahpoonaaoicoocn [2017-01-02]
CHR Extension: (FlipWord) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\hkdepghnddjlcegjaklbkllnebeilmlj [2016-12-31]
CHR Extension: (2048 in Popup) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ijkmjnaahlnmdjjlbhbjbhlnmadmmlgg [2016-10-26]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-12-23]
CHR Extension: (Popup Blocker Pro) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2016-10-26]
CHR Extension: (Bubble Shooter Balloons) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\kpbhbohcdnlcediiopngchhnnofnhaec [2016-11-14]
CHR Extension: (Poppit!) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2016-11-14]
CHR Extension: (MONOPOLY: The World Edition) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nkedhiolniniodbokjinplhaleemnfbe [2016-11-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-27]
CHR Extension: (Hover Zoom+) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2016-12-29]
CHR Extension: (Gmail) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-27]
CHR Extension: (Chrome Media Router) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-13]
CHR Profile: C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default [2017-01-10]
CHR Extension: (Google Slides) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-04]
CHR Extension: (Google Docs) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-04]
CHR Extension: (Google Drive) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-04]
CHR Extension: (YouTube) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-04]
CHR Extension: (Google Sheets) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-04]
CHR Extension: (Google Docs Offline) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-04]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-04]
CHR Extension: (Hover Zoom+) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2017-01-04]
CHR Extension: (Gmail) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-04]
CHR Extension: (Chrome Media Router) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-04]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [486936 2016-12-01] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [470552 2016-12-01] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [511512 2016-12-01] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3698888 2016-12-04] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3837224 2016-01-21] (INCA Internet Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-10-19] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-21] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-12-01] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. )
R3 cpuz137; C:\Program Files (x86)\CPUID\PC Wizard 2015\pcwiz_x64.sys [26856 2014-02-17] (CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 MRV6X64U; C:\WINDOWS\System32\drivers\MRVW24C.sys [340480 2007-10-28] (Marvell Semiconductor, Inc)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-23] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
U5 SynTP; C:\Windows\System32\Drivers\SynTP.sys [532720 2013-06-04] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-10 06:24 - 2017-01-10 06:24 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-01-10 06:16 - 2017-01-10 07:12 - 00018611 _____ C:\Users\trent\Desktop\FRST.txt
2017-01-10 05:27 - 2017-01-10 07:05 - 00000554 _____ C:\Users\trent\Desktop\JRT.txt
2017-01-09 23:14 - 2017-01-09 23:15 - 03988944 _____ C:\Users\trent\Downloads\AdwCleaner.exe
2017-01-09 19:24 - 2017-01-10 05:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-01-09 19:22 - 2017-01-10 04:47 - 00000000 ____D C:\Users\trent\Desktop\mbar
2017-01-09 19:21 - 2017-01-09 19:22 - 16563352 _____ (Malwarebytes Corp.) C:\Users\trent\Downloads\mbar-1.09.3.1001.exe
2017-01-09 19:09 - 2017-01-09 19:09 - 00852798 _____ C:\Users\trent\Downloads\SecurityCheck.exe
2017-01-09 03:04 - 2017-01-09 03:16 - 00000000 ____D C:\Users\trent\Desktop\stick
2017-01-09 03:04 - 2017-01-09 03:04 - 00174534 _____ C:\Users\trent\Downloads\stick.zip
2017-01-09 03:00 - 2017-01-09 03:01 - 00000000 ____D C:\Users\trent\Desktop\ACID
2017-01-09 03:00 - 2017-01-09 03:00 - 00121012 _____ C:\Users\trent\Downloads\acid.zip
2017-01-08 20:34 - 2017-01-08 20:34 - 00000000 ____D C:\Users\trent\Desktop\FRST-OlderVersion
2017-01-08 16:26 - 2017-01-08 16:26 - 00001173 _____ C:\Users\Public\Desktop\Wise Uninstaller.lnk
2017-01-08 16:26 - 2017-01-08 16:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiseUninstaller
2017-01-08 16:26 - 2017-01-08 16:26 - 00000000 ____D C:\Program Files (x86)\WiseUninstaller
2017-01-08 16:25 - 2017-01-08 16:25 - 01988148 _____ (wiseuninstaller.com ) C:\Users\trent\Downloads\WiseUninstaller_Setup.exe
2017-01-08 08:37 - 2017-01-08 08:37 - 00001148 _____ C:\Users\trent\Desktop\update.exe - Shortcut.lnk
2017-01-08 07:21 - 2017-01-08 07:21 - 00000000 ____D C:\Users\trent\Documents\Rainmeter
2017-01-08 07:21 - 2017-01-08 07:21 - 00000000 ____D C:\Users\trent\AppData\Roaming\Rainmeter
2017-01-08 07:10 - 2017-01-08 07:20 - 02390672 _____ C:\Users\trent\Downloads\Rainmeter-3.3.2.exe
2017-01-08 06:57 - 2017-01-08 06:57 - 00000000 ____D C:\Users\trent\AppData\Local\Sophos
2017-01-08 06:24 - 2017-01-10 06:29 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-01-08 06:23 - 2017-01-10 06:29 - 00000000 ____D C:\ProgramData\Sophos
2017-01-08 06:07 - 2017-01-08 06:19 - 225196632 _____ (Sophos Limited) C:\Users\trent\Downloads\SophosInstall.exe
2017-01-07 18:01 - 2017-01-07 23:29 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2017-01-07 13:20 - 2017-01-10 07:11 - 00000000 ____D C:\FRST
2017-01-07 12:50 - 2017-01-08 20:34 - 02419200 _____ (Farbar) C:\Users\trent\Desktop\FRST64.exe
2017-01-07 12:49 - 2017-01-07 12:50 - 03988944 _____ C:\Users\trent\Desktop\adwcleaner_6.042.exe
2017-01-07 08:50 - 2017-01-08 20:10 - 00000000 ____D C:\Users\trent\Desktop\Pangya Celebrity
2017-01-07 07:38 - 2017-01-07 08:29 - 2007717979 _____ C:\Users\trent\Downloads\Pangya Celebrity December 2016 (1).zip
2017-01-06 23:58 - 2016-01-21 03:16 - 03837224 _____ (INCA Internet Co., Ltd.) C:\WINDOWS\SysWOW64\GameMon.des
2017-01-06 20:50 - 2017-01-06 20:50 - 07469722 _____ C:\Users\trent\Downloads\kaplan-anatomy-coloring-book.pdf
2017-01-03 10:48 - 2017-01-03 10:49 - 00000000 ____D C:\Users\trent\Downloads\backups
2017-01-03 10:37 - 2017-01-03 10:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\trent\Downloads\HijackThis.exe
2017-01-03 10:06 - 2017-01-03 10:13 - 00001774 _____ C:\Users\trent\Desktop\Rkill.txt
2017-01-03 10:01 - 2017-01-03 10:01 - 01663040 _____ (Malwarebytes) C:\Users\trent\Downloads\JRT.exe
2017-01-03 09:59 - 2017-01-03 10:03 - 11581544 _____ (SurfRight B.V.) C:\Users\trent\Downloads\HitmanPro_x64.exe
2017-01-03 01:26 - 2017-01-03 01:36 - 00001034 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2017-01-03 01:26 - 2017-01-03 01:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2017-01-03 01:22 - 2017-01-08 18:19 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-01-03 01:17 - 2017-01-08 18:48 - 00000000 ____D C:\Users\trent\AppData\Local\Battle.net
2017-01-03 01:17 - 2017-01-03 01:17 - 00000000 ____D C:\Users\trent\AppData\Local\Blizzard Entertainment
2017-01-03 01:17 - 2017-01-03 01:17 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2017-01-03 01:16 - 2017-01-03 01:16 - 00000940 _____ C:\Users\Public\Desktop\Battle.net.lnk
2017-01-03 01:16 - 2017-01-03 01:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-01-03 01:15 - 2017-01-08 18:17 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-01-03 01:07 - 2017-01-03 01:21 - 00000000 ____D C:\Users\trent\AppData\Roaming\Battle.net
2017-01-03 01:06 - 2017-01-03 01:07 - 00000000 ____D C:\ProgramData\Battle.net
2017-01-03 01:06 - 2017-01-03 01:06 - 03170288 _____ (Blizzard Entertainment) C:\Users\trent\Downloads\World-of-Warcraft-Setup.exe
2017-01-03 00:27 - 2009-09-01 17:14 - 00000000 ____D C:\Users\trent\Downloads\World of Warcraft 1.12
2017-01-02 23:53 - 2017-01-02 23:54 - 00000000 ____D C:\Users\trent\Downloads\The Departed (2006)
2017-01-02 23:47 - 2017-01-02 23:58 - 00000000 ____D C:\Program Files (x86)\Final Fantasy X X-2 HD Remaster
2017-01-02 20:41 - 2017-01-02 20:41 - 00003234 _____ C:\WINDOWS\System32\Tasks\{F187F75C-2D3F-439D-833C-73D3A36A380B}
2017-01-02 17:29 - 2017-01-02 17:29 - 00000000 ____D C:\WINDOWS\system32\auro
2017-01-02 11:40 - 2017-01-03 09:53 - 00002345 _____ C:\Users\trent\Desktop\Google Chrome.lnk
2017-01-02 11:31 - 2017-01-02 17:30 - 00000000 ____D C:\Users\trent\AppData\Roaming\Xeeedxi
2017-01-02 11:31 - 2017-01-02 11:31 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2017-01-02 11:31 - 2017-01-02 11:31 - 00000000 ____D C:\Users\trent\AppData\Local\Tempfolder
2017-01-02 11:26 - 2017-01-02 11:26 - 00000000 _____ C:\TOSTACK
2017-01-02 11:17 - 2017-01-02 11:17 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-01-02 11:17 - 2017-01-02 11:17 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-01-02 11:08 - 2017-01-08 08:33 - 00000770 __RSH C:\Users\trent\ntuser.pol
2017-01-02 00:19 - 2017-01-02 00:19 - 00000000 ____D C:\Users\trent\Documents\Square Enix
2017-01-01 23:38 - 2017-01-01 23:38 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2017-01-01 23:25 - 2009-09-01 17:14 - 00000000 ____D C:\Users\trent\Desktop\World of Warcraft 1.12
2017-01-01 22:51 - 2017-01-02 00:36 - 00000000 ____D C:\Program Files (x86)\Final Fantasy VII
2017-01-01 22:51 - 2017-01-01 23:04 - 00001172 _____ C:\Users\Public\Desktop\Final Fantasy VII.lnk
2017-01-01 22:51 - 2017-01-01 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII
2017-01-01 22:26 - 2017-01-02 05:46 - 1154835871 _____ C:\Users\trent\Downloads\World of Warcraft 1.12 Client.rar
2017-01-01 22:25 - 2017-01-01 22:25 - 00000000 ____D C:\Users\trent\Downloads\Final.Fantasy.X.X-2.HD.Remaster-CODEX
2017-01-01 22:23 - 2017-01-01 22:50 - 1508829184 _____ C:\Users\trent\Downloads\ff7_remake.iso
2017-01-01 16:46 - 2017-01-01 23:40 - 00000000 ____D C:\Users\trent\Downloads\Finding Dory 2016 1080p BluRay x264 DTS-JYK
2017-01-01 03:34 - 2017-01-08 09:07 - 00000000 ____D C:\Games
2016-12-31 19:48 - 2016-12-31 19:48 - 00000162 ____H C:\Users\trent\Desktop\~$verletter template.docx
2016-12-31 19:00 - 2016-12-31 19:15 - 00030020 _____ C:\Users\trent\Desktop\coverletter template.docx
2016-12-31 13:58 - 2016-12-31 22:41 - 00000000 ____D C:\Users\trent\Downloads\[R.G. Mechanics] DOOM 3 BFG Edition
2016-12-30 23:00 - 2016-12-30 23:00 - 02172434 _____ C:\Users\trent\Desktop\Cooking By The Book.flac
2016-12-30 22:38 - 2016-12-30 22:39 - 02834639 _____ C:\Users\trent\Downloads\Cooking By The Book.flac
2016-12-30 22:34 - 2016-12-30 22:34 - 02834652 _____ C:\Users\trent\Downloads\LazyTownCooking By The BookMusic VideoKids Karaoke.flac
2016-12-30 19:29 - 2016-12-30 19:29 - 00047291 _____ C:\Users\trent\Downloads\CancelNotice.pdf
2016-12-30 19:28 - 2016-12-30 19:28 - 00048814 _____ C:\Users\trent\Downloads\Notice.pdf
2016-12-30 19:28 - 2016-12-30 19:28 - 00043445 _____ C:\Users\trent\Downloads\EFTAuthorizationForm.pdf
2016-12-30 17:52 - 2016-12-30 23:02 - 00000000 ____D C:\Users\trent\AppData\Roaming\Audacity
2016-12-30 17:50 - 2016-12-30 17:51 - 00000000 ____D C:\Users\trent\Downloads\Audacity 2.0 Final Portable (2012) [MULTi][WwW.ZoNaTorrent.CoM]
2016-12-29 03:45 - 2016-12-29 04:09 - 00000000 ____D C:\Users\trent\Downloads\Scrubs Season 1
2016-12-29 03:44 - 2016-12-29 03:44 - 00000000 ____D C:\Users\trent\Downloads\Audacity
2016-12-29 03:34 - 2017-01-02 16:21 - 00000000 ____D C:\Users\trent\Desktop\YouTube Video Downloader PRO FINAL v4.9.0.3 [TechTools.NET]
2016-12-28 23:29 - 2017-01-08 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard
2016-12-28 23:29 - 2016-12-28 23:29 - 00001083 _____ C:\Users\Public\Desktop\EaseUS Data Recovery Wizard.lnk
2016-12-28 23:29 - 2016-12-28 23:29 - 00000000 ____D C:\Program Files\EaseUS
2016-12-28 23:27 - 2016-12-28 23:27 - 15295622 _____ C:\Users\trent\Downloads\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC].zip
2016-12-27 12:30 - 2016-12-27 12:31 - 24341662 _____ C:\Users\trent\Downloads\LazyTownCooking By The BookMusic VideoKids Karaoke.mp3
2016-12-26 14:41 - 2016-12-26 14:41 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2016-12-26 14:40 - 2016-12-26 14:42 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-12-26 14:35 - 2016-12-26 14:35 - 00000000 ____D C:\Program Files\Samsung
2016-12-26 14:35 - 2016-09-05 05:47 - 01499408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll
2016-12-26 14:35 - 2016-09-05 05:47 - 00716920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller.dll
2016-12-26 14:35 - 2016-09-05 05:47 - 00165504 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2016-12-26 14:35 - 2016-09-05 05:47 - 00131712 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus.sys
2016-12-26 14:34 - 2016-12-26 14:34 - 00000000 ____D C:\ProgramData\Samsung
2016-12-26 14:32 - 2016-12-26 14:32 - 09597112 _____ C:\Users\trent\Downloads\Samsung-Usb-Driver-v1.5.61.0.zip
2016-12-26 14:23 - 2016-12-26 14:24 - 13796884 _____ C:\Users\trent\Downloads\Impactor_0.9.37.zip
2016-12-25 22:41 - 2017-01-06 16:32 - 00000194 _____ C:\Users\trent\Desktop\xoj!4851.txt
2016-12-24 23:05 - 2016-12-24 23:12 - 00000688 _____ C:\Users\trent\Desktop\Christmas eve Nikki.txt
2016-12-24 22:49 - 2016-12-24 11:43 - 02900979 _____ C:\Users\trent\Desktop\IMG_0158.JPG
2016-12-24 22:49 - 2016-12-24 11:43 - 02306071 _____ C:\Users\trent\Desktop\IMG_0157.JPG
2016-12-24 22:49 - 2016-12-24 11:42 - 02289416 _____ C:\Users\trent\Desktop\IMG_0156.JPG
2016-12-24 22:49 - 2016-12-24 11:42 - 02253342 _____ C:\Users\trent\Desktop\IMG_0155.JPG
2016-12-24 17:28 - 2016-12-24 17:50 - 00000000 ____D C:\Users\trent\Downloads\VA - Dear Jerry - Celebrating The Music Of Jerry Garcia (2016) [24-48 HD FLAC]
2016-12-24 17:20 - 2016-12-24 17:20 - 00000000 ____D C:\Users\trent\Desktop\The Dean Ween Group
2016-12-24 17:18 - 2016-12-24 17:19 - 113803736 _____ C:\Users\trent\Downloads\The Deaner Album - The Dean Ween Group.zip
2016-12-24 16:43 - 2016-12-24 16:43 - 00000000 ____D C:\Users\trent\Downloads\Neil Young - Peace Trail (2016) [320]
2016-12-24 14:45 - 2016-12-24 15:02 - 00000000 ____D C:\Users\trent\Downloads\Phish - Big Boat [2016]
2016-12-24 14:33 - 2016-12-24 14:33 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2016-12-24 14:04 - 2016-12-24 14:04 - 00001229 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2016-12-24 14:04 - 2016-12-24 14:04 - 00001187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2016-12-24 14:04 - 2016-12-24 14:04 - 00000000 ____D C:\Users\trent\AppData\Roaming\Canneverbe Limited
2016-12-24 14:04 - 2016-12-24 14:04 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2016-12-24 13:58 - 2016-12-24 14:03 - 06234192 _____ (Canneverbe Limited ) C:\Users\trent\Downloads\cdbxp_setup_4.5.7.6452.exe
2016-12-23 13:47 - 2016-12-23 13:47 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2016-12-23 13:47 - 2016-12-23 13:47 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2016-12-23 13:46 - 2016-12-23 13:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2016-12-23 13:46 - 2016-12-23 13:46 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-12-23 13:45 - 2016-12-23 13:48 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-23 13:17 - 2016-12-23 13:17 - 00001246 _____ C:\Users\trent\Desktop\PC Wizard 2015.lnk
2016-12-23 13:17 - 2016-12-23 13:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-12-23 13:17 - 2016-12-23 13:17 - 00000000 ____D C:\Program Files (x86)\CPUID
2016-12-23 13:17 - 2012-02-14 11:49 - 00147456 _____ (CPUID) C:\WINDOWS\SysWOW64\PCWizard.cpl
2016-12-23 12:39 - 2016-12-23 12:39 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-12-20 02:15 - 2016-09-16 14:33 - 00000127 ___SH C:\Users\trent\Desktop\desktop.ini
2016-12-14 22:04 - 2016-12-15 01:23 - 00005386 _____ C:\Users\trent\Desktop\Computress.txt
2016-12-14 01:04 - 2016-12-09 02:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-14 01:04 - 2016-12-09 02:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 01:04 - 2016-12-09 02:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-14 01:04 - 2016-12-09 02:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-14 01:04 - 2016-12-09 02:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-14 01:04 - 2016-12-09 02:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-14 01:04 - 2016-12-09 02:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-14 01:04 - 2016-12-09 02:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 01:04 - 2016-12-09 02:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-14 01:04 - 2016-12-09 02:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-14 01:04 - 2016-12-09 02:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 01:04 - 2016-12-09 02:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-14 01:04 - 2016-12-09 02:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-14 01:04 - 2016-12-09 01:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-14 01:04 - 2016-12-09 01:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 01:04 - 2016-12-09 01:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-14 01:04 - 2016-12-09 01:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 01:04 - 2016-12-09 01:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 01:04 - 2016-12-09 01:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-14 01:04 - 2016-12-09 01:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-14 01:04 - 2016-12-09 01:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-14 01:04 - 2016-12-09 01:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 01:04 - 2016-12-09 01:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-14 01:04 - 2016-12-09 01:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 01:04 - 2016-12-09 01:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-14 01:04 - 2016-12-09 01:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 01:04 - 2016-12-09 01:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-14 01:04 - 2016-12-09 01:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-14 01:04 - 2016-12-09 01:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-14 01:04 - 2016-12-09 01:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-14 01:04 - 2016-12-09 01:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-14 01:04 - 2016-12-09 01:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-14 01:04 - 2016-12-09 01:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 01:04 - 2016-12-09 01:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-14 01:04 - 2016-12-09 01:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-14 01:04 - 2016-12-09 01:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-14 01:04 - 2016-12-09 01:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-14 01:04 - 2016-12-09 01:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-14 01:04 - 2016-12-09 01:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-14 01:04 - 2016-12-09 01:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-14 01:04 - 2016-12-09 01:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 01:04 - 2016-12-09 01:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 01:04 - 2016-12-09 01:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 01:04 - 2016-12-09 01:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-14 01:04 - 2016-12-09 01:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-14 01:04 - 2016-12-09 01:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-14 01:04 - 2016-12-09 01:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-14 01:04 - 2016-12-09 01:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 01:04 - 2016-12-09 01:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-14 01:04 - 2016-12-09 01:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-14 01:04 - 2016-11-02 02:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-14 01:03 - 2016-12-09 02:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-14 01:03 - 2016-12-09 02:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-14 01:03 - 2016-12-09 02:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-14 01:03 - 2016-12-09 02:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-14 01:03 - 2016-12-09 02:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-14 01:03 - 2016-12-09 02:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-14 01:03 - 2016-12-09 02:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 01:03 - 2016-12-09 02:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 01:03 - 2016-12-09 02:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 01:03 - 2016-12-09 02:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-14 01:03 - 2016-12-09 02:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-14 01:03 - 2016-12-09 02:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 01:03 - 2016-12-09 02:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-14 01:03 - 2016-12-09 02:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-14 01:03 - 2016-12-09 02:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-14 01:03 - 2016-12-09 02:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-14 01:03 - 2016-12-09 02:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 01:03 - 2016-12-09 01:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-14 01:03 - 2016-12-09 01:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-14 01:03 - 2016-12-09 01:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 01:03 - 2016-12-09 01:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-14 01:03 - 2016-12-09 01:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-14 01:03 - 2016-12-09 01:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-14 01:03 - 2016-12-09 01:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-14 01:03 - 2016-12-09 01:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 01:03 - 2016-12-09 01:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-14 01:03 - 2016-12-09 01:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 01:03 - 2016-12-09 01:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-14 01:03 - 2016-12-09 01:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 01:03 - 2016-12-09 01:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-14 01:03 - 2016-12-09 01:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-14 01:03 - 2016-12-09 01:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 01:03 - 2016-12-09 01:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-14 01:03 - 2016-12-09 01:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-14 01:03 - 2016-12-09 01:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-14 01:03 - 2016-12-09 01:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-14 01:03 - 2016-12-09 01:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-14 01:03 - 2016-12-09 00:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-14 01:03 - 2016-11-02 02:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-14 01:02 - 2016-12-09 02:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-14 01:02 - 2016-12-09 02:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 01:02 - 2016-12-09 02:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-14 01:02 - 2016-12-09 02:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 01:02 - 2016-12-09 02:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-14 01:02 - 2016-12-09 02:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-14 01:02 - 2016-12-09 02:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-14 01:02 - 2016-12-09 01:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-14 01:02 - 2016-12-09 01:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-14 01:02 - 2016-12-09 01:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-14 01:02 - 2016-12-09 01:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-14 01:02 - 2016-12-09 01:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-14 01:02 - 2016-12-09 01:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-14 01:02 - 2016-12-09 01:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-14 01:02 - 2016-12-09 01:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-14 01:02 - 2016-12-09 01:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 01:02 - 2016-12-09 01:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-14 01:02 - 2016-12-09 01:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 01:02 - 2016-12-09 01:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-14 01:02 - 2016-12-09 01:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-14 01:02 - 2016-12-09 01:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 01:02 - 2016-12-09 01:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-14 01:02 - 2016-12-09 01:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-14 01:02 - 2016-12-09 01:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-14 01:02 - 2016-12-09 01:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 01:02 - 2016-09-15 08:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-14 00:27 - 2016-12-14 00:31 - 288635233 _____ C:\Users\trent\Downloads\Black.Mirror.2x03.The.Waldo.Moment.HDTV.x264-FoV.mp4
2016-12-14 00:27 - 2016-12-14 00:30 - 416413527 _____ C:\Users\trent\Downloads\Black.Mirror.2x02.White.Bear.HDTV.x264-FoV.mp4
2016-12-13 15:28 - 2016-12-13 15:42 - 2010125373 _____ C:\Users\trent\Downloads\Pangya Celebrity December 2016.zip
2016-12-12 23:19 - 2016-12-12 23:23 - 00000000 ____D C:\Users\trent\Downloads\The Prestige (2006)
2016-12-12 22:51 - 2016-12-12 23:00 - 00000000 ____D C:\Users\trent\Downloads\Black.Mirror.S01.Season.1.1080p.Web-DL.ReEnc-DeeJayAhmed
2016-12-12 22:51 - 2016-12-12 22:53 - 203342220 _____ C:\Users\trent\Downloads\Black.Mirror.2x01.Be.Right.Back.HDTV.x264-FoV.mp4
2016-12-12 22:51 - 2016-12-12 22:51 - 00000000 ____D C:\Users\trent\Downloads\Black Mirror Season 3 Complete WEBRip x264-FS
2016-12-12 16:02 - 2016-12-12 16:02 - 00026624 _____ C:\Users\trent\Desktop\DELMAR CH 24 (1).doc
2016-12-12 14:24 - 2016-12-12 14:24 - 01065376 _____ (Google Inc.) C:\Users\trent\Downloads\ChromeSetup.exe
2016-12-12 14:16 - 2016-12-12 14:16 - 00013299 _____ C:\Users\trent\Downloads\DELMAR CH 24 (1).docx
2016-12-11 14:45 - 2016-12-11 14:45 - 00000000 ___DL C:\ProgramData\Adobe
2016-12-11 14:45 - 2016-12-11 14:45 - 00000000 ____D C:\Users\trent\Documents\Adobe
2016-12-11 14:45 - 2016-12-11 14:45 - 00000000 ____D C:\Users\trent\AppData\Roaming\PDAppFlex
2016-12-11 14:45 - 2016-12-11 14:45 - 00000000 ____D C:\Users\trent\AppData\LocalLow\Adobe
2016-12-11 11:49 - 2016-12-14 19:12 - 00001409 _____ C:\Users\trent\Desktop\Christmas list.txt
2016-12-11 11:49 - 2016-12-12 03:08 - 00000123 _____ C:\Users\trent\Desktop\New Text Document (2).txt
2016-12-11 01:02 - 2016-12-12 04:02 - 00001591 _____ C:\Users\trent\Desktop\Keaton.txt
2016-12-11 00:29 - 2016-12-11 11:57 - 00000000 ____D C:\Users\trent\Desktop\PhotoshopPortable
2016-12-11 00:13 - 2016-12-11 00:13 - 00000000 ____D C:\Users\trent\Downloads\Adobe Photoshop CC 2015 FULL Portable [TechTools.NET]
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-10 07:08 - 2016-12-06 15:54 - 00000638 __RSH C:\ProgramData\ntuser.pol
2017-01-10 06:56 - 2016-10-01 00:32 - 00000000 ____D C:\Users\trent\AppData\Roaming\vlc
2017-01-10 04:59 - 2016-10-19 03:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-10 04:52 - 2016-10-19 03:25 - 00000000 ____D C:\Users\trent
2017-01-10 04:52 - 2016-07-15 22:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-10 04:51 - 2016-10-19 03:18 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-10 04:47 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\Resources
2017-01-09 23:26 - 2016-09-28 14:14 - 00000000 ____D C:\AdwCleaner
2017-01-09 21:07 - 2016-09-28 10:40 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-09 21:07 - 2016-09-28 10:39 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-01-08 18:51 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-08 17:01 - 2016-10-27 03:55 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-08 17:01 - 2016-10-26 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-01-08 17:01 - 2016-09-28 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-08 03:30 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-06 03:06 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-04 23:00 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-04 22:54 - 2016-09-27 15:52 - 00002357 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-04 19:56 - 2016-11-13 10:36 - 00000000 ____D C:\Users\trent\Desktop\Windows 10 Pro v.1511 En-us x64 July2016 Pre-Activated-=TEAM OS=-
2017-01-04 19:54 - 2016-10-17 14:47 - 00000000 ____D C:\Users\trent\Downloads\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]
2017-01-04 19:52 - 2016-10-19 04:06 - 00646136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-01-04 19:52 - 2016-10-19 04:06 - 00496872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-01-04 19:04 - 2016-11-25 18:39 - 00000000 ____D C:\Users\trent\Desktop\New folder
2017-01-03 10:46 - 2016-09-27 14:14 - 00000000 ____D C:\Users\trent\AppData\Local\VirtualStore
2017-01-03 09:30 - 2016-09-27 22:06 - 00000000 ____D C:\Users\trent\AppData\Roaming\uTorrent
2017-01-02 22:57 - 2016-07-16 03:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-01-02 21:15 - 2016-10-14 11:22 - 00000000 ____D C:\Users\trent\AppData\Local\ElevatedDiagnostics
2017-01-02 20:42 - 2016-09-27 15:51 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-02 11:37 - 2016-10-01 00:31 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2017-01-02 11:36 - 2016-11-14 14:24 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-01-01 23:38 - 2016-10-26 09:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-01 23:32 - 2016-12-09 00:27 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-01-01 23:31 - 2016-12-09 00:28 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-12-31 17:27 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\WDI
2016-12-31 14:10 - 2015-10-29 23:24 - 00000000 __SHD C:\$Recycle.Bin
2016-12-28 23:14 - 2016-09-27 14:14 - 00000000 ____D C:\Users\trent\AppData\Local\Packages
2016-12-28 20:56 - 2016-09-27 19:33 - 00000000 ____D C:\Users\trent\AppData\Local\Diagnostics
2016-12-28 20:02 - 2016-07-16 03:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-26 14:42 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-24 16:39 - 2016-09-27 14:16 - 00000000 ____D C:\Users\trent\AppData\Local\Comms
2016-12-23 20:39 - 2016-12-09 00:14 - 00000000 ____D C:\Users\trent\AppData\Local\chromium
2016-12-23 15:12 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-23 13:47 - 2016-07-16 03:47 - 00000000 __RSD C:\WINDOWS\assembly
2016-12-23 12:56 - 2016-10-19 03:40 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-23 12:56 - 2016-10-19 03:40 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-23 12:39 - 2016-07-16 03:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-23 12:39 - 2016-07-16 03:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-12-23 12:36 - 2016-10-26 21:45 - 00000000 ____D C:\Program Files\Microsoft Office
2016-12-17 17:47 - 2016-09-27 14:47 - 00000000 __SHD C:\Boot
2016-12-17 17:46 - 2016-10-19 03:18 - 04961304 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-17 17:45 - 2016-10-19 03:18 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{b794f0cf-4b5d-11e6-80e4-e41d2d719790}.TMContainer00000000000000000001.regtrans-ms
2016-12-17 17:45 - 2016-10-19 03:18 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{b794f0cf-4b5d-11e6-80e4-e41d2d719790}.TM.blf
2016-12-17 17:44 - 2016-07-16 03:47 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-17 17:44 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-17 17:44 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-17 17:44 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-17 17:44 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-17 17:44 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-14 15:48 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-14 15:23 - 2016-09-28 14:58 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 15:13 - 2016-09-28 14:57 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-12 15:35 - 2016-09-27 14:14 - 00000000 ___SD C:\Users\trent\AppData\LocalLow\Microsoft
2016-12-11 17:29 - 2016-10-19 03:25 - 00524288 ___SH C:\Users\trent\NTUSER.DAT{0bddf3ab-95f6-11e6-9dbb-ccf9baa23911}.TMContainer00000000000000000001.regtrans-ms
2016-12-11 15:56 - 2016-07-16 03:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-11 15:56 - 2016-07-16 03:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-11 15:21 - 2016-09-27 14:14 - 00000000 ___RD C:\Users\trent\Pictures
2016-12-11 14:45 - 2016-12-07 11:59 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-12-11 14:45 - 2016-12-07 04:06 - 00000000 ____D C:\Users\trent\AppData\Local\Adobe
2016-12-11 14:45 - 2016-09-27 14:14 - 00000000 ____D C:\Users\trent\AppData\Roaming\Adobe
2016-12-11 00:07 - 2016-12-08 01:43 - 00013153 _____ C:\Users\trent\Desktop\New Microsoft Word Document.docx
 
==================== Files in the root of some directories =======
 
2016-12-10 00:14 - 2016-12-10 00:14 - 0000045 _____ () C:\Users\trent\AppData\Roaming\WB.CFG
2016-12-08 23:50 - 2016-11-23 05:37 - 0000570 _____ () C:\Users\trent\AppData\Local\TroubleshooterConfig.json
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-01 06:33
 
==================== End of FRST.txt ============================
 
Addition.txt log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by trent (10-01-2017 07:13:39)
Running from C:\Users\trent\Desktop
Windows 10 Pro Version 1607 (X64) (2016-10-19 11:44:18)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1678287169-1903332064-1416524258-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1678287169-1903332064-1416524258-503 - Limited - Disabled)
Guest (S-1-5-21-1678287169-1903332064-1416524258-501 - Limited - Disabled)
SophosSAULAPTRESSaaa (S-1-5-21-1678287169-1903332064-1416524258-1006 - Limited - Enabled)
trent (S-1-5-21-1678287169-1903332064-1416524258-1001 - Administrator - Enabled) => C:\Users\trent
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.78.7302 - BlueStack Systems, Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6452 - CDBurnerXP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell System Detect (HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.108 - ALPS ELECTRIC CO., LTD.)
D-Link Wireless N USB Adapter DWA-130 (HKLM-x32\...\{12556CE0-804A-40B7-8054-BD666764ED36}) (Version: 1.10b2 - D-Link)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7571.2075 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\OneDriveSetup.exe) (Version: 17.3.6705.1122 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Pangya (Ntreev USA) (HKLM-x32\...\Pangya) (Version:  - )
PC Wizard 2015.2.14 (HKLM-x32\...\PC Wizard 2015_is1) (Version:  - CPUID)
Safe365 SD Card Data Recovery Wizard Trial 8.8.8.8 (HKLM-x32\...\Safe365 SD Card Data Recovery Wizard Trial 8.8.8.8_is1) (Version:  - SAFE365)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.4.13 - Synaptics Incorporated)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WiseUninstaller 2.5 (HKLM-x32\...\{3B950BF8-A938-45C6-843D-67DDB25D7D88}_is1) (Version: 2.5.0.1 - wiseuninstaller.com)
Wizard101 (HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1ED035F9-1C06-4F21-9DC3-AE394F0D9917} - System32\Tasks\{A812AC15-2E80-4116-AE2B-CCE2181A3699} => pcalua.exe -a C:\WINDOWS\79e1b4dfef974c5859ed58930917555a.exe
Task: {3DB28B3B-91D3-4F9A-8B33-ACE4F54E20FC} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: {5494A8D2-DA55-453B-B380-E6832A6A12C1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-04] (Microsoft Corporation)
Task: {67E5767D-3F7A-427C-B07B-A78F968F76D8} - System32\Tasks\{12402AE0-1F23-4494-B072-A9DC80D1005B} => pcalua.exe -a C:\Users\trent\Downloads\DELL_TOUCHPAD----POINTING-ST_A11_R231736.exe -d C:\Users\trent\Downloads
Task: {8EAC31FF-F83F-4454-8DC6-A9389E1A7F18} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-12-04] (Microsoft Corporation)
Task: {9A232A80-4A91-4213-BDC4-4B0BC77EE4D1} - System32\Tasks\{E9143D52-28CF-434B-862B-EE78BAD0A8BD} => pcalua.exe -a C:\Users\trent\Desktop\Utility\install.exe -d C:\Users\trent\Desktop\Utility
Task: {9BA1DE0D-23A7-458E-8C4D-390DFB401F68} - \KMSAutoNet -> No File <==== ATTENTION
Task: {B5250771-6A14-46E5-A5C0-ECB623567095} - System32\Tasks\{F187F75C-2D3F-439D-833C-73D3A36A380B} => pcalua.exe -a C:\Users\trent\AppData\Local\uninstallro.exe
Task: {B5A4AF2F-D1DF-490E-B71B-2FF9B5B17937} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-12-04] (Microsoft Corporation)
Task: {CEB65DEF-E548-46CC-8C45-6CCB318D5090} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-04] (Microsoft Corporation)
Task: {D2B5744B-BC37-4E80-A4E4-4D08F94B048F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {DA914246-920A-46C0-8217-1205E6A6DAC4} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-06-04] (Synaptics Incorporated)
Task: {DBBC711C-2C34-4B1B-B5E2-AF040B0C8DAD} - System32\Tasks\{B31C2F69-3B7B-4810-B314-F66086A40173} => pcalua.exe -a C:\Users\trent\Downloads\R44599.EXE -d C:\Users\trent\Downloads
Task: {FCA0844C-5BCF-4EF0-94E5-7A2AA997A167} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 03:42 - 2016-07-16 03:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 01:04 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 01:04 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-07 14:32 - 2016-12-07 14:32 - 01678552 _____ () C:\Users\trent\AppData\Local\Microsoft\OneDrive\17.3.6705.1122_1\amd64\ClientTelemetry.dll
2016-10-26 21:48 - 2016-12-03 19:04 - 08924872 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-12-14 12:21 - 2016-12-14 12:38 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 12:21 - 2016-12-14 12:38 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-10-19 04:06 - 2016-10-19 04:06 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-14 01:03 - 2016-12-09 01:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-12 18:47 - 2016-11-02 02:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-12 18:48 - 2016-11-02 02:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-12 18:47 - 2016-11-02 02:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-12 18:47 - 2016-11-02 02:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-12 18:47 - 2016-11-02 02:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-12 18:47 - 2016-11-02 02:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-12 14:28 - 2016-12-08 00:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-12 14:28 - 2016-12-08 00:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-06-01 06:17 - 2016-06-01 06:17 - 00144832 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 02632640 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00554944 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00041920 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00039872 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 12001728 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 01265600 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00086464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00078272 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 02231744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00114112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00245184 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00089536 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libvdr_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00055744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00072128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00598976 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00771520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00131520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00052672 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\librar_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00145856 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 01566656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00334784 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00069568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00048576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00242624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00108992 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00681408 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00137152 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00030144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00026560 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00261056 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00298944 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 01291200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00754624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00344512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00052160 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00456128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00035776 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00157632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 02680768 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00356288 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00031680 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00370112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00121792 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 14929344 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00046528 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00789952 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00038848 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00030144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00746432 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00125888 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00065472 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00027584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00031168 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00027584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00029120 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00037824 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00024000 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00022976 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00140224 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00176576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00067520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 01504704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00022976 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00029632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00034240 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2016-06-01 06:18 - 2016-06-01 06:18 - 00059840 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll
2016-06-01 06:19 - 2016-06-01 06:19 - 00118720 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libpostproc_plugin.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-01-03 11:05 - 2017-01-03 11:05 - 00404250 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
127.0.0.1 localhost.localdomain
255.255.255.255 broadcasthost
127.0.0.1 local127.0.0.1 goatse.cx       # More information on sites such as 
127.0.0.1 www.goatse.cx   # these can be found in this article
127.0.0.1 oralse.cx       # en.wikipedia.org/wiki/List_of_shock_sites
127.0.0.1 www.oralse.cx
127.0.0.1 goatse.ca
127.0.0.1 www.goatse.ca
127.0.0.1 oralse.ca
127.0.0.1 www.oralse.ca
127.0.0.1 goat.cx
127.0.0.1 www.goat.cx
127.0.0.1 1girl1pitcher.com
127.0.0.1 1girl1pitcher.org
127.0.0.1 1guy1cock.com
127.0.0.1 1man1jar.org
127.0.0.1 1man2needles.com
127.0.0.1 1priest1nun.com
127.0.0.1 1priest1nun.net
127.0.0.1 2girls1cup.cc
127.0.0.1 2girls1cup.com
127.0.0.1 2girls1cup-free.com
127.0.0.1 2girls1cup.nl
127.0.0.1 2girls1cup.ws
127.0.0.1 2girls1finger.com
127.0.0.1 2girls1finger.org
127.0.0.1 2guys1stump.org
127.0.0.1 3guys1hammer.ws
127.0.0.1 4girlsfingerpaint.com
 
There are 12445 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "Wireless Connection Manager.lnk"
HKLM\...\StartupApproved\Run32: => "aconiteaconite"
HKLM\...\StartupApproved\Run32: => "MapsGalaxy"
HKLM\...\StartupApproved\Run32: => "aconite"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\StartupApproved\StartupFolder: => "asks.lnk"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\StartupApproved\Run: => "freedmanfreedman"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\StartupApproved\Run: => "vivianaviviana"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\StartupApproved\Run: => "drinks"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\StartupApproved\Run: => "gobierno"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\StartupApproved\Run: => "freedman"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\StartupApproved\Run: => "viviana"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\StartupApproved\Run: => "GPRE3FRS95"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\StartupApproved\Run: => "6Y0VT5KSP3"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\StartupApproved\Run: => "Publisher"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{6FB412FF-C369-4D2E-BC34-EA0164989586}] => C:\Users\trent\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F3B23B88-FD67-4871-965E-2CEA7725C918}] => C:\Users\trent\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9E45964E-F1E0-4E2B-A01B-8B604644E49A}] => C:\Users\trent\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7865F02C-3D9E-47A2-A19B-A42312180353}] => C:\Users\trent\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0242947C-C81B-42DF-AC48-BCD7A9408657}] => C:\Users\trent\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{35AB0FD6-D956-4417-BBA7-8609C54CCE59}] => C:\Users\trent\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E14D722B-0F16-48F6-A7C6-64DF3A77994B}] => C:\Windows\KMS-R@1n.exe
FirewallRules: [{B783C39F-3D16-4AAC-B11A-6ED63DECFD46}] => C:\Windows\KMS-R@1n.exe
FirewallRules: [{B93E6874-C7BA-4835-9375-479695B6D28E}] => C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8868144A-75C5-4A78-BABD-9AF7D1C981BB}] => C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{087D98ED-4AF6-4A77-BFB1-FE087F165EC5}] => C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{C7AF6FE5-4EFA-4547-B200-CCF83DFDBB30}] => C:\Users\trent\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{9D4F3B39-16B2-4585-862D-3598BC30ED58}] => C:\Users\trent\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{8E60F0DA-1C8B-42BA-A74C-C8E99261FB01}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4A2F0BE9-41F0-4DC7-90A8-E2642552B3BC}] => C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{DC78ADE2-6831-415C-A36D-AD5202268DAC}] => C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F4F6EDB6-2E05-474E-9D3A-702136FF3BE5}] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{5DE5F8B7-EEB3-4790-9BBD-0B84B2921AA1}] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{497C42F8-43EE-4B3A-A99C-5D2EF1F690DE}] => C:\Program Files (x86)\Clematis\kairos.exe
FirewallRules: [{516DEBC1-0863-487C-87F7-740499F57A32}] => C:\Program Files (x86)\Electron\kairos.exe
FirewallRules: [{D18F5503-C6ED-402B-AD1D-712DCD596688}] => C:\WINDOWS\system32\rundll32.exe
 
==================== Restore Points =========================
 
23-12-2016 15:07:05 Scheduled Checkpoint
30-12-2016 20:31:05 123016 restore
01-01-2017 23:03:29 Installed Microsoft Visual C++ 2005 Redistributable
03-01-2017 10:01:48 JRT Pre-Junkware Removal
10-01-2017 05:17:24 JRT Pre-Junkware Removal
10-01-2017 07:00:40 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: Fingerprint Sensor
Description: Fingerprint Sensor
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/10/2017 07:01:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (01/10/2017 06:30:58 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (01/10/2017 06:30:58 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (01/10/2017 05:17:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (01/10/2017 05:04:07 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (01/10/2017 05:03:08 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007267C
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (01/10/2017 04:47:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (01/10/2017 04:46:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (01/10/2017 04:42:53 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (01/10/2017 04:40:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTRESS)
Description: Package Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
 
 
System errors:
=============
Error: (01/10/2017 05:02:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/10/2017 05:02:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (01/10/2017 04:40:18 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (01/10/2017 12:00:34 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (01/10/2017 12:00:31 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (01/10/2017 12:00:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/09/2017 02:31:21 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (01/09/2017 12:49:31 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (01/08/2017 06:50:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 8 0x0 0x0
 
Error: (01/08/2017 06:50:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 2 0xdeaddeed 0xeeec
 
 
CodeIntegrity:
===================================
  Date: 2017-01-05 02:38:17.624
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\trent\AppData\Local\Temp\andy-x64\tools\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-05 02:38:17.571
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\trent\AppData\Local\Temp\andy-x64\tools\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-05 02:38:17.545
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\trent\AppData\Local\Temp\andy-x64\tools\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-05 02:38:17.477
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\trent\AppData\Local\Temp\andy-x64\tools\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-05 02:38:17.445
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\trent\AppData\Local\Temp\andy-x64\tools\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-05 02:38:17.401
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\trent\AppData\Local\Temp\andy-x64\tools\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-05 02:38:17.242
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\trent\AppData\Local\Temp\andy-x64\tools\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-05 02:38:17.218
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\trent\AppData\Local\Temp\andy-x64\tools\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-05 02:38:17.151
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\trent\AppData\Local\Temp\andy-x64\tools\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-05 02:38:17.120
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\trent\AppData\Local\Temp\andy-x64\tools\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T7250 @ 2.00GHz
Percentage of memory in use: 47%
Total physical RAM: 4051.16 MB
Available physical RAM: 2139.96 MB
Total Virtual: 5267.16 MB
Available Virtual: 3216.25 MB
 
==================== Drives ================================
 
Drive c: (Laptronk2) (Fixed) (Total:465.28 GB) (Free:233.75 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (KODAK) (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9F9E7D39)
Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=489 MB) - (Type=27)
 
========================================================
Disk: 1 (Size: 120.1 MB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
I'm hoping for the "all clean".  Thanks again!
 
-Trent


#6 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:27 PM

Posted 10 January 2017 - 10:30 AM


We have to do more scans and run a fixlist before "all clean" will come.

Did you make these Settings for GroupPolicy:

GroupPolicy: Restriction - Chrome <======= ATTENTION

GroupPolicy\User: Restriction <======= ATTENTION

GroupPolicyScripts: Restriction <======= ATTENTION

GroupPolicyScripts\User: Restriction <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 tronk

tronk
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 10 January 2017 - 02:13 PM

Okay.  The only Group Policy changes I've made that I remember (I may have made a change in the past when I was denied access to run a progrram even as an administrator, but I don't think so) were to run GPedit.msc in order to disable and then re-enable Windows Defernder for the JRT proceess, following your instructions.



#8 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:27 PM

Posted 10 January 2017 - 02:47 PM

Hello,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
Start
CreateRestorePoint:
CloseProcesses:
File: C:\Program Files\Clematis\kairos.exe
HKLM-x32\...\Run: [aconite] => "C:\Program Files\Clematis\kairos.exe"
File: C:\Program Files\Electron\kairos.exe
HKLM-x32\...\Run: [aconiteaconite] => "C:\Program Files\Electron\kairos.exe"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\Run: [viviana] => "C:\Program Files\Clematis\kairos.exe"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\Run: [vivianaviviana] => "C:\Program Files\Electron\kairos.exe"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\Run: [freedman] => "C:\Program Files\Clematis\kairos.exe"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\Run: [freedmanfreedman] => "C:\Program Files\Electron\kairos.exe"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\Run: [gobierno] => "C:\Program Files\Clematis\kairos.exe"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\MountPoints2: {708c9e20-8524-11e6-9de6-a4badb94db5a} - "G:\setup.exe" 
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ManualProxies: 
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
Task: {3DB28B3B-91D3-4F9A-8B33-ACE4F54E20FC} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: {9BA1DE0D-23A7-458E-8C4D-390DFB401F68} - \KMSAutoNet -> No File <==== ATTENTION
FirewallRules: [{E14D722B-0F16-48F6-A7C6-64DF3A77994B}] => C:\Windows\KMS-R@1n.exe
FirewallRules: [{B783C39F-3D16-4AAC-B11A-6ED63DECFD46}] => C:\Windows\KMS-R@1n.exe
FirewallRules: [{497C42F8-43EE-4B3A-A99C-5D2EF1F690DE}] => C:\Program Files (x86)\Clematis\kairos.exe
FirewallRules: [{516DEBC1-0863-487C-87F7-740499F57A32}] => C:\Program Files (x86)\Electron\kairos.exe
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

---

Download and run Chrome Software Cleaner

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 tronk

tronk
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 10 January 2017 - 03:25 PM

Here are the contents of the fixlog.txt file:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by trent (10-01-2017 12:11:02) Run:1
Running from C:\Users\trent\Desktop
Loaded Profiles: trent (Available Profiles: trent)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
File: C:\Program Files\Clematis\kairos.exe
HKLM-x32\...\Run: [aconite] => "C:\Program Files\Clematis\kairos.exe"
File: C:\Program Files\Electron\kairos.exe
HKLM-x32\...\Run: [aconiteaconite] => "C:\Program Files\Electron\kairos.exe"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\Run: [viviana] => "C:\Program Files\Clematis\kairos.exe"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\Run: [vivianaviviana] => "C:\Program Files\Electron\kairos.exe"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\Run: [freedman] => "C:\Program Files\Clematis\kairos.exe"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\Run: [freedmanfreedman] => "C:\Program Files\Electron\kairos.exe"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\Run: [gobierno] => "C:\Program Files\Clematis\kairos.exe"
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\...\MountPoints2: {708c9e20-8524-11e6-9de6-a4badb94db5a} - "G:\setup.exe" 
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ManualProxies: 
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
Task: {3DB28B3B-91D3-4F9A-8B33-ACE4F54E20FC} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: {9BA1DE0D-23A7-458E-8C4D-390DFB401F68} - \KMSAutoNet -> No File <==== ATTENTION
FirewallRules: [{E14D722B-0F16-48F6-A7C6-64DF3A77994B}] => C:\Windows\KMS-R@1n.exe
FirewallRules: [{B783C39F-3D16-4AAC-B11A-6ED63DECFD46}] => C:\Windows\KMS-R@1n.exe
FirewallRules: [{497C42F8-43EE-4B3A-A99C-5D2EF1F690DE}] => C:\Program Files (x86)\Clematis\kairos.exe
FirewallRules: [{516DEBC1-0863-487C-87F7-740499F57A32}] => C:\Program Files (x86)\Electron\kairos.exe
EmptyTemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========================= File: C:\Program Files\Clematis\kairos.exe ========================
 
"C:\Program Files\Clematis\kairos.exe" => not found.
====== End of File: ======
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\aconite => value removed successfully
 
========================= File: C:\Program Files\Electron\kairos.exe ========================
 
"C:\Program Files\Electron\kairos.exe" => not found.
====== End of File: ======
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\aconiteaconite => value removed successfully
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\Software\Microsoft\Windows\CurrentVersion\Run\\viviana => value removed successfully
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\Software\Microsoft\Windows\CurrentVersion\Run\\vivianaviviana => value removed successfully
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\Software\Microsoft\Windows\CurrentVersion\Run\\freedman => value removed successfully
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\Software\Microsoft\Windows\CurrentVersion\Run\\freedmanfreedman => value removed successfully
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\Software\Microsoft\Windows\CurrentVersion\Run\\gobierno => value removed successfully
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{708c9e20-8524-11e6-9de6-a4badb94db5a} => key removed successfully
HKCR\CLSID\{708c9e20-8524-11e6-9de6-a4badb94db5a} => key not found. 
"C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL" => Value data not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
"C:\WINDOWS\system32\GroupPolicy\User" => not found.
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKU\S-1-5-21-1678287169-1903332064-1416524258-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully
HKLM\System\CurrentControlSet\Services\gupdate => key removed successfully
gupdate => service removed successfully
HKLM\System\CurrentControlSet\Services\gupdatem => key removed successfully
gupdatem => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DB28B3B-91D3-4F9A-8B33-ACE4F54E20FC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DB28B3B-91D3-4F9A-8B33-ACE4F54E20FC} => key removed successfully
C:\WINDOWS\System32\Tasks\R@1n-KMS\Windows64Professional => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Windows64Professional => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BA1DE0D-23A7-458E-8C4D-390DFB401F68} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BA1DE0D-23A7-458E-8C4D-390DFB401F68} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMSAutoNet => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E14D722B-0F16-48F6-A7C6-64DF3A77994B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B783C39F-3D16-4AAC-B11A-6ED63DECFD46} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{497C42F8-43EE-4B3A-A99C-5D2EF1F690DE} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{516DEBC1-0863-487C-87F7-740499F57A32} => value removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 275809127 B
Java, Flash, Steam htmlcache => 1627 B
Windows/system/drivers => 595262 B
Edge => 452274 B
Chrome => 571158703 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 432 B
LocalService => 498987 B
NetworkService => 299394 B
trent => 3641480 B
 
RecycleBin => 2246044 B
EmptyTemp: => 815.1 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 12:12:07 ====


#10 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:27 PM

Posted 10 January 2017 - 04:03 PM

Hello,

:step1: Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7/8/10 users need to right click and choose Run as Administrator
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.


---


:step2: Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


:step3: Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

---


:step4: How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 tronk

tronk
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 10 January 2017 - 05:26 PM

Rkill log:
 
Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/10/2017 01:24:03 PM in x64 mode.
Windows Version: Windows 10 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]
 
 * agp440 [Missing ImagePath]
 
 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 
 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1 localhost
  127.0.0.1 localhost.localdomain
  255.255.255.255 broadcasthost
  ::1 localhost
  127.0.0.1 local
  127.0.0.1 goatse.cx       # More information on sites such as 
  127.0.0.1 www.goatse.cx   # these can be found in this article
  127.0.0.1 oralse.cx       # en.wikipedia.org/wiki/List_of_shock_sites
  127.0.0.1 www.oralse.cx
  127.0.0.1 goatse.ca
  127.0.0.1 www.goatse.ca
  127.0.0.1 oralse.ca
  127.0.0.1 www.oralse.ca
  127.0.0.1 goat.cx
  127.0.0.1 www.goat.cx
  127.0.0.1 1girl1pitcher.com
  127.0.0.1 1girl1pitcher.org
  127.0.0.1 1guy1cock.com
  127.0.0.1 1man1jar.org
  127.0.0.1 1man2needles.com
 
  20 out of 12525 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 01/10/2017 01:26:30 PM
Execution time: 0 hours(s), 2 minute(s), and 27 seconds(s)
 
 
Malwarebytes Anti-malware log:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/10/2017
Scan Time: 1:31 PM
Logfile: MBAR.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2017.01.10.08
Rootkit Database: v2016.11.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: trent
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 306836
Time Elapsed: 42 min, 58 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Farbar Service Scanner log;
 
Farbar Service Scanner Version: 27-01-2016
Ran by trent (administrator) on 10-01-2017 at 14:24:29
Running from "C:\Users\trent\Downloads"
Microsoft Windows 10 Pro  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
 
 


#12 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:27 PM

Posted 10 January 2017 - 06:08 PM

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Open the scan log and copy and paste the content to your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 tronk

tronk
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 10 January 2017 - 10:31 PM

ESET log:
 
C:\Users\All Users\KMSAutoS\bin\TunMirror2.exe a variant of MSIL/HackTool.TunMirror.A potentially unsafe application
C:\Program Files (x86)\CPUID\PC Wizard 2015\systweakasp_c.exe MSIL/AdvancedSystemProtector.D potentially unwanted application deleted
C:\ProgramData\KMSAutoS\bin\TunMirror2.exe a variant of MSIL/HackTool.TunMirror.A potentially unsafe application cleaned by deleting
C:\Users\trent\Desktop\Windows 10 Pro v.1511 En-us x64 July2016 Pre-Activated-=TEAM OS=-\Win10_Pro_1511_English_x64_july_2016.iso a variant of MSIL/HackTool.WinActivator.J potentially unsafe application deleted
C:\Users\trent\Downloads\cdbxp_setup_4.5.7.6452.exe a variant of Win32/FusionCore.I potentially unwanted application deleted
C:\Users\trent\Downloads\VideoReDo TV Suite V4.20 with H.264 x.zip a variant of Win32/Patched.F potentially unsafe application deleted
C:\Users\trent\Downloads\DVD Decrypter, ImgBurn, Virtual Drive (Installer and Portable)\ImgBurn\SetupImgBurn_2.5.8.0.exe Win32/OpenCandy potentially unsafe application deleted
C:\Users\trent\Downloads\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET].rar a variant of MSIL/HackKMS.I potentially unsafe application deleted


#14 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:27 PM

Posted 11 January 2017 - 06:20 AM

***


It Appears That Your Pc Is Clean!


***


Clean up:


***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.

===================================

Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
:step2: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
:step3: Use only one anti-virus software and keep it up-to-date.

:step4: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step5: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step6: Use Strong passwords!

:step7: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 tronk

tronk
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 11 January 2017 - 10:55 PM

Jo,

 

Thank you so very much for your help!  I had no idea just how infected my laptop was, and it is running much faster and more smoothly now.  Thank you again!

 

-Trent






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users