Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Originally infection made multiple hidden partitions


  • This topic is locked This topic is locked
3 replies to this topic

#1 vitesselt

vitesselt

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:47 AM

Posted 12 March 2017 - 11:14 AM

Physical Drive 1 -- Win 8.1 (64 bit) operating system got infection that made multiple hidden partitions

Physical Drive 2 -- Where I store all my files

Physical Drive 3 -- Bought new drive to replace Drive 1 with Win 8.1 (64 bit) operating system

 

Have reinstalled Win 8.1 (64 bit) operating system on new drive (3). Am still installing my applications.

 

Need files from Drive 1 windows, user, and root drive for new drive. Parked them temporarily on D Drive. Ran all kids of virus, Malware, etc. before placing on new C Drive. I transferred some of the parked files from Drive 2 onto new Drive 3.

Have continued to run virus, Malware, etc applications.  GMER discovered all One Drive files were bad--Deleted from Drives 2 and 3.  Continued to run virus, Malware, etc applications on both drives.  Bad registry keys still showing up (see below) and many of the applications I got from Bleeping (AdwDNSUnlocker, AdwCloudguard).

 

Type: Key  Object: 8  Location: HKLM\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\  Details: No admin in ACL

Type: Key  Object: 8  Location: HKLM\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\  Details: No admin in ACL

Type: Key  Object: Upgrade  Location: HKLM\SOFTWARE\Microsoft\Security Center\Svc\  Details: No admin in ACL

Type: Key  Object: DuState  Location: HKLM\SOFTWARE\Microsoft\InputMethod\Jpn\  Details: No admin in ACL

 

Half the utilities find something -- half don't.  Lots of stuff came up in GMER.  I have to constantly clean my hosts file because something keeps putting junk back in it. Defender stalls while updating and never finishes.

 

Have attached FRST files to this post--FRST report is below.  Thanks.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2017 01
Ran by Laurie (administrator) on CYBERTRON-II (11-03-2017 16:33:45)
Running from C:\Users\Laurie\Desktop
Loaded Profiles: Laurie (Available Profiles: Laurie)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\MB3Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
(Safer-Networking Ltd.) C:\Users\Laurie\Desktop\INSTALLS\SpybotPortable\App\Spybot\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Safer-Networking Ltd.) C:\Users\Laurie\Desktop\INSTALLS\SpybotPortable\App\Spybot\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(McAfee, Inc.) C:\Program Files\McAfee\Real Protect\RealProtect.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
() C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
(EnTech Taiwan) C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
(PortableApps.com) C:\Users\Laurie\Desktop\SpybotPortable\SpybotPortable\SpybotPortable.exe
(PortableApps.com) C:\Users\Laurie\Desktop\SpybotPortable\SpybotPortable\SpybotPortable.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\RogueKiller\RogueKiller64.exe
(McAfee Inc) C:\Users\Laurie\Desktop\Stinger32.exe
(Safer-Networking Ltd.) C:\Users\Laurie\Desktop\SpybotPortable\SpybotPortable\App\Spybot\SDRootAlyzer.exe
(Safer-Networking Ltd.) C:\Users\Laurie\Desktop\SpybotPortable\SpybotPortable\App\Spybot\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe
(OldTimer Tools) C:\Users\Laurie\Desktop\OTL.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
HKLM\...\Run: [Malwarebytes Anti-Ransomware] => C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe [722896 2016-08-26] (Malwarebytes)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2650576 2017-02-08] (Malwarebytes Corporation)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)
HKLM\...\RunOnce: [RealProtect] => C:\Program Files\McAfee\Real Protect\RealProtect.exe [6876320 2017-03-11] (McAfee, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-1931429792-2692941331-1152111688-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1231240 2016-11-13] (Ruiware)
HKU\S-1-5-21-1931429792-2692941331-1152111688-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-02-06] (SUPERAntiSpyware)
HKU\S-1-5-21-1931429792-2692941331-1152111688-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5788112 2017-02-08] (SecureMix LLC)
HKU\S-1-5-21-1931429792-2692941331-1152111688-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-11-21] (Microsoft Corporation)
HKU\S-1-5-21-1931429792-2692941331-1152111688-1001\...\Run: [OpenDNS Updater] => C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk [2017-03-05]
ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2017-03-10]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{E6C17FAE-E2E0-448A-BD81-FA6A33F04DBB}: [DhcpNameServer] 208.67.222.222 208.67.220.220

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1931429792-2692941331-1152111688-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1931429792-2692941331-1152111688-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://sitecontrol-sp.hostway.com/SiteControl/R03150815/plugins/commons/init.tile?theme=sitecontrol&__$isJsEnabled$=true&tiles-info=-22037745
hxxp://www.ebay.com/
hxxp://newglyphics.com/
hxxps://sitemail.hostway.com/
hxxp://newglyphics.com/
SearchScopes: HKU\S-1-5-21-1931429792-2692941331-1152111688-1001 -> DefaultScope {53522950-7CBA-4F96-AC11-F5E2B65D7740} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1931429792-2692941331-1152111688-1001 -> {53522950-7CBA-4F96-AC11-F5E2B65D7740} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1931429792-2692941331-1152111688-1001 -> {CCD3856D-E744-4AFC-B161-DBD10866A33B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
IE Session Restore: HKU\S-1-5-21-1931429792-2692941331-1152111688-1001 -> is enabled.

FireFox:
========
FF DefaultProfile: o5o5p2j3.default
FF ProfilePath: C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\o5o5p2j3.default [2017-03-11]
FF Session Restore: Mozilla\Firefox\Profiles\o5o5p2j3.default -> is enabled.
FF Extension: (Firefox All Aboard 1.6) - C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\o5o5p2j3.default\Extensions\@all-aboard-v1-6 [2017-03-11]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017-03-06] [not signed]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-06] (Google Inc.)

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S4 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4346320 2017-02-08] (SecureMix LLC)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 LPDSVC; C:\WINDOWS\system32\lpdsvc.dll [48128 2017-03-05] (Microsoft Corporation)
R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MB3Service.exe [3291088 2016-08-26] (Malwarebytes)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155600 2017-02-08] (Malwarebytes Corporation)
S3 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [80144 2015-08-12] (Reason Software Company Inc.)
R2 SDScannerService; C:\Users\Laurie\Desktop\INSTALLS\SpybotPortable\App\Spybot\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Users\Laurie\Desktop\SpybotPortable\SpybotPortable\App\Spybot\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Users\Laurie\Desktop\INSTALLS\SpybotPortable\App\Spybot\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
R2 SNMP; C:\WINDOWS\System32\snmp.exe [50688 2017-03-05] (Microsoft Corporation)
R2 SNMP; C:\WINDOWS\SysWOW64\snmp.exe [46080 2017-03-05] (Microsoft Corporation)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408 2017-03-06] (RaMMicHaeL)
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
S4 VoodooShieldService; "C:\Program Files\VoodooShield\VoodooShieldService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77408 2017-02-08] ()
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36568 2013-09-30] (IObit)
R3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
R0 MB3SwissArmy; C:\WINDOWS\System32\drivers\MB3SwissArmy.sys [228800 2017-03-11] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-03-11] (Malwarebytes)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-02-23] (NVIDIA Corporation)
S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-02-23] (NVIDIA Corporation)
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-03-11] ()
R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [51104 2016-08-02] (USBPcap)
S3 VSScanner; C:\WINDOWS\System32\DRIVERS\vsscanner.sys [29808 2016-08-18] (VoodooSoft, LLC)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [35856 2014-11-21] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [257880 2014-11-21] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-03-06] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-06] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-11 16:33 - 2017-03-11 16:33 - 00016578 _____ C:\Users\Laurie\Desktop\FRST.txt
2017-03-11 16:31 - 2017-03-11 16:33 - 00000000 ____D C:\FRST
2017-03-11 16:30 - 2017-03-11 16:30 - 02424320 _____ (Farbar) C:\Users\Laurie\Desktop\FRST64.exe
2017-03-11 16:00 - 2017-03-11 16:00 - 03563040 _____ C:\Users\Laurie\Desktop\OTL.Txt
2017-03-11 16:00 - 2017-03-11 16:00 - 00056048 _____ C:\Users\Laurie\Desktop\Extras.Txt
2017-03-11 13:27 - 2017-03-11 16:08 - 00000000 __SHD C:\Users\Laurie\AppData\Local\EmieUserList
2017-03-11 13:27 - 2017-03-11 13:45 - 00000000 __SHD C:\Users\Laurie\AppData\Local\EmieSiteList
2017-03-11 13:27 - 2017-03-11 13:45 - 00000000 __SHD C:\Users\Laurie\AppData\Local\EmieBrowserModeList
2017-03-11 12:53 - 2017-03-11 12:53 - 00000000 ____D C:\Users\Laurie\Desktop\data
2017-03-11 12:37 - 2017-03-11 12:37 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-03-11 11:25 - 2017-03-11 11:25 - 00000000 _____ C:\Users\Laurie\Desktop\Stinger_11032017_112516.html
2017-03-11 11:22 - 2013-08-22 05:25 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2017-03-11 11:10 - 2017-03-11 11:10 - 00000000 ____D C:\Users\Laurie\Documents\ProcAlyzer Dumps
2017-03-11 11:05 - 2017-03-11 11:05 - 00001834 _____ C:\Users\Laurie\Desktop\sc-cleaner.txt
2017-03-11 11:04 - 2017-03-11 11:04 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000000-000000.txt
2017-03-11 10:50 - 2017-03-11 10:56 - 00221428 _____ C:\TDSSKiller.3.1.0.12_11.03.2017_10.50.59_log.txt
2017-03-11 10:48 - 2017-03-11 10:48 - 01021748 _____ C:\Users\Laurie\Desktop\runtime.dat
2017-03-11 10:48 - 2017-03-11 10:48 - 00000000 _____ C:\Users\Laurie\Desktop\Stinger_11032017_104849.html
2017-03-11 10:47 - 2017-03-11 10:47 - 00002418 _____ C:\Users\Laurie\Desktop\FixExec.txt
2017-03-11 09:59 - 2017-03-11 10:39 - 00000029 _____ C:\Users\Laurie\Desktop\cports_filter.txt
2017-03-11 09:27 - 2017-03-11 09:27 - 00002036 _____ C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDNS Updater.lnk
2017-03-11 09:27 - 2017-03-11 09:27 - 00000000 ____D C:\Users\Laurie\AppData\Roaming\OpenDNS Updater
2017-03-11 09:27 - 2017-03-11 09:27 - 00000000 ____D C:\Program Files (x86)\OpenDNS Updater
2017-03-11 07:23 - 2017-03-11 07:48 - 00000000 ____D C:\Users\Laurie\AppData\Roaming\Wireshark
2017-03-11 07:03 - 2017-03-11 07:03 - 00001265 _____ C:\Users\Laurie\Desktop\FIX WIN UPDATE.EXE.lnk
2017-03-11 07:02 - 2017-03-11 07:02 - 00001263 _____ C:\Users\Laurie\Desktop\FIX WIN 2.EXE.lnk
2017-03-11 07:01 - 2017-03-11 07:01 - 00001375 _____ C:\Users\Laurie\Desktop\FIX MS SECURITY ESSENT.EXE.lnk
2017-03-11 06:32 - 2017-03-11 06:32 - 00000250 _____ C:\Users\Laurie\Desktop\ENABLE ADMIN ACCOUNT.txt
2017-03-11 06:14 - 2017-03-11 06:14 - 00001002 _____ C:\Users\Laurie\Desktop\View local services - Shortcut.lnk
2017-03-11 05:58 - 2017-03-11 05:58 - 00001798 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2017-03-11 05:56 - 2017-03-11 05:57 - 00000000 ____D C:\Program Files\USBPcap
2017-03-11 05:55 - 2017-03-11 05:55 - 00001611 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2017-03-11 05:55 - 2017-03-11 05:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2017-03-11 05:55 - 2017-03-11 05:55 - 00000000 ____D C:\Program Files (x86)\WinPcap
2017-03-11 05:54 - 2017-03-11 05:59 - 00000000 ____D C:\Program Files\Wireshark
2017-03-10 14:36 - 2017-03-11 10:39 - 00001415 _____ C:\Users\Laurie\Desktop\cports.cfg
2017-03-10 14:05 - 2017-03-10 14:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-03-10 14:05 - 2017-03-10 14:05 - 00000000 ____D C:\Users\Laurie\Documents\ProcAlyzer Dumps.BackupBySpybotPortable
2017-03-10 14:03 - 2017-03-11 11:09 - 00000000 ____D C:\Users\Laurie\Desktop\SpybotPortable
2017-03-10 13:58 - 2017-03-11 11:11 - 00003770 _____ C:\Users\Laurie\Desktop\Rkill.txt
2017-03-10 13:58 - 2017-03-10 13:58 - 00000000 ____D C:\Users\Laurie\Desktop\rkill
2017-03-10 13:55 - 2017-03-10 13:55 - 00190374 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2017-03-10 13:55 - 2017-03-10 13:55 - 00003664 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2017-03-10 13:55 - 2017-03-10 13:55 - 00002179 _____ C:\Users\Laurie\Desktop\Tweaking.com - Windows Repair.lnk
2017-03-10 13:12 - 2017-03-10 13:26 - 00000000 ____D C:\Users\Laurie\Desktop\SYSINTERNALS SUITE
2017-03-10 12:59 - 2017-03-10 12:59 - 00000000 ____D C:\Users\Laurie\Desktop\SPECIAL FOLDERS
2017-03-10 12:55 - 2017-03-10 12:57 - 00001106 _____ C:\Users\Laurie\Desktop\GodModes.bat
2017-03-10 12:24 - 2017-03-10 12:25 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy.BackupBySpybotPortable
2017-03-10 09:17 - 2017-03-10 09:17 - 138020592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-10 08:18 - 2017-03-10 08:18 - 00001105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.3.lnk
2017-03-10 08:18 - 2017-03-10 08:18 - 00000000 ____D C:\Program Files\Microsoft Baseline Security Analyzer 2
2017-03-10 07:55 - 2017-03-10 14:06 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-03-10 07:08 - 2017-03-10 07:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
2017-03-10 07:02 - 2017-03-10 07:02 - 00000000 ____D C:\ProgramData\IObit
2017-03-10 06:23 - 2017-03-10 06:23 - 00001089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2017-03-10 06:16 - 2017-03-10 06:16 - 00000000 ____D C:\Program Files (x86)\Secunia
2017-03-10 06:12 - 2017-03-10 06:12 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\Laurie\Desktop\ADSSpy.exe
2017-03-10 06:07 - 2017-03-10 06:07 - 00457632 _____ (Bleeping Computer, LLC) C:\Users\Laurie\Desktop\FixExec.exe
2017-03-10 05:14 - 2017-03-11 11:04 - 00002032 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2017-03-10 05:03 - 2017-03-10 05:10 - 00426122 _____ C:\TDSSKiller.3.1.0.12_10.03.2017_05.03.51_log.txt
2017-03-10 04:54 - 2017-03-10 04:55 - 00217030 _____ C:\TDSSKiller.3.1.0.12_10.03.2017_04.54.27_log.txt
2017-03-09 14:46 - 2017-03-09 14:46 - 00035840 ___SH C:\Users\Laurie\Desktop\Thumbs.db
2017-03-09 14:46 - 2017-03-09 14:46 - 00001262 _____ C:\Users\Laurie\Desktop\etc - Shortcut.lnk
2017-03-09 14:30 - 2017-03-09 14:30 - 00217872 _____ C:\TDSSKiller.3.1.0.12_09.03.2017_14.30.09_log.txt
2017-03-09 14:27 - 2017-03-09 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-03-09 13:40 - 2017-03-09 13:40 - 00001766 _____ C:\Users\Laurie\Desktop\SUPERAntiSpyware Alternate Start.lnk
2017-03-09 13:16 - 2017-03-09 13:17 - 00217982 _____ C:\TDSSKiller.3.1.0.12_09.03.2017_13.16.40_log.txt
2017-03-09 13:05 - 2017-03-09 13:06 - 00006372 _____ C:\TDSSKiller.3.1.0.12_09.03.2017_13.05.56_log.txt
2017-03-09 11:28 - 2017-03-09 11:28 - 00000000 ____D C:\Quarantine
2017-03-09 10:45 - 2017-03-09 10:45 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-03-09 09:20 - 2016-07-19 11:49 - 00000132 _____ C:\Users\Laurie\AppData\Roaming\Adobe GIF Format CS6 Prefs
2017-03-09 09:18 - 2015-03-10 00:31 - 00000000 ____D C:\Users\Laurie\CS3
2017-03-09 09:07 - 2017-03-09 12:56 - 00000000 ____D C:\Users\Laurie\AppData\Roaming\Thunderbird
2017-03-09 09:07 - 2017-03-09 09:07 - 00000000 ____D C:\Users\Laurie\AppData\Roaming\Samsung
2017-03-09 09:07 - 2017-03-09 09:07 - 00000000 ____D C:\Users\Laurie\AppData\Roaming\iSpring Solutions
2017-03-09 09:07 - 2017-03-09 09:07 - 00000000 ____D C:\Users\Laurie\AppData\Roaming\Hemera
2017-03-09 09:07 - 2017-03-09 09:07 - 00000000 ____D C:\Users\Laurie\AppData\Roaming\FUJIFILM
2017-03-09 09:07 - 2017-03-09 09:07 - 00000000 ____D C:\Users\Laurie\AppData\Roaming\Epson
2017-03-09 09:07 - 2017-03-09 09:07 - 00000000 ____D C:\Users\Laurie\AppData\Roaming\com.twc.voicezoneconnect
2017-03-09 09:07 - 2017-03-09 09:07 - 00000000 ____D C:\Users\Laurie\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2017-03-09 09:07 - 2017-03-09 09:07 - 00000000 ____D C:\Users\Laurie\AppData\Roaming\chc
2017-03-09 09:07 - 2017-03-09 09:07 - 00000000 ____D C:\Users\Laurie\AppData\Roaming\Amazon Cloud Drive
2017-03-09 09:07 - 2017-03-09 09:07 - 00000000 ____D C:\Users\Laurie\AppData\Roaming\Alien Skin
2017-03-09 09:07 - 2017-02-24 10:39 - 00000132 _____ C:\Users\Laurie\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-03-09 09:01 - 2017-03-09 09:01 - 00000000 ____D C:\Users\Laurie\AppData\LocalLow\Adobe
2017-03-09 08:52 - 2017-03-09 08:52 - 00000000 ____D C:\Users\Laurie\AppData\Local\Office
2017-03-09 08:50 - 2016-02-05 07:46 - 00001456 _____ C:\Users\Laurie\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-03-09 08:48 - 2017-03-09 08:50 - 00000000 ____D C:\Users\Laurie\AppData\Local\Thunderbird
2017-03-09 08:48 - 2017-03-09 08:48 - 00000000 ____D C:\Users\Laurie\AppData\Local\Stamps.com
2017-03-09 08:48 - 2017-03-09 08:48 - 00000000 ____D C:\Users\Laurie\AppData\Local\CutePDF Writer
2017-03-09 08:31 - 2017-03-09 12:57 - 00000000 ____D C:\Program Files (x86)\VoiceZoneConnect
2017-03-09 08:31 - 2017-03-09 12:57 - 00000000 ____D C:\Program Files (x86)\Stamps.com Web Postage Plug-in
2017-03-09 08:31 - 2017-03-09 12:57 - 00000000 ____D C:\Program Files (x86)\Samsung
2017-03-09 08:31 - 2017-03-09 12:57 - 00000000 ____D C:\Program Files (x86)\Microsoft GIF Animator
2017-03-09 08:31 - 2017-03-09 08:31 - 00000000 ____D C:\Program Files (x86)\Samsung Printers
2017-03-09 08:31 - 2017-03-09 08:31 - 00000000 ____D C:\Program Files (x86)\iSpring
2017-03-09 08:31 - 2017-03-09 08:31 - 00000000 ____D C:\Program Files (x86)\FinePixViewer
2017-03-09 08:27 - 2017-03-09 08:31 - 00000000 ____D C:\Program Files (x86)\Epson Software
2017-03-09 07:53 - 2017-03-09 08:23 - 00000000 ____D C:\Program Files (x86)\CS6
2017-03-09 07:39 - 2017-03-09 08:45 - 00000000 ____D C:\Users\Laurie\AppData\Local\Adobe
2017-03-09 07:25 - 2017-03-09 07:52 - 00000000 ____D C:\Program Files (x86)\CS3
2017-03-09 07:07 - 2017-03-09 07:12 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-03-09 07:07 - 2017-03-09 07:07 - 00000000 ____D C:\Program Files (x86)\Acro Software
2017-03-09 07:06 - 2017-03-09 12:58 - 00000000 ____D C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
2017-03-09 07:02 - 2017-03-09 07:06 - 00000000 ____D C:\Program Files (x86)\ArcSoft
2017-03-09 06:17 - 2017-03-09 06:37 - 00000000 ____D C:\Program Files\CS6
2017-03-09 06:13 - 2017-03-09 12:57 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-03-09 06:10 - 2017-03-09 06:11 - 00000000 ___DC C:\Users\Laurie\AppData\Local\MigWiz
2017-03-08 10:35 - 2017-03-08 10:36 - 00007718 _____ C:\TDSSKiller.3.1.0.12_08.03.2017_10.35.40_log.txt
2017-03-08 09:46 - 2017-03-08 09:46 - 00002129 _____ C:\Users\Laurie\Desktop\WinPatrol Explorer.lnk
2017-03-08 09:38 - 2017-03-08 09:38 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-CYBERTRON-II-Microsoft-Windows-8.1-(64-bit).dat
2017-03-08 09:38 - 2017-03-08 09:38 - 00000000 ____D C:\RegBackup
2017-03-08 09:21 - 2017-03-08 09:21 - 00001139 _____ C:\Users\Laurie\Desktop\Windows.Defender.lnk
2017-03-08 09:00 - 2017-03-08 09:01 - 00006372 _____ C:\TDSSKiller.3.1.0.12_08.03.2017_09.00.20_log.txt
2017-03-08 08:34 - 2017-03-07 07:02 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Laurie\Desktop\rkill.exe
2017-03-08 08:12 - 2017-02-15 14:15 - 00187088 _____ (NirSoft) C:\Users\Laurie\Desktop\cports.exe
2017-03-08 08:10 - 2017-02-02 12:39 - 01452200 _____ (Sysinternals - www.sysinternals.com) C:\Users\Laurie\Desktop\procexp64.exe
2017-03-08 08:09 - 2017-03-06 07:11 - 00001303 _____ C:\Users\Laurie\Desktop\Hosts-perm-bat.txt
2017-03-08 08:09 - 2017-03-06 07:10 - 00000194 _____ C:\Users\Laurie\Desktop\hosts-perm.bat
2017-03-08 07:42 - 2017-03-08 07:43 - 00219562 _____ C:\TDSSKiller.3.1.0.12_08.03.2017_07.42.33_log.txt
2017-03-08 07:40 - 2017-03-08 09:36 - 00000000 ___RD C:\Users\Laurie\Desktop\MISC
2017-03-08 07:33 - 2017-03-11 10:58 - 00000000 ____D C:\Users\Laurie\Desktop\INSTALLS
2017-03-08 06:49 - 2016-10-27 17:22 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-03-07 07:36 - 2017-03-11 16:02 - 00000000 ____D C:\Users\Laurie\Desktop\REPORTS
2017-03-07 07:29 - 2017-03-11 11:37 - 00000000 ____D C:\Users\Laurie\Desktop\CLEAN HOSTS FILE
2017-03-07 06:23 - 2017-03-07 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-03-07 06:23 - 2017-03-07 06:23 - 00000000 ____D C:\WINDOWS\PCHEALTH
2017-03-07 06:22 - 2017-03-07 15:50 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-03-07 06:21 - 2017-03-07 06:21 - 00000000 ____D C:\Program Files\Microsoft Office
2017-03-07 06:21 - 2017-03-07 06:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2017-03-07 06:20 - 2017-03-07 06:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-07 06:20 - 2017-03-07 06:20 - 00000000 __RHD C:\MSOCache
2017-03-07 06:20 - 2017-03-07 06:20 - 00000000 ____D C:\Users\Laurie\AppData\Local\Microsoft Help
2017-03-07 05:55 - 2014-12-03 12:08 - 00000000 ____D C:\Users\Laurie\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2017-03-07 05:54 - 2017-03-11 06:32 - 00000000 ____D C:\Users\Laurie\Desktop\HOW TOs
2017-03-06 15:05 - 2017-03-06 15:08 - 00226530 _____ C:\TDSSKiller.3.1.0.12_06.03.2017_15.05.29_log.txt
2017-03-06 14:42 - 2017-03-09 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2017-03-06 14:42 - 2017-03-06 14:42 - 00001917 _____ C:\Users\Laurie\Desktop\GlassWire.lnk
2017-03-06 14:42 - 2017-03-06 14:42 - 00000000 ____D C:\Users\Laurie\AppData\Local\GlassWire
2017-03-06 14:41 - 2017-03-09 12:58 - 00000000 ____D C:\Program Files (x86)\GlassWire
2017-03-06 14:41 - 2017-03-06 14:41 - 00000000 ____D C:\ProgramData\GlassWire
2017-03-06 14:41 - 2015-05-28 20:30 - 00008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat
2017-03-06 14:41 - 2015-05-28 20:15 - 00033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2017-03-06 14:37 - 2017-03-06 14:37 - 00000000 ____D C:\Program Files (x86)\IObit
2017-03-06 14:25 - 2017-03-09 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery 7.0
2017-03-06 14:14 - 2014-06-19 11:17 - 00414720 _____ C:\Users\Laurie\Desktop\GiveMePower.exe
2017-03-06 14:12 - 2017-03-06 14:13 - 00016442 _____ C:\WINDOWS\Tweaking.com - Technicians Toolbox Setup Log.txt
2017-03-06 14:09 - 2017-03-10 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-03-06 14:09 - 2017-03-10 13:55 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-03-06 14:08 - 2017-03-06 14:09 - 00022322 _____ C:\WINDOWS\Tweaking.com - Simple System Tweaker Setup Log.txt
2017-03-06 14:05 - 2017-03-06 11:29 - 00865272 _____ (Panda Security ) C:\Users\Laurie\Desktop\usbvaccine.exe
2017-03-06 14:05 - 2017-03-05 10:04 - 00300832 _____ (Sysinternals - www.sysinternals.com) C:\Users\Laurie\Desktop\Tcpview.exe
2017-03-06 13:17 - 2017-03-06 13:19 - 00225222 _____ C:\TDSSKiller.3.1.0.12_06.03.2017_13.17.22_log.txt
2017-03-06 11:39 - 2013-05-02 07:54 - 01020272 _____ C:\Users\Laurie\Desktop\GrantPerms64.exe
2017-03-06 11:32 - 2017-03-09 12:58 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2017-03-06 11:32 - 2017-03-06 11:32 - 00003072 _____ C:\WINDOWS\System32\Tasks\PandaUSBVaccine
2017-03-06 11:32 - 2017-03-06 11:32 - 00000000 ____D C:\ProgramData\Panda Security
2017-03-06 11:32 - 2017-03-06 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2017-03-06 11:25 - 2017-03-09 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield
2017-03-06 11:25 - 2016-08-18 17:17 - 00029808 _____ (VoodooSoft, LLC) C:\WINDOWS\system32\Drivers\vsscanner.sys
2017-03-06 10:37 - 2017-03-08 08:04 - 00001098 _____ C:\Users\Laurie\Desktop\MALWARE BYTES ANTI ROOT KIT.lnk
2017-03-06 10:25 - 2017-03-11 11:04 - 00228800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MB3SwissArmy.sys
2017-03-06 10:25 - 2017-03-11 11:04 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-06 10:25 - 2017-03-06 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-06 10:25 - 2017-03-06 10:25 - 00000000 ____D C:\ProgramData\MalwarebytesARW
2017-03-06 10:25 - 2017-03-06 10:25 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-06 10:11 - 2017-03-06 10:11 - 00001060 _____ C:\Users\Laurie\Desktop\Malwarebytes Anti-Exploit.lnk
2017-03-06 10:04 - 2017-03-06 10:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-06 10:03 - 2017-03-11 11:42 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-06 10:03 - 2017-03-11 11:07 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-06 10:03 - 2017-03-11 11:07 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-03-06 10:00 - 2017-03-11 14:44 - 00000000 ____D C:\Users\Laurie\AppData\Local\CrashDumps
2017-03-06 10:00 - 2017-03-08 06:54 - 00003544 _____ C:\WINDOWS\System32\Tasks\ReasonSecurityScheduledScan
2017-03-06 10:00 - 2017-03-06 10:00 - 00003420 _____ C:\WINDOWS\System32\Tasks\ReasonSecurityStart
2017-03-06 09:59 - 2017-03-09 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2017-03-06 09:59 - 2017-03-06 09:59 - 00000000 ____D C:\Program Files\Reason
2017-03-06 09:42 - 2017-03-11 09:54 - 00000000 ____D C:\Users\Laurie\AppData\LocalLow\Mozilla
2017-03-06 09:42 - 2017-03-06 09:48 - 00000000 ____D C:\Users\Laurie\AppData\Local\Mozilla
2017-03-06 09:42 - 2017-03-06 09:42 - 00000000 ____D C:\Users\Laurie\AppData\Roaming\Mozilla
2017-03-06 08:58 - 2017-03-06 09:06 - 00000000 ____D C:\SUPERDelete
2017-03-06 08:49 - 2017-03-06 08:49 - 00000000 ____D C:\Users\Laurie\AppData\Roaming\SUPERAntiSpyware.com
2017-03-06 08:48 - 2017-03-11 10:54 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-03-06 08:48 - 2017-03-06 08:48 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-03-06 08:48 - 2017-03-06 08:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-03-06 08:33 - 2017-03-11 16:33 - 00899257 _____ C:\WINDOWS\ZAM.krnl.trace
2017-03-06 08:33 - 2017-03-11 16:33 - 00124094 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-03-06 08:33 - 2017-03-09 14:27 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-03-06 08:33 - 2017-03-06 08:33 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-03-06 08:33 - 2017-03-06 08:33 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-03-06 08:28 - 2017-03-06 08:33 - 00000000 ____D C:\Users\Laurie\AppData\Local\Zemana
2017-03-06 08:28 - 2017-03-06 08:28 - 00000000 ____D C:\Users\Laurie\AppData\Local\AntiLogger Free
2017-03-06 08:28 - 2017-03-06 08:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2017-03-06 08:28 - 2017-03-06 08:28 - 00000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
2017-03-06 08:28 - 2017-03-06 08:28 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2017-03-06 08:28 - 2015-11-05 15:00 - 00143904 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\KeyCrypt64.sys
2017-03-06 08:21 - 2017-03-06 08:21 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-03-06 08:21 - 2017-03-06 08:21 - 00000000 ____D C:\Program Files\MSBuild
2017-03-06 08:21 - 2017-03-06 08:21 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-03-06 08:21 - 2017-03-06 08:21 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-03-06 08:21 - 2013-08-02 20:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-03-06 08:21 - 2013-08-02 20:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-03-06 08:21 - 2013-08-02 20:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-03-06 08:21 - 2013-08-02 20:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-03-06 08:21 - 2013-08-02 20:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-03-06 08:21 - 2013-08-02 20:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-03-06 08:20 - 2017-03-06 08:20 - 00003300 _____ C:\WINDOWS\System32\Tasks\{E26D348B-4A0F-4543-9916-5DA10FBAF541}
2017-03-06 07:59 - 2017-03-06 07:59 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2017-03-06 07:58 - 2017-03-06 07:59 - 00000000 ____D C:\Users\Laurie\AppData\Roaming\Logitech
2017-03-06 07:58 - 2017-03-06 07:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-03-06 07:58 - 2017-03-06 07:59 - 00000000 ____D C:\ProgramData\Logishrd
2017-03-06 07:58 - 2017-03-06 07:59 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2017-03-06 07:58 - 2017-03-06 07:58 - 00000000 ____D C:\Users\Laurie\AppData\Roaming\Logishrd
2017-03-06 07:58 - 2017-03-06 07:58 - 00000000 ____D C:\Program Files\Logitech
2017-03-06 07:52 - 2017-03-07 08:34 - 00002268 ____H C:\Users\Laurie\Documents\Default.rdp
2017-03-06 07:21 - 2017-03-06 07:20 - 00465536 _____ (Bleeping Computer, LLC) C:\Users\Laurie\Desktop\ShortcutCleaner.exe
2017-03-06 07:08 - 2017-03-06 07:08 - 00602112 _____ (OldTimer Tools) C:\Users\Laurie\Desktop\OTL.exe
2017-03-06 07:03 - 2017-03-06 07:01 - 01153912 _____ (Emsi Software GmbH) C:\Users\Laurie\Desktop\DANGEROUS BlitzBlank.exe
2017-03-06 07:00 - 2017-03-11 11:24 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-03-06 06:59 - 2017-03-06 06:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-06 06:59 - 2017-03-06 06:59 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-06 06:58 - 2017-03-09 12:58 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-06 06:55 - 2017-03-06 06:49 - 04031440 _____ C:\Users\Laurie\Desktop\MB AdwCleaner.exe
2017-03-06 06:49 - 2017-03-11 11:08 - 00000000 ____D C:\AdwCleaner
2017-03-06 06:47 - 2017-03-06 06:48 - 00207088 _____ C:\TDSSKiller.3.1.0.12_06.03.2017_06.47.40_log.txt
2017-03-06 06:45 - 2017-03-04 14:38 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Laurie\Desktop\TDSkiller.exe
2017-03-06 06:44 - 2017-03-06 06:42 - 01663736 _____ (Malwarebytes) C:\Users\Laurie\Desktop\MB JunkWareRemovalTool.exe
2017-03-06 06:44 - 2017-03-04 15:15 - 15630496 _____ (McAfee Inc) C:\Users\Laurie\Desktop\Stinger32.exe
2017-03-06 06:44 - 2017-03-04 14:32 - 00452424 _____ (Bleeping Computer, LLC) C:\Users\Laurie\Desktop\ListCWall.exe
2017-03-06 06:39 - 2017-03-11 08:21 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-03-06 06:39 - 2017-03-09 12:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2017-03-06 06:39 - 2017-03-06 06:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2017-03-06 06:37 - 2017-03-06 06:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2017-03-06 06:37 - 2017-03-06 06:41 - 00000000 ____D C:\ProgramData\InstallMate
2017-03-06 06:37 - 2017-03-06 06:40 - 00000000 ____D C:\Users\Laurie\AppData\Roaming\WinPatrol
2017-03-06 06:37 - 2017-03-06 06:37 - 00000000 ____D C:\Program Files (x86)\Ruiware
2017-03-06 06:36 - 2017-03-06 06:59 - 00000000 ____D C:\ProgramData\Unchecky
2017-03-06 06:36 - 2017-03-06 06:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2017-03-06 06:35 - 2017-03-06 06:36 - 00000000 ____D C:\Program Files (x86)\Unchecky
2017-03-06 06:30 - 2017-03-09 12:53 - 00000000 ____D C:\Users\Laurie\AppData\Roaming\Opera Software
2017-03-06 06:30 - 2017-03-06 06:30 - 00003834 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1488810609
2017-03-06 06:30 - 2017-03-06 06:30 - 00001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-03-06 06:30 - 2017-03-06 06:30 - 00000000 ____D C:\Users\Laurie\AppData\Local\Opera Software
2017-03-06 06:29 - 2017-03-10 14:07 - 00002291 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-06 06:29 - 2017-03-06 06:30 - 00000000 ____D C:\Program Files\Opera
2017-03-06 06:28 - 2017-03-09 12:53 - 00000000 ____D C:\Users\Laurie\AppData\Local\Google
2017-03-06 06:28 - 2017-03-09 12:53 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-06 06:28 - 2017-03-06 06:28 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-06 06:28 - 2017-03-06 06:28 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-06 06:27 - 2017-03-11 11:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-06 06:27 - 2017-03-11 11:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-06 06:27 - 2017-03-06 06:27 - 00001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-05 16:15 - 2017-03-05 16:15 - 00000000 ____D C:\Users\Laurie\AppData\Roaming\Sun
2017-03-05 16:15 - 2017-03-05 16:15 - 00000000 ____D C:\Users\Laurie\AppData\LocalLow\Sun
2017-03-05 16:14 - 2017-03-05 16:15 - 00000000 ____D C:\ProgramData\Oracle
2017-03-05 16:02 - 2017-03-10 05:06 - 00000000 ____D C:\Program Files (x86)\stinger
2017-03-05 16:02 - 2017-03-05 16:02 - 00000000 ____D C:\Program Files\McAfee
2017-03-05 16:01 - 2017-03-05 16:06 - 00202854 _____ C:\TDSSKiller.3.1.0.12_05.03.2017_16.01.40_log.txt
2017-03-05 15:54 - 2017-03-05 15:54 - 00000118 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-05 15:53 - 2017-03-05 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2017-03-05 15:53 - 2017-03-05 15:53 - 00000000 ____D C:\Program Files (x86)\epson
2017-03-05 15:53 - 2015-12-04 00:00 - 00291328 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxuindd.dll
2017-03-05 15:53 - 2015-12-04 00:00 - 00262144 _____ (Seiko Epson Corporation) C:\WINDOWS\SysWOW64\esintdd.dll
2017-03-05 15:53 - 2012-08-08 00:00 - 00094208 _____ (Seiko Epson Corporation.) C:\WINDOWS\system32\esxw2_dd.dll
2017-03-05 15:53 - 2012-03-26 01:00 - 00065793 _____ C:\WINDOWS\system32\esfwdd.bin
2017-03-05 15:53 - 2009-10-16 00:00 - 00132560 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esdevapp.exe
2017-03-05 15:53 - 2009-10-16 00:00 - 00013824 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxcdev.dll
2017-03-05 15:48 - 2017-03-09 14:13 - 00000000 ____D C:\Users\Laurie\AppData\Local\NVIDIA Corporation
2017-03-05 15:48 - 2017-02-23 10:32 - 00156608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-03-05 15:48 - 2017-02-23 10:32 - 00124352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-03-05 15:48 - 2017-02-23 10:32 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-03-05 15:48 - 2017-02-23 10:32 - 00046016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-03-05 15:48 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2017-03-05 15:48 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2017-03-05 15:48 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2017-03-05 15:48 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2017-03-05 15:48 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2017-03-05 15:48 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2017-03-05 15:46 - 2017-03-05 15:46 - 00000000 ____D C:\Users\Laurie\AppData\Roaming\Macromedia
2017-03-05 15:42 - 2017-03-05 15:42 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-03-05 15:41 - 2017-03-05 15:41 - 00000000 ____D C:\Users\Laurie\AppData\Local\CEF
2017-03-05 15:39 - 2017-03-05 15:51 - 00000000 ___DC C:\WINDOWS\Panther
2017-03-05 15:39 - 2017-03-05 15:39 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2017-03-05 15:38 - 2017-03-11 11:04 - 00000000 __SHD C:\Users\Laurie\IntelGraphicsProfiles
2017-03-05 15:38 - 2017-03-09 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-03-05 15:38 - 2017-03-05 15:38 - 00000401 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2017-03-05 15:38 - 2017-03-05 15:38 - 00000000 ____D C:\ProgramData\Dell
2017-03-05 15:31 - 2017-03-05 15:31 - 00000000 ____D C:\Users\Laurie\Downloads\Intel Components
2017-03-05 15:31 - 2017-03-05 15:31 - 00000000 ____D C:\ProgramData\IntelDLM
2017-03-05 15:30 - 2017-03-11 05:54 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-05 15:30 - 2017-03-05 15:34 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2017-03-05 15:30 - 2017-03-05 15:30 - 00003210 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2017-03-05 15:30 - 2017-03-05 15:30 - 00000000 ____D C:\WINDOWS\System32\Tasks\Intel
2017-03-05 15:30 - 2017-03-05 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-03-05 15:30 - 2017-03-05 15:30 - 00000000 ____D C:\ProgramData\Intel
2017-03-05 15:30 - 2017-03-05 15:30 - 00000000 ____D C:\Program Files\Intel Driver Update Utility
2017-03-05 15:30 - 2016-10-18 17:14 - 00021984 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
2017-03-05 15:25 - 2017-03-10 09:25 - 00000000 ____D C:\Users\Laurie\AppData\Local\ElevatedDiagnostics
2017-03-05 15:14 - 2017-03-05 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Display Manager
2017-03-05 15:14 - 2017-03-05 15:14 - 00000000 ____D C:\Program Files (x86)\Dell
2017-03-05 15:13 - 2017-03-05 15:13 - 00000000 ____D C:\Dell
2017-03-05 14:38 - 2017-03-10 05:15 - 00000000 ____D C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2017-03-05 14:38 - 2017-03-05 14:38 - 00000000 ____D C:\Users\Laurie\AppData\Local\Deployment
2017-03-05 14:38 - 2017-03-05 14:38 - 00000000 ____D C:\Users\Laurie\AppData\Local\Apps\2.0
2017-03-05 14:26 - 2017-03-05 14:26 - 00000067 _____ C:\WINDOWS\VSWizard.ini
2017-03-05 14:23 - 2016-12-29 04:44 - 06386232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-03-05 14:23 - 2016-12-29 04:44 - 02477624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-03-05 14:23 - 2016-12-29 04:44 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-03-05 14:23 - 2016-12-29 04:44 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-03-05 14:23 - 2016-12-29 04:44 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-03-05 14:23 - 2016-12-29 04:44 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-03-05 14:23 - 2016-12-29 04:44 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-03-05 14:23 - 2016-12-29 04:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-03-05 14:23 - 2016-12-18 23:26 - 07651057 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-03-05 14:22 - 2017-03-10 04:59 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-05 14:22 - 2017-03-09 14:13 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-05 14:22 - 2017-03-09 14:13 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-05 14:22 - 2017-03-09 14:13 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-05 14:21 - 2017-03-05 15:38 - 00000000 ____D C:\Intel
2017-03-05 14:21 - 2017-03-05 15:30 - 00000000 ____D C:\Program Files\Intel
2017-03-05 14:21 - 2017-03-05 14:21 - 00000000 ____D C:\Program Files (x86)\Intel
2017-03-05 14:21 - 2015-08-09 04:50 - 00096752 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-03-05 14:21 - 2015-08-09 04:50 - 00092648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-03-05 14:20 - 2017-03-11 16:02 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1931429792-2692941331-1152111688-1001
2017-03-05 14:18 - 2017-03-11 11:05 - 00000000 ___DO C:\Users\Laurie\OneDrive
2017-03-05 14:16 - 2017-03-11 13:09 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-05 14:15 - 2017-03-11 15:57 - 00000000 ____D C:\Users\Laurie\AppData\Local\Packages
2017-03-05 14:15 - 2017-03-11 15:01 - 00000000 ____D C:\Users\Laurie
2017-03-05 14:15 - 2017-03-09 09:27 - 00000000 ____D C:\Users\Laurie\AppData\Roaming\Adobe
2017-03-05 14:15 - 2017-03-05 14:15 - 00001446 _____ C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-05 14:15 - 2017-03-05 14:15 - 00000020 ___SH C:\Users\Laurie\ntuser.ini
2017-03-05 14:15 - 2017-03-05 14:15 - 00000000 _SHDL C:\Users\Laurie\My Documents
2017-03-05 14:15 - 2017-03-05 14:15 - 00000000 _SHDL C:\Users\Laurie\Documents\My Videos
2017-03-05 14:15 - 2017-03-05 14:15 - 00000000 _SHDL C:\Users\Laurie\Documents\My Pictures
2017-03-05 14:15 - 2017-03-05 14:15 - 00000000 _SHDL C:\Users\Laurie\Documents\My Music
2017-03-05 14:15 - 2017-03-05 14:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-03-05 14:15 - 2017-03-05 14:15 - 00000000 ____D C:\Users\Laurie\AppData\Local\VirtualStore
2017-03-05 14:15 - 2014-11-21 00:52 - 00000369 _____ C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2017-03-05 14:15 - 2014-11-21 00:52 - 00000369 _____ C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-11 15:57 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-11 13:08 - 2013-08-22 07:36 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-11 11:11 - 2014-11-21 00:44 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-11 11:11 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\Inf
2017-03-11 11:04 - 2013-08-22 06:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-11 11:02 - 2013-08-22 05:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-03-11 00:12 - 2013-08-22 07:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-10 10:07 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2017-03-10 06:48 - 2013-08-22 07:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-09 14:47 - 2013-08-22 05:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2017-03-09 12:59 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\WinStore
2017-03-09 12:58 - 2014-11-21 00:25 - 00000000 ____D C:\WINDOWS\ShellNew
2017-03-09 12:58 - 2014-11-21 00:25 - 00000000 ____D C:\Program Files\Windows Journal
2017-03-09 12:58 - 2013-08-22 07:36 - 00000000 __RSD C:\WINDOWS\Media
2017-03-09 12:58 - 2013-08-22 07:36 - 00000000 ___RD C:\WINDOWS\ToastData
2017-03-09 12:58 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2017-03-09 12:58 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2017-03-09 12:58 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\et-EE
2017-03-09 12:58 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2017-03-09 12:58 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\rescache
2017-03-09 12:58 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-03-09 12:58 - 2013-08-22 07:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-03-09 12:58 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-03-09 12:54 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-09 12:54 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-09 12:54 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\registration
2017-03-07 15:50 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-03-07 10:39 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-06 14:59 - 2016-03-11 14:53 - 00380928 _____ C:\Users\Laurie\Desktop\gImIeIr.exe
2017-03-06 07:58 - 2013-08-22 07:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-05 15:43 - 2013-08-22 06:44 - 00337808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-05 15:39 - 2013-08-22 07:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2017-03-05 15:35 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\setup
2017-03-05 15:34 - 2014-11-21 01:17 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpdsvc.dll
2017-03-05 15:34 - 2014-11-21 01:17 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\lprmon.dll
2017-03-05 15:34 - 2013-08-22 03:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntcmd.exe
2017-03-05 15:34 - 2013-08-22 03:33 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmpmib.dll
2017-03-05 15:34 - 2013-08-22 03:32 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\lprhelp.dll
2017-03-05 15:34 - 2013-08-22 03:31 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntwin.exe
2017-03-05 15:34 - 2013-08-22 03:31 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntagnt.dll
2017-03-05 15:34 - 2013-08-22 03:31 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
2017-03-05 15:34 - 2013-08-22 03:31 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64mib.dll
2017-03-05 15:34 - 2013-08-22 03:31 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\lprmonui.dll
2017-03-05 15:34 - 2013-08-22 03:31 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpr.exe
2017-03-05 15:34 - 2013-08-22 03:31 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpq.exe
2017-03-05 15:34 - 2013-08-22 03:27 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lmmib2.dll
2017-03-05 15:34 - 2013-08-22 03:20 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\hostmib.dll
2017-03-05 15:34 - 2013-08-22 02:31 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmpsnap.dll
2017-03-05 15:34 - 2013-08-21 22:58 - 00107882 _____ C:\WINDOWS\system32\mib_ii.mib
2017-03-05 15:34 - 2013-08-21 22:58 - 00048593 _____ C:\WINDOWS\system32\hostmib.mib
2017-03-05 15:34 - 2013-08-21 22:58 - 00034317 _____ C:\WINDOWS\system32\msiprip2.mib
2017-03-05 15:34 - 2013-08-21 22:58 - 00030448 _____ C:\WINDOWS\system32\mcastmib.mib
2017-03-05 15:34 - 2013-08-21 22:58 - 00026236 _____ C:\WINDOWS\system32\wins.mib
2017-03-05 15:34 - 2013-08-21 22:58 - 00026100 _____ C:\WINDOWS\system32\lmmib2.mib
2017-03-05 15:34 - 2013-08-21 22:58 - 00022462 _____ C:\WINDOWS\system32\rfc2571.mib
2017-03-05 15:34 - 2013-08-21 22:58 - 00021271 _____ C:\WINDOWS\system32\http.mib
2017-03-05 15:34 - 2013-08-21 22:58 - 00015799 _____ C:\WINDOWS\system32\ipforwd.mib
2017-03-05 15:34 - 2013-08-21 22:58 - 00015032 _____ C:\WINDOWS\system32\authserv.mib
2017-03-05 15:34 - 2013-08-21 22:58 - 00014032 _____ C:\WINDOWS\system32\accserv.mib
2017-03-05 15:34 - 2013-08-21 22:58 - 00013767 _____ C:\WINDOWS\system32\msipbtp.mib
2017-03-05 15:34 - 2013-08-21 22:58 - 00006179 _____ C:\WINDOWS\system32\ftp.mib
2017-03-05 15:34 - 2013-08-21 22:58 - 00004597 _____ C:\WINDOWS\system32\dhcp.mib
2017-03-05 15:34 - 2013-08-21 22:58 - 00004411 _____ C:\WINDOWS\system32\smi.mib
2017-03-05 15:34 - 2013-08-21 20:05 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmpmib.dll
2017-03-05 15:34 - 2013-08-21 20:04 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntcmd.exe
2017-03-05 15:34 - 2013-08-21 20:03 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntagnt.dll
2017-03-05 15:34 - 2013-08-21 20:03 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmp.exe
2017-03-05 15:34 - 2013-08-21 20:02 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntwin.exe
2017-03-05 15:34 - 2013-08-21 20:00 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lmmib2.dll
2017-03-05 15:34 - 2013-08-21 19:53 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hostmib.dll
2017-03-05 15:34 - 2013-08-21 19:15 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmpsnap.dll
2017-03-05 15:34 - 2013-08-21 15:53 - 00107882 _____ C:\WINDOWS\SysWOW64\mib_ii.mib
2017-03-05 15:34 - 2013-08-21 15:53 - 00048593 _____ C:\WINDOWS\SysWOW64\hostmib.mib
2017-03-05 15:34 - 2013-08-21 15:53 - 00034317 _____ C:\WINDOWS\SysWOW64\msiprip2.mib
2017-03-05 15:34 - 2013-08-21 15:53 - 00030448 _____ C:\WINDOWS\SysWOW64\mcastmib.mib
2017-03-05 15:34 - 2013-08-21 15:53 - 00026236 _____ C:\WINDOWS\SysWOW64\wins.mib
2017-03-05 15:34 - 2013-08-21 15:53 - 00026100 _____ C:\WINDOWS\SysWOW64\lmmib2.mib
2017-03-05 15:34 - 2013-08-21 15:53 - 00022462 _____ C:\WINDOWS\SysWOW64\rfc2571.mib
2017-03-05 15:34 - 2013-08-21 15:53 - 00021271 _____ C:\WINDOWS\SysWOW64\http.mib
2017-03-05 15:34 - 2013-08-21 15:53 - 00015799 _____ C:\WINDOWS\SysWOW64\ipforwd.mib
2017-03-05 15:34 - 2013-08-21 15:53 - 00015032 _____ C:\WINDOWS\SysWOW64\authserv.mib
2017-03-05 15:34 - 2013-08-21 15:53 - 00014032 _____ C:\WINDOWS\SysWOW64\accserv.mib
2017-03-05 15:34 - 2013-08-21 15:53 - 00013767 _____ C:\WINDOWS\SysWOW64\msipbtp.mib
2017-03-05 15:34 - 2013-08-21 15:53 - 00006179 _____ C:\WINDOWS\SysWOW64\ftp.mib
2017-03-05 15:34 - 2013-08-21 15:53 - 00004597 _____ C:\WINDOWS\SysWOW64\dhcp.mib
2017-03-05 15:34 - 2013-08-21 15:53 - 00004411 _____ C:\WINDOWS\SysWOW64\smi.mib
2017-03-05 14:23 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\Help
2017-03-05 14:14 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers

==================== Files in the root of some directories =======

2017-03-09 09:20 - 2016-07-19 11:49 - 0000132 _____ () C:\Users\Laurie\AppData\Roaming\Adobe GIF Format CS6 Prefs
2017-03-09 09:07 - 2017-02-24 10:39 - 0000132 _____ () C:\Users\Laurie\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-03-09 08:50 - 2016-02-05 07:46 - 0001456 _____ () C:\Users\Laurie\AppData\Local\Adobe Save for Web 13.0 Prefs

Some files in TEMP:
====================
2017-03-11 11:24 - 2014-11-21 01:15 - 1733952 _____ (Microsoft Corporation) C:\Users\Laurie\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-05 15:40

==================== End of FRST.txt ============================

Attached Files


Edited by vitesselt, 12 March 2017 - 11:32 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:47 PM

Posted 16 March 2017 - 07:56 PM

Greetings vitesselt and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

I do not see any evidence of malicious software on your computer. However, do you recognize this Internet Service Provider?

208.67.220.220 - Hong Kong Hong Kong Opendns Llc
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:47 PM

Posted 19 March 2017 - 08:20 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:47 PM

Posted 21 March 2017 - 09:09 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users