Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 explorer making lots of TCP/IP connections


  • This topic is locked This topic is locked
5 replies to this topic

#1 Garbanzo

Garbanzo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 08 April 2017 - 03:48 PM

Hi,

 

My computer seems to work normally but when I use Windows Resource Monitor to view the network activity I see that Windows Explorer opens many TCP/IP connections. Most of these have no characters in the name, just IP addresses, a few have names like e.g. server2.thegameraccess.com, amazonaws.com, reverse.admeta.com. Clearly Explorer should not be doing this. I ran Malwarebytes Anti-malware and Avira and although Avira said it sound a number of issues the Explorer problem did not go away when I restarted the PC. Avira reported a clean system the next time I ran it.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Admin (administrator) on HYPERION42 (08-04-2017 13:29:20)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin & User1 & User2 & User3 & Test & Common)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.8\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.8\GoogleCrashHandler64.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Kenny Kerr Software) C:\Program Files (x86)\Window Clippings 3\wc.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_23_0_0_185_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2095400 2010-04-15] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1680976 2010-10-28] (Logitech, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [390728 2010-12-06] (Acronis)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602680 2010-07-02] (Hewlett-Packard Company)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5542168 2010-12-06] (Acronis)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2010-10-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [421888 2012-07-04] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] => C:\Program Files (x86)\National Instruments\Shared\NIUninstaller\InstallValidator.exe [265096 2013-06-19] ()
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61936 2017-03-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-03-21] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-613483892-1031195866-154768181-1001\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
HKU\S-1-5-21-613483892-1031195866-154768181-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-613483892-1031195866-154768181-1001\...\Run: [Window Clippings] => C:\Program Files (x86)\Window Clippings 3\wc.exe [668528 2010-11-26] (Kenny Kerr Software)
HKU\S-1-5-21-613483892-1031195866-154768181-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-613483892-1031195866-154768181-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-613483892-1031195866-154768181-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-613483892-1031195866-154768181-1001\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Admin\AppData\Roaming\Microsoft\Protect\dcd353-70e355-fc8b2744-4a6ae2-13c0.rs" <===== ATTENTION
HKU\S-1-5-21-613483892-1031195866-154768181-1001\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Admin\AppData\Roaming\Microsoft\Protect\dcd353-70e355-fc8b2744-4a6ae2-13c0.rs" <===== ATTENTION
HKU\S-1-5-18\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Admin\AppData\Roaming\Microsoft\Protect\fdf335-b6f336-8da22012-6afcb2-d1c0.rs" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Admin\AppData\Roaming\Microsoft\Protect\fdf335-b6f336-8da22012-6afcb2-d1c0.rs" <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2012-06-10]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk [2011-03-25]
ShortcutTarget: RollerCoaster Tycoon 3 Registration.lnk -> C:\Users\Admin\AppData\Local\Temp\{F0439921-4B72-4FD2-BCD6-1C26B009D88C}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{596622BE-CC38-40E3-BB3E-B68EBCCF4140}: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{B8A6F00F-3910-40EA-A87D-397D4D8F9041}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D479965D-8A02-4520-859C-0C1717A73719}: [DhcpNameServer] 10.8.16.1

Internet Explorer:
==================
HKU\S-1-5-21-613483892-1031195866-154768181-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
SearchScopes: HKLM -> DefaultScope {576CF339-F44E-4CB8-8EE4-F388937DBF49} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {5573492F-0E91-4FDE-8AD3-33EC6D8C367D} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {576CF339-F44E-4CB8-8EE4-F388937DBF49} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {69DD4971-CDDF-4601-B9DE-9CE89700485F} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {DC5F0553-A2E1-49F4-B320-5E235BC2865A} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> DefaultScope {576CF339-F44E-4CB8-8EE4-F388937DBF49} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {5573492F-0E91-4FDE-8AD3-33EC6D8C367D} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {576CF339-F44E-4CB8-8EE4-F388937DBF49} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {69DD4971-CDDF-4601-B9DE-9CE89700485F} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {DC5F0553-A2E1-49F4-B320-5E235BC2865A} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-613483892-1031195866-154768181-1001 -> DefaultScope {576CF339-F44E-4CB8-8EE4-F388937DBF49} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-613483892-1031195866-154768181-1001 -> {5573492F-0E91-4FDE-8AD3-33EC6D8C367D} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-613483892-1031195866-154768181-1001 -> {576CF339-F44E-4CB8-8EE4-F388937DBF49} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-613483892-1031195866-154768181-1001 -> {69DD4971-CDDF-4601-B9DE-9CE89700485F} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-613483892-1031195866-154768181-1001 -> {DC5F0553-A2E1-49F4-B320-5E235BC2865A} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-02-05] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-05] (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-06-03] (Sun Microsystems, Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1259.cab
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\FGAMbtUi.default [not found]
FF Plugin: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-05-05] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-03-09] (DivX,Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.8\npGoogleUpdate3.dll [2017-04-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.8\npGoogleUpdate3.dll [2017-04-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-613483892-1031195866-154768181-1001: @nsroblox.roblox.com/launcher -> C:\Users\Admin\AppData\Local\Roblox\Versions\version-7d9c06d298534e0c\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-613483892-1031195866-154768181-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Admin\AppData\Local\Roblox\Versions\version-7d9c06d298534e0c\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-613483892-1031195866-154768181-1001: SkypePlugin -> C:\Users\Admin\AppData\Local\SkypePlugin\7.6.0.295\npGatewayNpapi.dll [2015-09-14] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-613483892-1031195866-154768181-1001: SkypePlugin64 -> C:\Users\Admin\AppData\Local\SkypePlugin\7.6.0.295\npGatewayNpapi-x64.dll [2015-09-14] (Skype Technologies S.A.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2017-04-08]
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-17]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (Disconnect) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-02-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-06]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-06]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2012-06-10] () [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [487432 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [487432 2017-03-21] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519136 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350120 2017-03-23] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S3 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] ()
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-17] (Realtek Semiconductor Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 disconnect-openvpn; C:\Users\Admin\AppData\Roaming\Disconnect\Disconnect Desktop\nssm.exe [X]
S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176968 2017-03-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148104 2017-03-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-21] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [51248 2017-03-21] (Avira Operations GmbH & Co. KG)
S3 hitmanpro35; C:\Windows\system32\drivers\hitmanpro35.sys [25160 2011-12-17] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2015-11-15] (Riverbed Technology, Inc.)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2015-04-25] () [File not signed]
U3 Unrpstnwete; C:\Windows\system32\drivers\wimmount.sys [22096 2009-07-13] (Microsoft Corporation)
U3 Unrpstnwete; C:\Windows\SysWOW64\drivers\wimmount.sys [19008 2009-07-13] (Microsoft Corporation)
U3 avrdkwpr; C:\Windows\System32\Drivers\avrdkwpr.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-08 13:29 - 2017-04-08 13:29 - 00023571 _____ C:\Users\Admin\Downloads\FRST.txt
2017-04-08 13:29 - 2017-04-08 13:29 - 00000000 ____D C:\FRST
2017-04-08 13:28 - 2017-04-08 13:28 - 02424832 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2017-04-08 00:57 - 2017-04-08 00:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Avira
2017-04-08 00:56 - 2017-04-08 00:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-04-08 00:55 - 2017-03-21 13:01 - 00176968 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-04-08 00:55 - 2017-03-21 13:01 - 00148104 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-04-08 00:55 - 2017-03-21 13:01 - 00078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-04-08 00:55 - 2017-03-21 13:01 - 00051248 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-04-08 00:55 - 2017-03-21 13:01 - 00035328 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-04-08 00:53 - 2017-04-08 00:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-04-08 00:53 - 2017-04-08 00:55 - 00000000 ____D C:\ProgramData\Avira
2017-04-08 00:53 - 2017-04-08 00:55 - 00000000 ____D C:\Program Files (x86)\Avira
2017-04-08 00:53 - 2017-04-08 00:53 - 00001204 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-04-08 00:53 - 2017-04-08 00:53 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2017-04-08 00:42 - 2017-04-08 00:42 - 04740352 _____ (Avira Operations GmbH & Co. KG) C:\Users\Admin\Downloads\avira_en_av_58e8945163384__ws.exe
2017-04-08 00:35 - 2009-06-10 14:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170408-003522.backup
2017-04-07 21:39 - 2017-04-07 21:41 - 631076890 _____ C:\Users\Admin\Desktop\junk.zip
2017-04-06 20:30 - 2017-04-06 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-04-06 20:30 - 2017-04-06 20:30 - 00000000 ____D C:\Program Files\iTunes
2017-04-06 20:30 - 2017-04-06 20:30 - 00000000 ____D C:\Program Files\iPod
2017-04-06 20:29 - 2017-04-06 20:29 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-04-06 20:29 - 2017-04-06 20:29 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-04-06 20:25 - 2017-04-06 20:27 - 257659208 _____ (Apple Inc.) C:\Users\Admin\Downloads\iTunes64Setup.exe
2017-04-06 20:17 - 2017-04-06 20:29 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-04-06 20:17 - 2017-04-06 20:29 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-04-05 17:19 - 2017-04-05 17:59 - 00000160 _____ C:\Users\Admin\Desktop\EH-ipad.txt
2017-04-03 23:01 - 2017-04-03 23:01 - 00094334 _____ C:\Users\Admin\Desktop\MumsInternet.pdf
2017-04-02 13:12 - 2017-04-02 13:12 - 00000972 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk
2017-04-02 13:12 - 2017-04-02 13:12 - 00000000 ____D C:\Users\Admin\AppData\Local\TomTom
2017-04-02 13:12 - 2017-04-02 13:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2017-04-02 13:12 - 2017-04-02 13:12 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V
2017-04-02 13:12 - 2017-04-02 13:12 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect
2017-03-20 21:27 - 2017-03-20 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-20 21:26 - 2017-03-20 21:26 - 00003032 _____ C:\Windows\System32\Tasks\{E7696337-0F8E-40AA-9A64-C02F33C65744}
2017-03-15 07:10 - 2017-03-04 10:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 07:10 - 2017-03-04 09:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-15 07:10 - 2017-03-04 01:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 07:10 - 2017-03-04 01:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 07:10 - 2017-03-04 01:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 07:10 - 2017-03-04 01:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 07:10 - 2017-03-04 01:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 07:10 - 2017-03-04 01:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 07:10 - 2017-03-04 01:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 07:10 - 2017-03-04 00:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 07:10 - 2017-03-04 00:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 07:10 - 2017-03-04 00:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 07:10 - 2017-03-04 00:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 07:10 - 2017-03-04 00:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 07:10 - 2017-03-04 00:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 07:10 - 2017-03-04 00:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 07:10 - 2017-03-04 00:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 07:10 - 2017-03-04 00:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 07:10 - 2017-03-04 00:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 07:10 - 2017-03-04 00:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 07:10 - 2017-03-04 00:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 07:10 - 2017-03-04 00:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 07:10 - 2017-03-04 00:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 07:10 - 2017-03-04 00:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 07:10 - 2017-03-04 00:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 07:10 - 2017-03-04 00:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 07:10 - 2017-03-04 00:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 07:10 - 2017-03-03 23:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 07:10 - 2017-03-03 23:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 07:10 - 2017-03-03 23:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 07:10 - 2017-03-03 23:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 07:10 - 2017-03-03 23:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 07:10 - 2017-03-03 23:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 07:10 - 2017-03-03 23:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 07:10 - 2017-03-03 23:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 07:10 - 2017-03-03 23:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 07:10 - 2017-03-03 21:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-15 07:10 - 2017-03-02 11:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-15 07:10 - 2017-03-02 11:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-15 07:10 - 2017-03-02 11:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-15 07:10 - 2017-03-02 11:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-15 07:10 - 2017-03-02 11:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-15 07:10 - 2017-03-02 11:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-15 07:10 - 2017-03-02 10:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-15 07:10 - 2017-03-02 10:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-15 07:10 - 2017-03-02 10:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-15 07:10 - 2017-03-02 10:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-15 07:10 - 2017-03-02 10:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-15 07:10 - 2017-03-02 10:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-15 07:10 - 2017-03-02 10:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-15 07:10 - 2017-03-02 10:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-15 07:10 - 2017-03-02 10:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-15 07:10 - 2017-03-02 10:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-15 07:10 - 2017-03-02 10:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-15 07:10 - 2017-03-02 10:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-15 07:10 - 2017-03-02 10:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-15 07:10 - 2017-03-02 10:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-15 07:10 - 2017-03-02 10:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-15 07:10 - 2017-03-02 10:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-15 07:10 - 2017-03-02 10:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-15 07:10 - 2017-03-02 10:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-15 07:10 - 2017-03-02 10:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-15 07:10 - 2017-03-02 10:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-15 07:10 - 2017-03-02 09:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-15 07:10 - 2017-03-02 09:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-15 07:10 - 2017-03-02 09:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-15 07:10 - 2017-02-22 16:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 07:10 - 2017-02-22 16:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 07:10 - 2017-02-18 07:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 07:10 - 2017-02-18 07:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-15 07:10 - 2017-02-11 08:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 07:10 - 2017-02-11 08:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 07:10 - 2017-02-11 08:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 07:10 - 2017-02-10 09:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 07:10 - 2017-02-10 09:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 07:10 - 2017-02-10 09:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-15 07:10 - 2017-02-10 09:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-15 07:10 - 2017-02-10 07:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 07:10 - 2017-02-09 09:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-15 07:10 - 2017-02-09 09:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 07:10 - 2017-02-09 09:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-15 07:10 - 2017-02-09 09:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 07:10 - 2017-02-09 09:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 07:10 - 2017-02-09 09:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 07:10 - 2017-02-09 09:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 07:10 - 2017-02-09 09:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 07:10 - 2017-02-09 09:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-15 07:10 - 2017-02-09 09:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 07:10 - 2017-02-09 09:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-15 07:10 - 2017-02-09 09:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-15 07:10 - 2017-02-09 09:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 07:10 - 2017-02-09 09:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 07:10 - 2017-02-09 09:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 07:10 - 2017-02-09 09:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 07:10 - 2017-02-09 09:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 07:10 - 2017-02-09 09:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 07:10 - 2017-02-09 09:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 07:10 - 2017-02-09 09:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 07:10 - 2017-02-09 09:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 07:10 - 2017-02-09 09:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-15 07:10 - 2017-02-09 09:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-15 07:10 - 2017-02-09 09:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-15 07:10 - 2017-02-09 09:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 09:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 07:10 - 2017-02-09 09:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 07:10 - 2017-02-09 09:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 07:10 - 2017-02-09 09:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 07:10 - 2017-02-09 09:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 07:10 - 2017-02-09 08:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-15 07:10 - 2017-02-09 08:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 07:10 - 2017-02-09 08:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 07:10 - 2017-02-09 08:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 07:10 - 2017-02-09 08:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 07:10 - 2017-02-09 08:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 07:10 - 2017-02-09 08:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 07:10 - 2017-02-09 08:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-15 07:10 - 2017-02-09 08:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-15 07:10 - 2017-02-09 08:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-15 07:10 - 2017-02-09 08:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-15 07:10 - 2017-02-09 08:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-15 07:10 - 2017-02-09 08:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-15 07:10 - 2017-02-09 08:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-15 07:10 - 2017-02-09 08:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 08:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 08:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 08:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 07:10 - 2017-02-09 07:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 07:10 - 2017-02-09 07:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 07:10 - 2017-02-06 09:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 07:10 - 2017-01-13 11:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 07:10 - 2017-01-13 11:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 07:10 - 2017-01-13 10:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 07:10 - 2017-01-13 10:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-15 07:10 - 2017-01-11 11:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 07:10 - 2017-01-11 11:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 07:10 - 2017-01-11 10:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 07:10 - 2017-01-11 10:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-15 07:10 - 2017-01-06 11:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 07:10 - 2017-01-06 10:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-15 07:10 - 2016-12-31 08:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-15 07:10 - 2016-12-31 08:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-15 07:10 - 2016-12-31 08:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-15 07:10 - 2016-12-31 08:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-15 07:10 - 2016-12-31 08:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-08 13:24 - 2009-07-13 22:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-08 13:24 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-04-08 13:23 - 2015-09-17 01:05 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2017-04-08 12:58 - 2009-07-13 21:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-08 12:58 - 2009-07-13 21:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-08 12:50 - 2016-03-06 00:06 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2017-04-08 12:50 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-08 12:38 - 2011-01-14 23:10 - 00000000 ____D C:\Temp
2017-04-08 11:41 - 2010-11-02 20:53 - 02936327 ____H C:\Users\Admin\AppData\Local\IconCache.db.backup
2017-04-08 11:01 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\tracing
2017-04-08 00:53 - 2016-03-06 00:38 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-07 23:30 - 2015-03-11 22:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-07 22:22 - 2010-11-02 23:15 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2017-04-07 22:22 - 2010-07-15 13:45 - 00000000 ____D C:\ProgramData\Adobe
2017-04-07 20:31 - 2016-03-01 00:38 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Adblock Plus for IE
2017-04-06 20:30 - 2017-01-07 20:15 - 00000000 ____D C:\Users\Admin\AppData\Roaming\uTorrent
2017-04-06 20:17 - 2015-09-26 16:46 - 00000000 ____D C:\ProgramData\Apple
2017-04-05 17:23 - 2014-10-25 12:51 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-05 17:23 - 2014-10-25 12:51 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-05 17:17 - 2013-05-12 13:20 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-05 17:17 - 2013-05-12 13:20 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-05 16:23 - 2013-07-07 18:34 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2017-04-04 22:59 - 2016-02-07 00:37 - 00000000 ___RD C:\Users\Admin\Dropbox
2017-03-30 09:13 - 2013-05-05 15:00 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2017-03-30 01:34 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-25 18:53 - 2010-11-07 01:36 - 00000034 _____ C:\Windows\SysWOW64\BD7040.DAT
2017-03-20 21:28 - 2010-07-15 13:44 - 00000000 ____D C:\ProgramData\Skype
2017-03-20 21:27 - 2016-01-13 12:14 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-20 21:27 - 2015-09-18 20:12 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-16 04:05 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2017-03-16 03:40 - 2013-03-14 13:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-16 03:40 - 2013-03-14 13:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-16 03:40 - 2009-07-13 21:45 - 00535928 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-16 03:39 - 2014-12-11 04:16 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-16 03:39 - 2014-04-30 17:13 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-16 03:39 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-16 03:24 - 2013-08-15 14:16 - 00000000 ____D C:\Windows\system32\MRT
2017-03-16 03:03 - 2010-11-24 22:08 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-16 03:02 - 2013-03-14 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-10 21:22 - 2015-11-04 00:31 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2017-03-10 01:15 - 2012-06-30 13:51 - 00000000 ____D C:\Users\Admin\Documents\Administrative
2017-03-10 01:02 - 2010-11-12 20:58 - 00000000 ____D C:\Users\Admin\AppData\Local\Microsoft Help

==================== Files in the root of some directories =======

2016-02-22 23:24 - 2016-02-22 23:24 - 0003584 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-01-15 02:04 - 2017-02-11 23:57 - 0007653 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2014-09-03 20:11 - 2014-09-03 20:11 - 0000000 _____ () C:\Users\Admin\AppData\Local\{0928C1DD-7513-44EF-ACD7-09A67E16D408}
2011-12-08 21:38 - 2011-12-08 21:43 - 0011170 ___SH () C:\ProgramData\704011v5a377x666m500h7gxo7i8
2010-09-22 14:43 - 2010-09-22 14:43 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-07-15 14:11 - 2010-07-15 14:12 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-09-22 14:43 - 2010-09-22 14:43 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-07-15 14:07 - 2010-07-15 14:07 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-09-22 14:42 - 2010-09-22 14:42 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-09-22 14:43 - 2010-09-22 14:43 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-07-15 14:06 - 2010-07-15 14:06 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-07-15 14:07 - 2010-07-15 14:11 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-09-22 14:43 - 2010-09-22 14:44 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Files to move or delete:
====================
C:\Users\User3\KochMorseTrainer.exe
C:\Users\User3\Uninstal.exe

Some files in TEMP:
====================
2011-12-02 15:51 - 2010-04-06 12:04 - 1180952 _____ (DivX, Inc. ) C:\Users\User1\AppData\Local\Temp\DivXSetup.exe
2011-12-08 22:03 - 2011-12-08 22:03 - 3800224 ___SH (Adobe Systems, Inc.) C:\Users\User1\AppData\Local\Temp\InstallFlashPlayer.exe
2011-08-24 12:35 - 2013-03-24 18:45 - 0012305 _____ () C:\Users\User1\AppData\Local\Temp\SIntf16.dll
2011-08-24 12:35 - 2013-03-24 18:45 - 0020016 _____ () C:\Users\User1\AppData\Local\Temp\SIntf32.dll
2011-08-24 12:35 - 2013-03-24 18:45 - 0024744 _____ () C:\Users\User1\AppData\Local\Temp\SIntfNT.dll
2007-01-20 05:46 - 2007-01-20 05:46 - 0455600 ____R (Macrovision Corporation) C:\Users\User1\AppData\Local\Temp\_is6A77.exe
2007-01-20 05:46 - 2007-01-20 05:46 - 0455600 ____R (Macrovision Corporation) C:\Users\User1\AppData\Local\Temp\_is8FFA.exe
2007-01-20 05:46 - 2007-01-20 05:46 - 0455600 ____R (Macrovision Corporation) C:\Users\User1\AppData\Local\Temp\_isAD42.exe
2012-11-22 13:10 - 2013-03-03 18:47 - 0012305 _____ () C:\Users\Common\AppData\Local\Temp\SIntf16.dll
2012-11-22 13:10 - 2013-03-03 18:47 - 0020016 _____ () C:\Users\Common\AppData\Local\Temp\SIntf32.dll
2012-11-22 13:10 - 2013-03-03 18:47 - 0024744 _____ () C:\Users\Common\AppData\Local\Temp\SIntfNT.dll
2011-07-09 09:56 - 2010-04-06 12:04 - 1180952 _____ (DivX, Inc. ) C:\Users\Test\AppData\Local\Temp\DivXSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-03 00:54

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:38 AM

Posted 08 April 2017 - 07:18 PM

Welcome. :)

Download the attached file and save it in the same directory FRST64 is saved.

  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

iO5EZayK.png


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Garbanzo

Garbanzo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 08 April 2017 - 10:05 PM

Hi,

 

Thank you so much for replying. I have followed the instructions above and I have to say that now Windows Resource Monitor does not show Explorer as having any network activity at all! I can't say how good that makes me feel. Thank you. The requested logs are below. Assuming that the issue is fixed could you please let me know how nasty it was and exactly which item in the logs represents the fix of the problem? I guess I should change a bunch of passwords at this point!

 

Best Regards,

Garbanzo

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Admin (08-04-2017 19:21:45) Run:1
Running from C:\Users\Admin\Downloads\BleepingComputer
Loaded Profiles: Admin (Available Profiles: Admin & User1 & User2 & User3 & Test & Common)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-613483892-1031195866-154768181-1001\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Admin\AppData\Roaming\Microsoft\Protect\dcd353-70e355-fc8b2744-4a6ae2-13c0.rs" <===== ATTENTION
HKU\S-1-5-21-613483892-1031195866-154768181-1001\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Admin\AppData\Roaming\Microsoft\Protect\dcd353-70e355-fc8b2744-4a6ae2-13c0.rs" <===== ATTENTION
HKU\S-1-5-18\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Admin\AppData\Roaming\Microsoft\Protect\fdf335-b6f336-8da22012-6afcb2-d1c0.rs" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Admin\AppData\Roaming\Microsoft\Protect\fdf335-b6f336-8da22012-6afcb2-d1c0.rs" <===== ATTENTION
U3 avrdkwpr; C:\Windows\System32\Drivers\avrdkwpr.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
Task: {44E142E5-8809-407A-A2DC-9C1860CF4E51} - System32\Tasks\win403750 => \\.\globalroot\Device\HarddiskVolume2\Users\User1\AppData\Local\Temp\win403750.dat  <==== ATTENTION
ShortcutTarget: RollerCoaster Tycoon 3 Registration.lnk -> C:\Users\Admin\AppData\Local\Temp\{F0439921-4B72-4FD2-BCD6-1C26B009D88C}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe (No File)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
ShortcutTarget: RollerCoaster Tycoon 3 Registration.lnk -> C:\Users\Admin\AppData\Local\Temp\{F0439921-4B72-4FD2-BCD6-1C26B009D88C}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe (No File)
2011-12-02 15:51 - 2010-04-06 12:04 - 1180952 _____ (DivX, Inc. ) C:\Users\User1\AppData\Local\Temp\DivXSetup.exe
2011-12-08 22:03 - 2011-12-08 22:03 - 3800224 ___SH (Adobe Systems, Inc.) C:\Users\User1\AppData\Local\Temp\InstallFlashPlayer.exe
2011-08-24 12:35 - 2013-03-24 18:45 - 0012305 _____ () C:\Users\User1\AppData\Local\Temp\SIntf16.dll
2011-08-24 12:35 - 2013-03-24 18:45 - 0020016 _____ () C:\Users\User1\AppData\Local\Temp\SIntf32.dll
2011-08-24 12:35 - 2013-03-24 18:45 - 0024744 _____ () C:\Users\User1\AppData\Local\Temp\SIntfNT.dll
2007-01-20 05:46 - 2007-01-20 05:46 - 0455600 ____R (Macrovision Corporation) C:\Users\User1\AppData\Local\Temp\_is6A77.exe
2007-01-20 05:46 - 2007-01-20 05:46 - 0455600 ____R (Macrovision Corporation) C:\Users\User1\AppData\Local\Temp\_is8FFA.exe
2007-01-20 05:46 - 2007-01-20 05:46 - 0455600 ____R (Macrovision Corporation) C:\Users\User1\AppData\Local\Temp\_isAD42.exe
2012-11-22 13:10 - 2013-03-03 18:47 - 0012305 _____ () C:\Users\Common\AppData\Local\Temp\SIntf16.dll
2012-11-22 13:10 - 2013-03-03 18:47 - 0020016 _____ () C:\Users\Common\AppData\Local\Temp\SIntf32.dll
2012-11-22 13:10 - 2013-03-03 18:47 - 0024744 _____ () C:\Users\Common\AppData\Local\Temp\SIntfNT.dll
2011-07-09 09:56 - 2010-04-06 12:04 - 1180952 _____ (DivX, Inc. ) C:\Users\Test\AppData\Local\Temp\DivXSetup.exe
Task: {44E142E5-8809-407A-A2DC-9C1860CF4E51} - System32\Tasks\win403750 => \\.\globalroot\Device\HarddiskVolume2\Users\User1\AppData\Local\Temp\win403750.dat  <==== ATTENTION
Folder: C:\Users\Admin\AppData\Roaming\Microsoft\Protect
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:

*****************

HKU\S-1-5-21-613483892-1031195866-154768181-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WinResSync => value removed successfully
HKU\S-1-5-21-613483892-1031195866-154768181-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WinResSync => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\WinResSync => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WinResSync => value removed successfully
HKLM\System\CurrentControlSet\Services\avrdkwpr => key removed successfully
avrdkwpr => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{44E142E5-8809-407A-A2DC-9C1860CF4E51} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44E142E5-8809-407A-A2DC-9C1860CF4E51} => key removed successfully
C:\Windows\System32\Tasks\win403750 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\win403750 => key removed successfully
C:\Users\Admin\AppData\Local\Temp\{F0439921-4B72-4FD2-BCD6-1C26B009D88C}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe => not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
C:\Users\Admin\AppData\Local\Temp\{F0439921-4B72-4FD2-BCD6-1C26B009D88C}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe => not found.
"C:\Users\User1\AppData\Local\Temp\DivXSetup.exe" => not found.
"C:\Users\User1\AppData\Local\Temp\InstallFlashPlayer.exe" => not found.
"C:\Users\User1\AppData\Local\Temp\SIntf16.dll" => not found.
"C:\Users\User1\AppData\Local\Temp\SIntf32.dll" => not found.
"C:\Users\User1\AppData\Local\Temp\SIntfNT.dll" => not found.
"C:\Users\User1\AppData\Local\Temp\_is6A77.exe" => not found.
"C:\Users\User1\AppData\Local\Temp\_is8FFA.exe" => not found.
"C:\Users\User1\AppData\Local\Temp\_isAD42.exe" => not found.
C:\Users\Common\AppData\Local\Temp\SIntf16.dll => moved successfully
C:\Users\Common\AppData\Local\Temp\SIntf32.dll => moved successfully
C:\Users\Common\AppData\Local\Temp\SIntfNT.dll => moved successfully
C:\Users\Test\AppData\Local\Temp\DivXSetup.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44E142E5-8809-407A-A2DC-9C1860CF4E51} => key not found.
C:\Windows\System32\Tasks\win403750 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\win403750 => key not found.

========================= Folder: C:\Users\Admin\AppData\Roaming\Microsoft\Protect ========================

not found.

====== End of Folder: ======

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset C:\resettcpip.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

========= End of CMD: =========

========= Bitsadmin /Reset /Allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{30C7C8DA-BC0A-4EA6-B4B3-A5DAF88697CF} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 35771392 B
Java, Flash, Steam htmlcache => 65138 B
Windows/system/drivers => 258473323 B
Edge => 0 B
Chrome => 559116567 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42337801 B
systemprofile32 => 81292 B
LocalService => 132244 B
NetworkService => 1618100 B
Admin => 91885835 B
User1 => 1229081242 B
User2 => 352908322 B
User3 => 610879301 B
Test => 254879913 B
Common => 1881348446 B

RecycleBin => 0 B
EmptyTemp: => 5 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 19:23:49 ====

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 7 Home Premium x64
Ran by Admin (Administrator) on Sat 04/08/2017 at 19:37:50.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 11

Failed to delete: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3DLDBHO1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9RLDMZR2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6FZWP4G (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U7GH1FXD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VJ99T52T (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3DLDBHO1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9RLDMZR2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6FZWP4G (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U7GH1FXD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VJ99T52T (Temporary Internet Files Folder)

 

Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DC5F0553-A2E1-49F4-B320-5E235BC2865A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{DC5F0553-A2E1-49F4-B320-5E235BC2865A} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/08/2017 at 19:40:36.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

# AdwCleaner v6.045 - Logfile created 08/04/2017 at 19:47:13
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-06.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Admin - HYPERION42
# Running from : C:\Users\Admin\Desktop\adwcleaner_6.045.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC5F0553-A2E1-49F4-B320-5E235BC2865A}
Value Found:  HKU\S-1-5-21-613483892-1031195866-154768181-1001\Software\Microsoft\Windows\CurrentVersion\Run [WinResSync]
Value Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WinResSync]
Value Found:  HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [WinResSync]
Value Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WinResSync]
Value Found:  [x64] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [WinResSync]

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1747 Bytes] - [08/04/2017 19:47:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1820 Bytes] ##########



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:38 AM

Posted 09 April 2017 - 09:01 AM

I believe it was an entry detected by Malwarebytes as Trojan.Agent.TPL. Typically viruses, spyware, adware and "resource hogs". I wouldn't worry much at this time. Just keep an eye on your accounts.

 

You must re-run AdwCleaner and after the scan, click  on the Clean button.

 

I am glad the situation has been resolved. Make sure your antivirus is always active and updated.

 

Best wishes.  :hello:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Garbanzo

Garbanzo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 09 April 2017 - 02:05 PM

Hi,

 

Thank you again. Still no TCP/IP connections from Explorer :)

 

AdwCleaner reported no issues on rerun.

 

Best Regards,

Garbanzo



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:38 AM

Posted 10 April 2017 - 10:43 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users