Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijack?


  • This topic is locked This topic is locked
7 replies to this topic

#1 rRaiseRr

rRaiseRr

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 13 April 2017 - 09:05 AM

This PC everytime you go to a website and click on a link you get redirected to pwwysydh.com i have googled this and all the sites are just recommending SpyHunter but i seem to remember that being malware itself.

 
now what i have tried with no success;
Windows Defender
MBAM
MBAR
TDSSKiller
RogueKiller
Zemana Anti-Malware
 
Im stuck now and have no idea how to remove this, i have also checked the following
 
host file - default
chrome extensions - none installed
IE Add-Ons - none installed
 
Any help would be much appreciated!
 
FRST Logs below
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by  (administrator) on  (13-04-2017 14:58:01)
Running from C:\Users\sw\Downloads
Loaded Profiles:
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epag.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\EPIntegrationService.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\EPSecurityService.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\EPUpdateService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Clean\SophosClean.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Health\Health.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Heartbeat\Heartbeat.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos System Protection\ssp.exe
(TeamViewer GmbH) C:\Users\sd\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Service.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
() C:\Program Files (x86)\ZohoMeeting\ZohoMeeting.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos UI\Sophos UI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos UI\Sophos UI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TeamViewer GmbH) C:\Users\sw\AppData\Local\Temp\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Users\sd\AppData\Local\Temp\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Users\sd\AppData\Local\Temp\TeamViewer\Version9\tv_x64.exe
(TeamViewer GmbH) C:\Users\sw\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Desktop.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-51511275-729317264-2496444198-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.4.28.1
Tcpip\..\Interfaces\{E1DAA529-E52F-4CD6-967C-A1A781AADCAA}: [DhcpNameServer] 10.4.28.1
 
Internet Explorer:
==================
HKU\S-1-5-21-51511275-729317264-2496444198-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-51511275-729317264-2496444198-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
HKU\S-1-5-21-51511275-729317264-2496444198-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-51511275-729317264-2496444198-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
SearchScopes: HKU\S-1-5-21-51511275-729317264-2496444198-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-22] (Oracle Corporation)
BHO-x32: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-22] (Oracle Corporation)
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-51511275-729317264-2496444198-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-51511275-729317264-2496444198-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {0C19610D-E802-4362-8139-3A9068CD541D} hxxp://v21.easy-sell.co.uk/CABS/EasysellWeb21.exe
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-10-11] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\sw\AppData\Local\Google\Chrome\User Data\Default [2017-04-13]
CHR Extension: (Google Slides) - C:\Users\sw\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-13]
CHR Extension: (Google Docs) - C:\Users\sw\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-13]
CHR Extension: (Google Sheets) - C:\Users\sw\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-13]
 
Opera: 
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 epag; C:\Program Files\Bitdefender\Endpoint Security\epag.exe [3468744 2017-01-20] (Bitdefender)
R2 EPIntegrationService; C:\Program Files\Bitdefender\Endpoint Security\EPIntegrationService.exe [100392 2016-12-13] (Bitdefender)
R2 EPSecurityService; C:\Program Files\Bitdefender\Endpoint Security\EPSecurityService.exe [100392 2016-12-13] (Bitdefender)
R2 EPUpdateService; C:\Program Files\Bitdefender\Endpoint Security\EPUpdateService.exe [100392 2016-12-13] (Bitdefender)
S2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [5010216 2017-02-07] (SurfRight B.V.)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419304 2017-04-06] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [509416 2017-04-06] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-06-15] (LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe [925832 2016-10-19] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [760672 2017-02-01] (Sophos Limited)
R2 Sophos Clean Service; C:\Program Files\Sophos\Clean\SophosClean.exe [11758592 2016-09-12] (Sophos Limited)
R2 Sophos Health Service; C:\Program Files (x86)\Sophos\Health\Health.exe [1704088 2016-09-12] (Sophos Limited)
R2 Sophos Heartbeat; C:\Program Files (x86)\Sophos\Heartbeat\Heartbeat.exe [2434912 2016-10-17] (Sophos Limited)
R2 Sophos MCS Agent; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe [1379856 2016-11-23] (Sophos Limited)
R2 Sophos MCS Client; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe [1806904 2016-11-23] (Sophos Limited)
R2 SophosDataRecorderService; C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe [996240 2016-09-12] (Sophos Limited)
R2 sophossps; C:\Program Files\Sophos\Sophos System Protection\ssp.exe [5366040 2016-09-12] (Sophos Limited)
R2 TeamViewer9; c:\users\sd\appdata\local\temp\teamviewer\version9\TeamViewer_Service.exe [4598080 2014-03-25] (TeamViewer GmbH) <==== ATTENTION
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.)
R2 Zoho Assist-Remote Support; C:\Program Files (x86)\ZohoMeeting\ZohoMeeting.exe [764536 2016-08-09] ()
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1605376 2016-09-20] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
R3 bddevflt; C:\Program Files\Bitdefender\Endpoint Security\bddevflt.sys [109272 2017-02-22] (BitDefender LLC)
R1 Bdfndisf; c:\windows\system32\drivers\bdfndisf6.sys [114840 2016-12-15] (BitDefender LLC)
R1 Bdfwfpf; C:\Program Files\Bitdefender\Endpoint Security\bdfwfpf.sys [131520 2016-12-12] ()
R0 bdupflt; C:\Windows\System32\DRIVERS\bdupflt.sys [57544 2015-10-06] (Bitdefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [178384 2017-02-22] (BitDefender LLC)
R3 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [274928 2017-03-22] (SurfRight B.V.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2012-03-09] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [638896 2012-03-09] (Intel Corporation)
R2 LMIInfo; C:\Windows\system32\drivers\LMIInfo.sys [30432 2017-01-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-13] (Malwarebytes)
S3 megasas2; C:\Windows\system32\drivers\megasas2.sys [51280 2010-11-02] (LSI Corporation)
S3 megasr1; C:\Windows\system32\drivers\megasr1.sys [806696 2012-02-08] (LSI Corporation, Inc.)
R2 sntp; C:\Windows\System32\DRIVERS\sntp.sys [123848 2016-10-19] (Sophos Limited)
R0 Sophos Endpoint Defense; C:\Windows\System32\DRIVERS\SophosED.sys [200760 2016-10-17] (Sophos Limited)
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [442848 2017-02-22] (BitDefender S.R.L.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-04-13] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-04-13] (Zemana Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-13 14:39 - 2017-04-13 14:41 - 00000452 _____ C:\runcheck.txt
2017-04-13 14:38 - 2017-04-13 14:38 - 01309184 _____ C:\Users\sw\Downloads\zoek.exe
2017-04-13 14:38 - 2017-04-13 14:38 - 00000000 ____D C:\zoek_backup
2017-04-13 12:47 - 2017-04-13 13:00 - 00000000 ____D C:\Users\sw\Desktop\mbar
2017-04-13 12:47 - 2017-04-13 13:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-04-13 12:47 - 2017-04-13 12:47 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-04-13 12:44 - 2017-04-13 12:44 - 16564750 _____ (Malwarebytes Corp.) C:\Users\sw\Desktop\mbar-1.09.4.1001.exe
2017-04-13 12:43 - 2017-04-13 12:44 - 00030941 _____ C:\Users\sw\Downloads\Addition.txt
2017-04-13 12:42 - 2017-04-13 14:58 - 00016592 _____ C:\Users\sw\Downloads\FRST.txt
2017-04-13 12:42 - 2017-04-13 14:58 - 00000000 ____D C:\FRST
2017-04-13 12:42 - 2017-04-13 12:42 - 02424832 _____ (Farbar) C:\Users\sw\Downloads\FRST64.exe
2017-04-13 12:41 - 2017-04-13 12:41 - 01766912 _____ (Farbar) C:\Users\sw\Downloads\FRST.exe
2017-04-13 12:20 - 2017-04-13 12:20 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-04-13 12:19 - 2017-04-13 12:37 - 00000000 ____D C:\ProgramData\RogueKiller
2017-04-13 12:19 - 2017-04-13 12:19 - 00000862 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-04-13 12:19 - 2017-04-13 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-04-13 12:19 - 2017-04-13 12:19 - 00000000 ____D C:\Program Files\RogueKiller
2017-04-13 12:14 - 2017-04-13 12:13 - 35207600 _____ (Adlice Software ) C:\Users\sw\Desktop\setup.exe
2017-04-13 12:09 - 2017-04-13 12:09 - 00388608 _____ (Trend Micro Inc.) C:\Users\sw\Desktop\HijackThis.exe
2017-04-13 12:05 - 2017-04-13 12:05 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-04-13 12:05 - 2017-04-13 12:05 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-04-13 12:05 - 2017-04-13 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-13 12:05 - 2017-04-13 12:05 - 00000000 ____D C:\Program Files\CCleaner
2017-04-13 12:03 - 2017-04-13 12:02 - 09274608 _____ (Piriform Ltd) C:\Users\sw\Desktop\ccsetup528.exe
2017-04-13 12:01 - 2017-04-13 12:01 - 00001059 _____ C:\Users\sw\Desktop\Eusing Free Registry Cleaner.lnk
2017-04-13 12:01 - 2017-04-13 12:01 - 00001059 _____ C:\Users\sd\Desktop\Eusing Free Registry Cleaner.lnk
2017-04-13 12:01 - 2017-04-13 12:01 - 00001059 _____ C:\Users\Administrator\Desktop\Eusing Free Registry Cleaner.lnk
2017-04-13 12:01 - 2017-04-13 12:01 - 00000000 ____D C:\Users\sw\AppData\Roaming\Eusing
2017-04-13 12:01 - 2017-04-13 12:01 - 00000000 ____D C:\Program Files (x86)\Eusing Free Registry Cleaner
2017-04-13 12:00 - 2017-04-13 12:00 - 00985017 _____ C:\Users\sw\Downloads\EFRCSetup.exe
2017-04-13 11:18 - 2017-04-13 11:18 - 00003836 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1492078714
2017-04-13 11:18 - 2017-04-13 11:18 - 00001093 _____ C:\Users\Public\Desktop\Opera.lnk
2017-04-13 11:18 - 2017-04-13 11:18 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-04-13 11:18 - 2017-04-13 11:18 - 00000000 ____D C:\Users\sw\AppData\Roaming\Opera Software
2017-04-13 11:18 - 2017-04-13 11:18 - 00000000 ____D C:\Users\sw\AppData\Local\Opera Software
2017-04-13 11:17 - 2017-04-13 11:17 - 01186088 _____ (Opera Software) C:\Users\sw\Downloads\OperaSetup.exe
2017-04-13 10:04 - 2017-04-13 10:05 - 05675600 _____ (TeamViewer) C:\Users\sw\Downloads\TeamViewerQS (1).exe
2017-04-13 09:53 - 2017-04-13 09:53 - 00002303 _____ C:\Users\Administrator\Desktop\ZHPCleaner.txt
2017-04-13 09:44 - 2017-04-13 09:53 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ZHP
2017-04-13 09:44 - 2017-04-13 09:44 - 00000800 _____ C:\Users\Administrator\Desktop\ZHPCleaner.lnk
2017-04-13 09:44 - 2017-04-13 09:44 - 00000000 ____D C:\Users\Administrator\AppData\Local\ZHP
2017-04-13 09:41 - 2017-04-13 09:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\Zemana
2017-04-13 09:34 - 2017-04-13 11:59 - 00002531 _____ C:\Users\sw\Desktop\ZHPCleaner.txt
2017-04-13 09:29 - 2017-04-13 11:59 - 00000000 ____D C:\Users\sw\AppData\Roaming\ZHP
2017-04-13 09:29 - 2017-04-13 11:53 - 00000000 ____D C:\Users\sw\AppData\Local\ZHP
2017-04-13 09:29 - 2017-04-13 09:44 - 00001119 _____ C:\Users\sw\Desktop\ZHPCleaner.lnk
2017-04-13 09:28 - 2017-04-13 09:28 - 02760704 _____ C:\Users\sw\Desktop\ZHPCleaner.exe
2017-04-13 09:16 - 2017-04-13 14:58 - 01395706 _____ C:\Windows\ZAM.krnl.trace
2017-04-13 09:16 - 2017-04-13 14:58 - 00216374 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-04-13 09:16 - 2017-04-13 09:16 - 05774688 _____ (Zemana Ltd. ) C:\Users\sw\Downloads\Zemana.AntiMalware.Setup.exe
2017-04-13 09:16 - 2017-04-13 09:16 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-04-13 09:16 - 2017-04-13 09:16 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-04-13 09:16 - 2017-04-13 09:16 - 00001154 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-04-13 09:16 - 2017-04-13 09:16 - 00000000 ____D C:\Users\sw\AppData\Local\Zemana
2017-04-13 09:16 - 2017-04-13 09:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-04-13 09:16 - 2017-04-13 09:16 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-04-12 16:37 - 2017-04-12 16:49 - 00000000 ____D C:\Users\sd\AppData\Local\Google
2017-04-12 16:25 - 2017-04-12 16:25 - 00079431 _____ C:\ProgramData\1492010660.bdinstall.bin
2017-04-12 15:37 - 2017-04-12 15:37 - 04089296 _____ C:\Users\Administrator\Downloads\AdwCleaner.exe
2017-04-12 15:35 - 2017-04-12 15:35 - 00003251 _____ C:\Users\Administrator\Desktop\JRT.txt
2017-04-12 15:30 - 2017-04-12 15:30 - 01663672 _____ (Malwarebytes) C:\Users\Administrator\Downloads\JRT.exe
2017-04-12 15:20 - 2017-04-12 15:20 - 05675600 _____ (TeamViewer) C:\Users\sd\Downloads\TeamViewerQS (5).exe
2017-04-12 15:20 - 2017-04-12 15:20 - 00037239 _____ C:\ComboFix.txt
2017-04-12 15:16 - 2017-04-12 15:16 - 05675600 _____ (TeamViewer) C:\Users\sd\Downloads\TeamViewerQS (4).exe
2017-04-12 15:07 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2017-04-12 15:07 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2017-04-12 15:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-04-12 15:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-04-12 15:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-04-12 15:07 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2017-04-12 15:07 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2017-04-12 15:07 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2017-04-12 15:06 - 2017-04-12 15:06 - 05675600 _____ (TeamViewer) C:\Users\sd\Downloads\TeamViewerQS (3).exe
2017-04-12 14:34 - 2017-04-12 14:34 - 05675600 _____ (TeamViewer) C:\Users\sd\Downloads\TeamViewerQS (2).exe
2017-04-12 14:25 - 2017-04-12 15:20 - 00000000 ____D C:\Qoobox
2017-04-12 14:25 - 2017-04-12 15:18 - 00000000 ____D C:\Windows\erdnt
2017-04-12 14:24 - 2017-04-12 14:25 - 05659546 ____R (Swearware) C:\Users\sd\Downloads\ComboFix.exe
2017-04-12 13:36 - 2017-04-12 13:36 - 00002273 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-12 13:36 - 2017-04-12 13:36 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-12 13:31 - 2017-04-12 13:28 - 00013077 _____ C:\Users\sd\Desktop\Bookmarks
2017-04-12 13:14 - 2017-04-12 13:14 - 05675600 _____ (TeamViewer) C:\Users\sd\Downloads\TeamViewerQS (1).exe
2017-04-12 12:19 - 2017-04-12 12:19 - 00000000 ____D C:\Users\sw\AppData\Roaming\Macromedia
2017-04-12 10:52 - 2017-04-12 10:52 - 00014868 _____ C:\Users\sw\Desktop\mbam.txt
2017-04-12 10:51 - 2017-04-12 10:53 - 00215074 _____ C:\TDSSKiller.3.1.0.12_12.04.2017_10.51.42_log.txt
2017-04-12 10:49 - 2017-04-12 10:50 - 04747704 _____ (AO Kaspersky Lab) C:\Users\sw\Downloads\tdsskiller.exe
2017-04-12 10:46 - 2017-04-13 09:39 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-12 10:46 - 2017-04-12 11:57 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-12 10:46 - 2017-04-12 10:46 - 00001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-12 10:46 - 2017-04-12 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-12 10:45 - 2017-04-12 10:45 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-12 10:37 - 2017-04-12 10:38 - 05675600 _____ (TeamViewer) C:\Users\sw\Downloads\TeamViewerQS.exe
2017-04-12 10:36 - 2017-04-12 10:36 - 00000000 ____D C:\Users\sw\AppData\Roaming\TeamViewer
2017-04-12 10:11 - 2017-04-12 10:14 - 59272008 _____ (Malwarebytes ) C:\Users\sd\Downloads\mb3-setup-consumer-3.0.6.1469-1096.exe
2017-04-12 10:00 - 2017-04-12 10:00 - 00000000 ____D C:\Users\sd\AppData\Roaming\TeamViewer
2017-04-12 09:59 - 2017-04-12 10:00 - 05675600 _____ (TeamViewer) C:\Users\sd\Downloads\TeamViewerQS.exe
2017-04-11 12:43 - 2017-04-11 12:43 - 00164376 _____ C:\Users\sd\Downloads\HolidayQuotation (41).pdf
2017-04-11 12:42 - 2017-04-11 12:42 - 00164375 _____ C:\Users\sd\Downloads\HolidayQuotation (40).pdf
2017-04-10 11:01 - 2017-04-10 11:01 - 00162757 _____ C:\Users\sd\Downloads\HolidayQuotation (39).pdf
2017-04-10 10:53 - 2017-04-10 10:53 - 00162758 _____ C:\Users\sd\Downloads\HolidayQuotation (38).pdf
2017-04-07 12:56 - 2017-04-07 12:56 - 00981536 _____ C:\Users\sd\Downloads\2QV5YY_LS931_01May2017.pdf
2017-04-06 09:16 - 2017-01-11 03:08 - 00030432 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIInfo.sys
2017-04-05 16:02 - 2017-04-05 16:02 - 00244117 _____ C:\Users\sd\Downloads\HolidayQuotation (37).pdf
2017-04-05 15:18 - 2017-04-05 15:18 - 00168871 _____ C:\Users\sd\Downloads\HolidayQuotation (36).pdf
2017-04-05 15:17 - 2017-04-05 15:17 - 00168869 _____ C:\Users\sd\Downloads\HolidayQuotation (35).pdf
2017-04-05 15:15 - 2017-04-05 15:15 - 00177481 _____ C:\Users\sd\Downloads\HolidayQuotation (34).pdf
2017-04-05 13:34 - 2017-04-05 13:33 - 00097552 _____ C:\Users\sd\Documents\Wells2.pdf
2017-04-05 12:59 - 2017-04-05 13:22 - 02068068 _____ C:\Users\sd\Documents\Wells.pdf
2017-04-05 11:04 - 2017-04-05 11:04 - 00215498 _____ C:\Users\sd\Downloads\HolidayQuotation (33).pdf
2017-04-05 10:58 - 2017-04-05 10:58 - 00273604 _____ C:\Users\sd\Downloads\HolidayQuotation (32).pdf
2017-04-05 09:53 - 2017-04-05 09:53 - 00149282 _____ C:\Users\sd\Downloads\HolidayQuotation (31).pdf
2017-04-05 09:48 - 2017-04-05 09:48 - 00244117 _____ C:\Users\sd\Downloads\HolidayQuotation (30).pdf
2017-04-04 16:04 - 2017-04-04 16:04 - 00058412 _____ C:\Users\sd\Downloads\Jetset Flights - Indie Website.html
2017-04-04 16:04 - 2017-04-04 16:04 - 00000000 ____D C:\Users\sd\Downloads\Jetset Flights - Indie Website_files
2017-04-03 15:09 - 2017-04-03 15:09 - 00218805 _____ C:\Users\sd\Downloads\HolidayQuotation (29).pdf
2017-04-03 10:08 - 2017-04-03 10:08 - 01088635 _____ C:\Users\sd\Downloads\BoardingPass (1).pdf
2017-04-01 15:42 - 2017-04-01 15:42 - 00202781 _____ C:\Users\sd\Downloads\HolidayQuotation (28).pdf
2017-04-01 12:48 - 2017-04-01 12:48 - 00709902 _____ C:\Users\sd\Downloads\Disney Dining Plan (2017).pdf
2017-04-01 12:47 - 2017-04-01 12:47 - 00424467 _____ C:\Users\sd\Downloads\Disney Quick-Service Dining Plan (2017).pdf
2017-04-01 12:47 - 2017-04-01 12:47 - 00424467 _____ C:\Users\sd\Downloads\Disney Quick-Service Dining Plan (2017) (1).pdf
2017-03-31 15:14 - 2017-03-31 15:14 - 00604974 _____ C:\Users\sd\Documents\USAirtours.pdf
2017-03-30 09:11 - 2017-03-30 09:11 - 00000000 ____D C:\Users\sd\AppData\Roaming\WinRAR
2017-03-24 12:16 - 2017-03-27 13:51 - 00150547 _____ C:\Users\sd\Documents\Armes 578886 Client2.pdf
2017-03-24 12:16 - 2017-03-24 15:27 - 00169629 _____ C:\Users\sd\Documents\Armes 578886 Client.pdf
2017-03-23 16:07 - 2017-04-01 12:16 - 00000000 ____D C:\Users\sd\AppData\Local\CrashDumps
2017-03-22 14:57 - 2017-03-22 15:00 - 00000000 ____D C:\ProgramData\SophosClean
2017-03-22 14:56 - 2017-03-22 14:56 - 11619360 _____ (Sophos Limited) C:\Users\sd\Downloads\SophosClean_x64.exe
2017-03-22 14:43 - 2017-03-22 14:43 - 00000000 ____D C:\Program Files\Common Files\Sophos
2017-03-22 14:42 - 2017-04-13 14:44 - 00000000 ____D C:\Windows\CryptoGuard
2017-03-22 14:42 - 2017-04-13 14:39 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2017-03-22 14:42 - 2017-03-22 14:43 - 00000000 ____D C:\Program Files\Sophos
2017-03-22 14:42 - 2017-03-22 14:42 - 00921672 _____ (SurfRight B.V.) C:\Windows\system32\hmpalert.dll
2017-03-22 14:42 - 2017-03-22 14:42 - 00851648 _____ (SurfRight B.V.) C:\Windows\SysWOW64\hmpalert.dll
2017-03-22 14:42 - 2017-03-22 14:42 - 00274928 _____ (SurfRight B.V.) C:\Windows\system32\Drivers\hmpalert.sys
2017-03-22 14:42 - 2017-03-22 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-03-22 14:42 - 2017-03-22 14:42 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2017-03-22 14:42 - 2016-10-19 17:25 - 00123848 _____ (Sophos Limited) C:\Windows\system32\Drivers\sntp.sys
2017-03-22 14:42 - 2016-10-17 21:17 - 00200760 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosED.sys
2017-03-22 14:38 - 2017-03-22 14:43 - 00000000 ____D C:\ProgramData\Sophos
2017-03-22 14:38 - 2017-03-22 14:42 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-03-22 14:35 - 2017-03-22 14:35 - 22922328 _____ (Sophos Limited) C:\Users\sd\Downloads\SophosInstall.exe
2017-03-22 14:16 - 2017-03-22 14:24 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-22 14:15 - 2017-03-22 14:15 - 11581544 _____ (SurfRight B.V.) C:\Users\sd\Downloads\hitmanpro_x64.exe
2017-03-22 13:59 - 2017-03-22 14:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\NPE
2017-03-22 13:59 - 2017-03-22 13:59 - 00000000 ____D C:\ProgramData\Norton
2017-03-22 13:58 - 2017-03-22 13:58 - 03423928 _____ (Symantec Corporation) C:\Users\sd\Downloads\NPE.exe
2017-03-22 13:55 - 2017-03-22 13:55 - 00000000 ____D C:\Users\sd\AppData\Roaming\Opera Software
2017-03-22 13:55 - 2017-03-22 13:55 - 00000000 ____D C:\Users\sd\AppData\Local\Opera Software
2017-03-22 13:54 - 2017-04-13 11:18 - 00000000 ____D C:\Program Files\Opera
2017-03-22 13:54 - 2017-03-22 13:54 - 00003850 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1490187299
2017-03-22 13:54 - 2017-03-22 13:54 - 00001093 _____ C:\Users\Public\Desktop\Opera.lnk.1492013912.old
2017-03-22 13:53 - 2017-03-22 13:53 - 01186672 _____ (Opera Software) C:\Users\sd\Downloads\OperaSetup.exe
2017-03-22 12:29 - 2017-03-22 12:29 - 00000000 _____ C:\autoexec.bat
2017-03-22 02:40 - 2017-04-12 13:36 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-22 02:24 - 2017-04-13 09:38 - 00003152 _____ C:\Windows\system32\rblcache.dat
2017-03-22 02:20 - 2017-04-13 13:06 - 00000000 ____D C:\AdwCleaner
2017-03-22 02:20 - 2017-03-22 02:20 - 04031440 _____ C:\Users\sd\Downloads\adwcleaner_6.044.exe
2017-03-21 16:00 - 2017-03-21 16:00 - 00666475 _____ C:\Users\sd\Downloads\rfci-hotel-list-010217.pdf
2017-03-20 15:11 - 2017-03-20 15:11 - 00171907 _____ C:\Users\sd\Downloads\HolidayQuotation (27).pdf
2017-03-20 15:11 - 2017-03-20 15:11 - 00171907 _____ C:\Users\sd\Downloads\HolidayQuotation (26).pdf
2017-03-20 15:07 - 2017-03-20 15:07 - 00171906 _____ C:\Users\sd\Downloads\HolidayQuotation (25).pdf
2017-03-18 12:38 - 2017-03-04 18:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-18 12:38 - 2017-03-04 17:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-18 12:38 - 2017-03-04 09:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-18 12:38 - 2017-03-04 09:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-18 12:38 - 2017-03-04 09:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-18 12:38 - 2017-03-04 09:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-18 12:38 - 2017-03-04 09:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-18 12:38 - 2017-03-04 09:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-18 12:38 - 2017-03-04 09:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-18 12:38 - 2017-03-04 08:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-18 12:38 - 2017-03-04 08:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-18 12:38 - 2017-03-04 08:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-18 12:38 - 2017-03-04 08:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-18 12:38 - 2017-03-04 08:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-18 12:38 - 2017-03-04 08:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-18 12:38 - 2017-03-04 08:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-18 12:38 - 2017-03-04 08:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-18 12:38 - 2017-03-04 08:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-18 12:38 - 2017-03-04 08:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-18 12:38 - 2017-03-04 08:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-18 12:38 - 2017-03-04 08:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-18 12:38 - 2017-03-04 08:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-18 12:38 - 2017-03-04 08:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-18 12:38 - 2017-03-04 08:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-18 12:38 - 2017-03-04 08:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-18 12:38 - 2017-03-04 08:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-18 12:38 - 2017-03-04 08:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-18 12:38 - 2017-03-04 07:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-18 12:38 - 2017-03-04 07:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-18 12:38 - 2017-03-04 07:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-18 12:38 - 2017-03-04 07:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-18 12:38 - 2017-03-04 07:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-18 12:38 - 2017-03-04 07:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-18 12:38 - 2017-03-04 07:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-18 12:38 - 2017-03-04 07:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-18 12:38 - 2017-03-04 07:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-18 12:38 - 2017-03-04 05:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-18 12:38 - 2017-03-02 19:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-18 12:38 - 2017-03-02 19:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-18 12:38 - 2017-03-02 19:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-18 12:38 - 2017-03-02 19:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-18 12:38 - 2017-03-02 19:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-18 12:38 - 2017-03-02 19:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-18 12:38 - 2017-03-02 18:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-18 12:38 - 2017-03-02 18:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-18 12:38 - 2017-03-02 18:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-18 12:38 - 2017-03-02 18:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-18 12:38 - 2017-03-02 18:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-18 12:38 - 2017-03-02 18:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-18 12:38 - 2017-03-02 18:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-18 12:38 - 2017-03-02 18:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-18 12:38 - 2017-03-02 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-18 12:38 - 2017-03-02 18:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-18 12:38 - 2017-03-02 18:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-18 12:38 - 2017-03-02 18:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-18 12:38 - 2017-03-02 18:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-18 12:38 - 2017-03-02 18:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-18 12:38 - 2017-03-02 18:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-18 12:38 - 2017-03-02 18:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-18 12:38 - 2017-03-02 18:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-18 12:38 - 2017-03-02 18:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-18 12:38 - 2017-03-02 18:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-18 12:38 - 2017-03-02 18:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-18 12:38 - 2017-03-02 17:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-18 12:38 - 2017-03-02 17:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-18 12:38 - 2017-03-02 17:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-18 12:38 - 2017-02-11 16:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-18 12:38 - 2017-02-11 16:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-18 12:38 - 2017-02-11 16:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-18 12:38 - 2017-02-10 17:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-18 12:38 - 2017-02-10 17:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-18 12:38 - 2017-02-10 17:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-18 12:38 - 2017-02-10 17:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-18 12:38 - 2017-02-10 15:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-18 12:38 - 2017-02-09 17:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-18 12:38 - 2017-02-09 17:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-18 12:38 - 2017-02-09 17:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-18 12:38 - 2017-02-09 17:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-18 12:38 - 2017-02-09 17:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-18 12:38 - 2017-02-09 17:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-18 12:38 - 2017-02-09 17:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-18 12:38 - 2017-02-09 17:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-18 12:38 - 2017-02-09 17:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-18 12:38 - 2017-02-09 17:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-18 12:38 - 2017-02-09 17:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-18 12:38 - 2017-02-09 17:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-18 12:38 - 2017-02-09 17:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-18 12:38 - 2017-02-09 17:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-18 12:38 - 2017-02-09 17:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-18 12:38 - 2017-02-09 17:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-18 12:38 - 2017-02-09 17:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-18 12:38 - 2017-02-09 17:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-18 12:38 - 2017-02-09 17:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-18 12:38 - 2017-02-09 17:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-18 12:38 - 2017-02-09 17:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-18 12:38 - 2017-02-09 17:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-18 12:38 - 2017-02-09 17:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-18 12:38 - 2017-02-09 17:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-18 12:38 - 2017-02-09 17:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 17:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-18 12:38 - 2017-02-09 17:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-18 12:38 - 2017-02-09 17:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-18 12:38 - 2017-02-09 17:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-18 12:38 - 2017-02-09 17:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-18 12:38 - 2017-02-09 16:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-18 12:38 - 2017-02-09 16:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-18 12:38 - 2017-02-09 16:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-18 12:38 - 2017-02-09 16:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-18 12:38 - 2017-02-09 16:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-18 12:38 - 2017-02-09 16:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-18 12:38 - 2017-02-09 16:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-18 12:38 - 2017-02-09 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-18 12:38 - 2017-02-09 16:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-18 12:38 - 2017-02-09 16:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-18 12:38 - 2017-02-09 16:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-18 12:38 - 2017-02-09 16:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-18 12:38 - 2017-02-09 16:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-18 12:38 - 2017-02-09 16:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-18 12:38 - 2017-02-09 16:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 16:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 16:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 16:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-18 12:38 - 2017-02-09 15:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-18 12:38 - 2017-02-09 15:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-18 12:38 - 2017-02-06 17:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-18 12:38 - 2017-01-13 19:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-18 12:38 - 2017-01-13 19:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-18 12:38 - 2017-01-13 18:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-18 12:38 - 2017-01-13 18:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-18 12:38 - 2017-01-11 19:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-18 12:38 - 2017-01-11 19:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-18 12:38 - 2017-01-11 18:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-18 12:38 - 2017-01-11 18:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-18 12:38 - 2017-01-06 19:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-18 12:38 - 2017-01-06 18:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-18 12:36 - 2017-02-23 00:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-18 12:36 - 2017-02-23 00:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-18 12:36 - 2017-02-18 15:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-18 12:36 - 2017-02-18 15:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-13 12:47 - 2016-12-09 13:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-13 12:10 - 2016-12-08 22:51 - 00000000 ____D C:\Users\sw\AppData\Local\VirtualStore
2017-04-13 12:06 - 2016-12-19 13:39 - 00000000 ____D C:\ProgramData\LogMeIn
2017-04-13 12:06 - 2016-12-03 05:09 - 00000000 ____D C:\Windows\panther
2017-04-13 12:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-04-13 11:19 - 2017-02-16 14:36 - 00000000 ____D C:\Users\sw\AppData\Local\Google
2017-04-13 09:44 - 2009-07-14 05:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-13 09:44 - 2009-07-14 05:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-13 09:42 - 2016-12-02 21:53 - 00000000 ____D C:\Users\Administrator
2017-04-13 09:39 - 2016-12-19 13:39 - 00000998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2017-04-13 09:39 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-13 09:21 - 2016-12-08 22:51 - 00000000 ____D C:\Users\sw
2017-04-12 15:17 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2017-04-12 13:36 - 2016-12-09 13:32 - 00000000 ____D C:\Users\sd\AppData\Local\Google.old
2017-04-12 11:12 - 2016-12-09 13:44 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-12 11:11 - 2016-12-09 13:44 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-12 10:37 - 2016-12-08 22:51 - 00000008 __RSH C:\Users\sw\ntuser.pol
2017-04-12 09:42 - 2016-12-09 14:01 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-12 09:42 - 2016-12-09 14:01 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-12 09:42 - 2016-12-09 14:01 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-12 09:42 - 2016-12-09 14:01 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-12 09:42 - 2016-12-09 14:01 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-12 09:18 - 2016-12-09 13:32 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-12 09:18 - 2016-12-09 13:32 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-11 16:59 - 2016-12-09 13:38 - 00000460 _____ C:\Users\sd\Desktop\EasySell.website
2017-04-06 09:16 - 2016-12-19 13:39 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2017-04-06 09:15 - 2016-12-19 13:39 - 00122368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2017-04-06 09:15 - 2016-12-19 13:39 - 00107488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2017-04-04 09:13 - 2009-07-14 06:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-31 09:08 - 2009-07-14 06:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-22 12:29 - 2016-12-08 22:19 - 00112296 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-22 12:14 - 2016-12-09 13:44 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2017-03-22 02:56 - 2016-12-08 22:38 - 00000008 __RSH C:\Users\Administrator\ntuser.pol
2017-03-22 02:40 - 2016-12-09 13:32 - 00000000 ____D C:\Users\sd\AppData\Local\Deployment
2017-03-22 02:33 - 2016-12-02 21:53 - 00001421 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-22 02:24 - 2016-12-08 22:54 - 00000008 __RSH C:\Users\sd\ntuser.pol
2017-03-22 02:24 - 2016-12-08 22:54 - 00000000 ____D C:\Users\sd
2017-03-20 16:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2017-03-20 10:09 - 2009-07-14 05:45 - 00434448 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-20 10:07 - 2016-12-06 21:01 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-20 10:07 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-18 12:54 - 2016-12-06 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-03-18 12:50 - 2016-12-06 20:58 - 00000000 ____D C:\Windows\system32\MRT
2017-03-18 12:47 - 2016-12-06 20:58 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-18 12:44 - 2016-12-06 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-18 12:43 - 2016-12-06 20:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-18 12:43 - 2016-12-06 20:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2017-04-12 16:25 - 2017-04-12 16:25 - 0079431 _____ () C:\ProgramData\1492010660.bdinstall.bin
2017-02-22 01:58 - 2017-02-22 04:21 - 0000160 _____ () C:\ProgramData\50.install.log
2017-02-22 04:07 - 2017-02-22 04:07 - 0000671 _____ () C:\ProgramData\50.rollback.log
 
Some files in TEMP:
====================
2017-04-13 14:38 - 2017-04-13 14:39 - 0476672 _____ () C:\Users\sw\AppData\Local\Temp\7za.exe
2017-04-13 14:38 - 2017-04-13 14:39 - 0020480 _____ (E Dev) C:\Users\sw\AppData\Local\Temp\DaS_21.exe
2017-04-13 12:19 - 2017-02-09 17:33 - 1732864 _____ (Microsoft Corporation) C:\Users\sw\AppData\Local\Temp\dllnt_dump.dll
2017-04-13 14:38 - 2017-04-13 14:39 - 0388608 _____ (Trend Micro Inc.) C:\Users\sw\AppData\Local\Temp\hijackthis.exe
2017-04-12 16:23 - 2017-04-12 11:02 - 11583584 _____ (SurfRight B.V.) C:\Users\sw\AppData\Local\Temp\HitmanPro.exe
2017-04-13 14:38 - 2017-04-13 14:39 - 0030720 _____ (NirSoft) C:\Users\sw\AppData\Local\Temp\NirCmd.exe
2017-04-12 17:18 - 2017-04-12 17:18 - 1980416 _____ (Opera Software) C:\Users\sw\AppData\Local\Temp\Opera_installer_20174121832107.dll
2017-04-13 14:38 - 2017-04-13 14:39 - 0256512 _____ () C:\Users\sw\AppData\Local\Temp\PEVZ.EXE
2017-04-13 14:38 - 2017-04-13 14:39 - 0069632 _____ () C:\Users\sw\AppData\Local\Temp\remove.exe
2017-04-13 14:38 - 2017-04-13 14:39 - 0098816 _____ () C:\Users\sw\AppData\Local\Temp\sed.exe
2017-04-13 14:38 - 2017-04-13 14:39 - 0057344 _____ (Optimum X) C:\Users\sw\AppData\Local\Temp\shortcut.exe
2017-04-12 16:25 - 2017-03-22 14:56 - 11619360 _____ (Sophos Limited) C:\Users\sw\AppData\Local\Temp\SophosClean.exe
2017-04-13 14:38 - 2017-04-13 14:39 - 0161792 _____ (SteelWerX) C:\Users\sw\AppData\Local\Temp\swreg.exe
2017-04-13 14:38 - 2017-04-13 14:39 - 0217088 _____ (SteelWerX) C:\Users\sw\AppData\Local\Temp\swxcacls.exe
2017-04-13 14:38 - 2017-04-13 14:39 - 0154232 _____ (Noël Danjou) C:\Users\sw\AppData\Local\Temp\wget.exe
2017-04-13 14:38 - 2017-04-13 14:39 - 0024064 _____ () C:\Users\sw\AppData\Local\Temp\zoek-delete.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-03 14:30
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by sw (13-04-2017 14:58:41)
Running from C:\Users\sw\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-12-02 20:37:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-51511275-729317264-2496444198-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-51511275-729317264-2496444198-501 - Limited - Disabled)
sd (S-1-5-21-51511275-729317264-2496444198-1001 - Limited - Enabled) => C:\Users\sd
sw (S-1-5-21-51511275-729317264-2496444198-1002 - Administrator - Enabled) => C:\Users\sw
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Endpoint Security Tools Antimalware (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Endpoint Security Tools Antimalware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Endpoint Security Tools Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Bitdefender Endpoint Security Tools (HKLM\...\Endpoint Security) (Version: 6.2.19.899 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
CTCS, Easysell Web ActiveX (v2.1) (HKLM-x32\...\{2510B399-3F05-42E1-BA1D-EACB22F30978}) (Version: 2.1.0.18 - Comtec (Europe) Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
HitmanPro.Alert 3 (managed by Sophos) (Version: 3.6.3.583 - SurfRight B.V.) Hidden
HP LaserJet 500 color MFP M570 (HKLM-x32\...\{96e58861-a3c4-43cf-9a1a-c13d2cd69b5b}) (Version: 5.0.12229.597 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM570DSService (x32 Version: 001.001.07586 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 4.5.41.23 - HP) Hidden
HPLJ500colorMFPM570 (HKLM-x32\...\{F05A8E43-041F-4066-ADC2-FA9F883B49D6}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden
HPLJUTM570 (x32 Version: 004.005.0001 - HP) Hidden
hppFaxDrvM570 (x32 Version: 003.000.00003 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM570LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
hppSendFaxM570 (x32 Version: 003.000.00003 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM570 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
LogMeIn (HKLM-x32\...\{F207DD0F-4C1B-44F5-8E68-176078DE0545}) (Version: 4.1.8832 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{4F6DB17C-9156-4BF2-9A50-845E89337912}) (Version: 1.3.2628 - LogMeIn, Inc.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Standard 2013 (HKLM\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Opera Stable 44.0.2510.1218 (HKLM-x32\...\Opera 44.0.2510.1218) (Version: 44.0.2510.1218 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
RogueKiller version 12.10.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.4.0 - Adlice Software)
Sophos AutoUpdate XG (x32 Version: 5.6.388 - Sophos Limited) Hidden
Sophos Clean (Version: 3.7.14.116 - Sophos Limited) Hidden
Sophos Diagnostic Utility (x32 Version: 1.14.0.123 - Sophos Limited) Hidden
Sophos Endpoint (Version: 1.1.44 - Sophos Limited) Hidden
Sophos Endpoint Agent (HKLM\...\Sophos Endpoint Agent) (Version: 11.5.4 - Sophos Ltd)
Sophos Endpoint Defense (Version: 1.0.0.265 - Sophos Limited) Hidden
Sophos Endpoint Self Help (Version: 1.2.76 - Sophos Limited) Hidden
Sophos Exploit Prevention (Version: 1.0.3.258 - Sophos Limited) Hidden
Sophos Health (x32 Version: 2.0.3.32 - Sophos Limited) Hidden
Sophos Heartbeat (x32 Version: 4.3.60 - Sophos Limited) Hidden
Sophos Management Communications System (x32 Version: 4.3.2.1 - Sophos Limited) Hidden
Sophos Network Threat Protection (Version: 1.3.1.12 - Sophos Limited) Hidden
Sophos System Protection (Version: 2.6.0.71 - Sophos Limited) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.388 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05211371-6417-4146-A884-787462BDF154} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-22] (Google Inc.)
Task: {2744034C-82B8-40F1-B355-68A0334D785C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {34174EAE-256B-4D90-84E0-F8D037E9E501} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-12] (Adobe Systems Incorporated)
Task: {59AE4066-76B8-448D-8CC2-35E77EF9E7E9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {669E57E5-B639-42BC-B86B-F99370353B47} - System32\Tasks\Opera scheduled Autoupdate 1490187299 => C:\Program Files\Opera\launcher.exe [2017-04-12] (Opera Software)
Task: {8665CD24-E71F-4E69-8347-6B22E6BA3DFB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {89C855DB-A1AB-4891-A94D-6B20BE860B91} - System32\Tasks\Opera scheduled Autoupdate 1492078714 => C:\Program Files\Opera\launcher.exe [2017-04-12] (Opera Software)
Task: {A6C6AB21-D3B2-4C79-AB67-7A81686A7AFA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C2F64454-AB24-48F4-8CF6-904EA1186DB0} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-15] (Hewlett Packard)
Task: {D2DB988D-5B4C-4F6A-8B26-8E5CC064DF99} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {D982D69C-2096-44A1-955E-83F8C5730E47} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-22] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\sw\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-extensions
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-02-22 04:13 - 2015-10-06 17:56 - 00279608 _____ () C:\Program Files\Bitdefender\Endpoint Security\zlib.dll
2017-02-22 04:13 - 2017-02-22 04:09 - 00280576 _____ () C:\Program Files\Bitdefender\Endpoint Security\txmlutil.dll
2017-02-22 04:13 - 2016-12-07 21:05 - 00167400 _____ () C:\Program Files\Bitdefender\Endpoint Security\bdfwcore.dll
2017-02-22 04:28 - 2017-02-22 04:28 - 01008448 _____ () C:\Program Files\Bitdefender\Endpoint Security\Signatures\WFEngines\wfengines_01725_001\ashttpbr.mdl
2017-02-22 04:28 - 2017-02-22 04:28 - 00541952 _____ () C:\Program Files\Bitdefender\Endpoint Security\Signatures\WFEngines\wfengines_01725_001\ashttpdsp.mdl
2017-02-22 04:28 - 2017-02-22 04:28 - 03654344 _____ () C:\Program Files\Bitdefender\Endpoint Security\Signatures\WFEngines\wfengines_01725_001\ashttpf.mdl
2017-02-22 04:28 - 2017-02-22 04:28 - 01544568 _____ () C:\Program Files\Bitdefender\Endpoint Security\Signatures\WFEngines\wfengines_01725_001\ashttprbl.mdl
2017-02-22 04:28 - 2017-02-22 04:28 - 01008448 _____ () C:\Program Files\Bitdefender\Endpoint Security\Signatures\OTEngines\otengines_02439_001\ashttpbr.mdl
2017-02-22 04:28 - 2017-02-22 04:28 - 00541952 _____ () C:\Program Files\Bitdefender\Endpoint Security\Signatures\OTEngines\otengines_02439_001\ashttpdsp.mdl
2017-02-22 04:28 - 2017-02-22 04:28 - 03243920 _____ () C:\Program Files\Bitdefender\Endpoint Security\Signatures\OTEngines\otengines_02439_001\ashttpph.mdl
2017-02-22 04:28 - 2017-02-22 04:28 - 01544568 _____ () C:\Program Files\Bitdefender\Endpoint Security\Signatures\OTEngines\otengines_02439_001\ashttprbl.mdl
2016-10-19 17:25 - 2016-10-19 17:25 - 00234336 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\http.plg
2016-10-19 17:25 - 2016-10-19 17:25 - 00141432 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ip.plg
2016-10-19 17:25 - 2016-10-19 17:25 - 00120080 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ipv6.plg
2016-10-19 17:25 - 2016-10-19 17:25 - 00077432 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\portmap.plg
2016-10-19 17:25 - 2016-10-19 17:25 - 00165736 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\tcp.plg
2016-10-19 17:25 - 2016-10-19 17:25 - 00149168 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\udp.plg
2016-12-16 12:54 - 2016-08-09 11:59 - 00764536 _____ () C:\Program Files (x86)\ZohoMeeting\ZohoMeeting.exe
2017-04-12 10:46 - 2017-04-12 11:57 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2012-03-28 11:47 - 2015-06-01 22:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-04-12 13:36 - 2017-03-29 09:47 - 02885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-12 13:36 - 2017-03-29 09:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Administrator\Downloads\JRT.exe:BDU [0]
AlternateDataStreams: C:\Users\sd\Downloads\adwcleaner_6.044.exe:BDU [0]
AlternateDataStreams: C:\Users\sd\Downloads\hitmanpro_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\sd\Downloads\NPE.exe:BDU [0]
AlternateDataStreams: C:\Users\sd\Downloads\OperaSetup.exe:BDU [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService => ""="service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2017-04-12 15:40 - 00000832 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-51511275-729317264-2496444198-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sd\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-51511275-729317264-2496444198-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\sw\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-51511275-729317264-2496444198-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.4.28.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Net Driver HPZ12 => 2
MSCONFIG\Services: Pml Driver HPZ12 => 2
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: HP LaserJet 500 color MFP M570 Series Fax => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe "HP LaserJet 500 color MFP M570 Series Fax"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Sophos UI.exe => "C:\Program Files\Sophos\Sophos UI\Sophos UI.exe" /hidden
MSCONFIG\startupreg: StatusAlerts => "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: ZAM => "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{C3AADE66-2213-48B5-B89B-A29667388BBC}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{A5FACCF0-CE84-47F4-8693-C1C519C7A9AF}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{1FCA194A-4E17-4905-8E02-BAED6D71C1DA}] => (Allow) C:\Program Files\Opera\44.0.2510.1218\opera.exe
 
==================== Restore Points =========================
 
03-04-2017 14:37:39 Scheduled Checkpoint
11-04-2017 09:45:12 Scheduled Checkpoint
12-04-2017 15:31:05 JRT Pre-Junkware Removal
13-04-2017 11:01:18 Windows Modules Installer
13-04-2017 11:06:33 Windows Modules Installer
13-04-2017 13:06:26 Windows Update
13-04-2017 14:41:42 zoek.exe restore point
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/13/2017 02:41:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service Google Software Updater since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/13/2017 01:06:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service Google Software Updater since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/13/2017 09:40:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/12/2017 05:18:32 PM) (Source: HitmanPro.Alert) (EventID: 911) (User: )
Description: Mitigation   Lockdown
 
Platform     6.1.7601/x64 v583 06_2a
PID          6916
Application  C:\Program Files\Opera\44.0.2510.857\installer.exe
Description  Opera Installer 44
 
Win32_Process.Create()
 
Process Trace
1  C:\Program Files\Opera\44.0.2510.857\installer.exe [6916]
"C:\Program Files\Opera\44.0.2510.857\installer.exe" --backend --uninstall --deleteuserprofile=1 --server-tracking-data=server_tracking_data --initial-pid=4860 --crash-reporter-pid=1036 --initial-proc-handle=B802000000000000
2  C:\Program Files\Opera\44.0.2510.857\installer.exe [4860]
"C:\Program Files\Opera\44.0.2510.857\installer.exe" /uninstall
3  C:\Program Files\Opera\launcher.exe [5960]
"C:\Program Files\Opera\Launcher.exe" /uninstall
4  C:\Windows\SysWOW64\dllhost.exe [3356]
C:\Windows\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}
5  C:\Windows\System32\svchost.exe [940]
C:\Windows\system32\svchost.exe -k DcomLaunch
 
Error: (04/12/2017 05:06:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/12/2017 05:06:04 PM) (Source: Sophos Management Communications System) (EventID: 8001) (User: )
Description: The Sophos Management Communications System client service has received an HTTP status 503 from the server. This might indicate that action is necessary.
 
Error: (04/12/2017 05:04:47 PM) (Source: Sophos Management Communications System) (EventID: 8001) (User: )
Description: The Sophos Management Communications System client service has received an HTTP status 503 from the server. This might indicate that action is necessary.
 
Error: (04/12/2017 05:04:46 PM) (Source: Sophos Management Communications System) (EventID: 8001) (User: )
Description: The Sophos Management Communications System client service has received an HTTP status 503 from the server. This might indicate that action is necessary.
 
Error: (04/12/2017 04:58:10 PM) (Source: Sophos Management Communications System) (EventID: 8001) (User: )
Description: The Sophos Management Communications System client service has received an HTTP status 503 from the server. This might indicate that action is necessary.
 
Error: (04/12/2017 04:56:44 PM) (Source: Sophos Management Communications System) (EventID: 8001) (User: )
Description: The Sophos Management Communications System client service has received an HTTP status 503 from the server. This might indicate that action is necessary.
 
 
System errors:
=============
Error: (04/13/2017 11:33:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (04/13/2017 11:32:29 AM) (Source: DCOM) (EventID: 10016) (User: *)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 and APPID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user *\sw SID (S-1-5-21-51511275-729317264-2496444198-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/13/2017 11:32:05 AM) (Source: DCOM) (EventID: 10016) (User: *)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 and APPID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user *\sw SID (S-1-5-21-51511275-729317264-2496444198-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/13/2017 11:32:03 AM) (Source: DCOM) (EventID: 10016) (User: *)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 and APPID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user *\sw SID (S-1-5-21-51511275-729317264-2496444198-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/13/2017 11:31:47 AM) (Source: DCOM) (EventID: 10016) (User: *)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 and APPID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user *\sw SID (S-1-5-21-51511275-729317264-2496444198-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/13/2017 11:30:01 AM) (Source: DCOM) (EventID: 10016) (User: *)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 and APPID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user *\sw SID (S-1-5-21-51511275-729317264-2496444198-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/13/2017 11:29:55 AM) (Source: DCOM) (EventID: 10016) (User: *)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 and APPID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user *\sw SID (S-1-5-21-51511275-729317264-2496444198-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/13/2017 11:29:54 AM) (Source: DCOM) (EventID: 10016) (User: *)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 and APPID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user *\sw SID (S-1-5-21-51511275-729317264-2496444198-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/13/2017 11:29:09 AM) (Source: DCOM) (EventID: 10016) (User: *)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 and APPID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user *\sw SID (S-1-5-21-51511275-729317264-2496444198-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/13/2017 11:29:01 AM) (Source: DCOM) (EventID: 10016) (User: *)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 and APPID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user *\sw SID (S-1-5-21-51511275-729317264-2496444198-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-04-12 15:16:13.051
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-04-12 15:16:13.019
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-09 12:59:24.781
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-09 12:37:41.238
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-09 12:19:03.365
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-09 12:09:25.735
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-09 00:06:27.968
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-06 17:01:20.283
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-04 14:43:28.647
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-03 23:03:44.691
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G630 @ 2.70GHz
Percentage of memory in use: 67%
Total physical RAM: 6023.85 MB
Available physical RAM: 1946.11 MB
Total Virtual: 12045.88 MB
Available Virtual: 8875.56 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.66 GB) (Free:174.32 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 71765B60)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:25 PM

Posted 14 April 2017 - 09:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-51511275-729317264-2496444198-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-51511275-729317264-2496444198-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File
BHO-x32: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-51511275-729317264-2496444198-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-51511275-729317264-2496444198-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S4 LMIRfsClientNP; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys 
AlternateDataStreams: C:\Users\Administrator\Downloads\JRT.exe:BDU [0]
AlternateDataStreams: C:\Users\sd\Downloads\adwcleaner_6.044.exe:BDU [0]
AlternateDataStreams: C:\Users\sd\Downloads\hitmanpro_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\sd\Downloads\NPE.exe:BDU [0]
AlternateDataStreams: C:\Users\sd\Downloads\OperaSetup.exe:BDU

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE, then Open it.

Please post the Fixldog.txt and let me know what problem persists.

#3 rRaiseRr

rRaiseRr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 15 April 2017 - 03:36 PM

thank you, i cannot get on the PC until tuesday, will update then



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:25 PM

Posted 21 April 2017 - 07:51 AM

Are you still with me?

#5 rRaiseRr

rRaiseRr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 21 April 2017 - 07:53 AM

nasdaq, i have run this on the PC but have been unable to connect to it since then - need to get reconnected and will update once i can



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:25 PM

Posted 21 April 2017 - 08:39 AM

Try this. Let me know if it helps.


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixldog.txt and let me know what problem persists.

#7 rRaiseRr

rRaiseRr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 24 April 2017 - 09:45 AM

Sorry, wires must have crossed! 

 

I mean i cannot get connected as it is remote and the guy there needs to get me connected but he is away until tomorrow,

 

thanks for your patience on this one!



#8 rRaiseRr

rRaiseRr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 27 April 2017 - 03:27 AM

Nasdaq, finally heard back from them, they report it as being fine now - Thank you for your time and patience :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users