Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've tried 4 times to remove some malware, need help


  • This topic is locked This topic is locked
55 replies to this topic

#1 chriffan

chriffan

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 02 May 2017 - 06:22 AM

I was able to remove some stuff alone, but a few entries keep returning. My computer isn't slow any longer but noticed the same search scope, an Alternate Data Stream and dll's with no files associated reappearing every time. My system restore has been disabled, system crashes on shutdown, and I need to update my firmware, just waiting till the issues are resolved first.

 

Here are the FRST scans:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-05-2017
Ran by admin 01 (administrator) on DELL-PC (02-05-2017 06:42:17)
Running from C:\Users\Steve\Downloads
Loaded Profiles: admin 01 & Steve (Available Profiles: admin 01 & Steve)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Foolish IT LLC) C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-02] (UltimateOutsider)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1046488 2017-03-16] (DivX, LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946656 2017-04-07] (SUPERAntiSpyware)
HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\Run: [DellSystemDetect] => C:\Users\admin 01\AppData\Local\Apps\2.0\Q0C5R2QR.XRA\G46JO22C.HVE\dell..tion_831211ca63b981c5_0008.0004_3d463ceeb98aa2c1\DellSystemDetect.exe [313264 2017-04-21] (Dell)
HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{0EFCFF68-24F7-49E7-8C23-5D8C3CFD651B}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-20] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-20] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: p5xrxrcp.default
FF ProfilePath: C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default [2017-04-26]
FF Extension: (Adguard AdBlocker) - C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default\Extensions\adguardadblocker@adguard.com.xpi [2017-04-04]
FF Extension: (YouTube Plus) - C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default\Extensions\particle@particlecore.github.io.xpi [2017-04-04]
FF Extension: (Save File to) - C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default\Extensions\savefileto@mozdev.org.xpi [2017-04-04]
FF Extension: (uBlock Origin) - C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default\Extensions\uBlock0@raymondhill.net.xpi [2017-04-04]
FF Extension: (FlashGot) - C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2017-04-04]
FF Extension: (Bluhell Firewall) - C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2017-04-04]
FF Extension: (NoScript) - C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-04-04]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-04-04]
FF Extension: (Adblock Plus) - C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-04-04]
FF Extension: (Disable TLS Certificate Transparency) - C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default\features\{bddbd687-cb69-4ae7-aac5-63dbe6cb620b}\disable-cert-transparency@mozilla.org.xpi [2017-04-20]
FF Extension: (Disable Prefetch) - C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default\features\{bddbd687-cb69-4ae7-aac5-63dbe6cb620b}\disable-prefetch@mozilla.org.xpi [2017-04-20]
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2017-03-16] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-20] (Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-11] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [8147528 2017-04-24] (Emsisoft Ltd)
R3 CryptoPreventEmail; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [688792 2017-04-11] (Foolish IT LLC)
R3 CryptoPreventFolderWatch; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [688792 2017-04-11] (Foolish IT LLC)
R2 CryptoPreventMonSvc; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [688792 2017-04-11] (Foolish IT LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-02 06:12 - 2017-05-02 06:12 - 00000000 ____D C:\Users\Steve\AppData\Local\CrashDumps
017-04-25 10:09 - 2017-04-25 10:12 - 04089296 _____ C:\Users\Steve\Desktop\AdwCleaner.exe
2017-04-25 09:10 - 2017-04-25 09:10 - 00058016 _____ C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-24 06:04 - 2017-04-24 06:04 - 00024448 _____ C:\Users\Steve\Downloads\Addition 04-24-17 -6am.txt
2017-04-24 06:00 - 2017-04-24 06:00 - 00050367 _____ C:\Users\Steve\Downloads\FRST 04-24-17 -6am.txt
2017-04-24 05:48 - 2017-05-02 06:32 - 00025306 _____ C:\Users\Steve\Downloads\Addition.txt
2017-04-24 05:46 - 2017-05-02 06:42 - 00010008 _____ C:\Users\Steve\Downloads\FRST.txt
2017-04-24 05:42 - 2017-04-25 09:41 - 00003946 _____ C:\Users\admin 01\Desktop\Rkill.txt
2017-04-23 20:05 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2017-04-23 20:05 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2017-04-23 20:05 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-04-23 20:05 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-04-23 20:05 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2017-04-23 20:05 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2017-04-23 20:05 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-04-23 20:05 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2017-04-23 20:05 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2017-04-23 20:05 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2017-04-23 20:05 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2017-04-23 20:05 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2017-04-23 20:05 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2017-04-23 20:05 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2017-04-23 20:05 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2017-04-23 20:05 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2017-04-23 20:05 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2017-04-23 20:05 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2017-04-23 20:05 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2017-04-23 20:05 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2017-04-23 20:05 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2017-04-23 20:05 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2017-04-23 20:05 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2017-04-23 20:05 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2017-04-23 20:05 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2017-04-23 20:05 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2017-04-23 20:05 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2017-04-23 20:05 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2017-04-23 20:05 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2017-04-23 20:05 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2017-04-23 20:05 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2017-04-23 20:05 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2017-04-23 20:05 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2017-04-23 20:05 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2017-04-23 20:05 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2017-04-23 20:05 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2017-04-23 20:05 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2017-04-23 20:05 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2017-04-23 20:05 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2017-04-23 20:05 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2017-04-23 20:05 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2017-04-23 20:05 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2017-04-23 20:05 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2017-04-23 20:05 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2017-04-23 20:04 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2017-04-23 20:04 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2017-04-23 20:04 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2017-04-23 20:04 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2017-04-23 20:04 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2017-04-23 20:04 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2017-04-23 20:04 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2017-04-23 20:04 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2017-04-23 20:04 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2017-04-23 20:04 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2017-04-23 20:04 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2017-04-23 20:04 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2017-04-23 20:04 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2017-04-23 20:04 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2017-04-23 20:04 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2017-04-23 20:04 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2017-04-23 20:04 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2017-04-23 20:04 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2017-04-23 20:04 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2017-04-23 20:04 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2017-04-23 20:04 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2017-04-23 20:04 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2017-04-23 20:04 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2017-04-23 20:04 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2017-04-23 20:04 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2017-04-23 20:04 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2017-04-23 20:04 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2017-04-23 20:04 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2017-04-23 20:04 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2017-04-23 20:04 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2017-04-23 20:04 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2017-04-23 20:04 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2017-04-23 20:04 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2017-04-23 20:04 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2017-04-23 20:04 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2017-04-23 20:04 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2017-04-23 20:04 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2017-04-23 20:04 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2017-04-23 20:04 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2017-04-23 20:04 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2017-04-23 20:04 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2017-04-23 20:04 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2017-04-23 20:04 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2017-04-23 20:04 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2017-04-23 20:04 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2017-04-23 20:04 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2017-04-23 20:04 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2017-04-23 20:04 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2017-04-23 20:04 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2017-04-23 20:04 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2017-04-23 20:04 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2017-04-23 20:04 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2017-04-23 20:04 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2017-04-23 20:04 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2017-04-23 20:04 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2017-04-23 20:04 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2017-04-23 20:04 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2017-04-23 20:04 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2017-04-23 20:04 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2017-04-23 20:04 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2017-04-23 20:04 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2017-04-23 20:04 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2017-04-23 20:04 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2017-04-23 20:04 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2017-04-23 20:04 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2017-04-23 20:04 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2017-04-23 20:04 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2017-04-23 20:04 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2017-04-23 20:04 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2017-04-23 20:04 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2017-04-23 20:04 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2017-04-23 20:04 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2017-04-23 20:04 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2017-04-23 20:04 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2017-04-23 20:04 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2017-04-23 20:04 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2017-04-23 20:04 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2017-04-23 20:04 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2017-04-23 20:04 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2017-04-23 20:04 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2017-04-23 20:04 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2017-04-23 20:04 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2017-04-23 20:04 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2017-04-23 20:04 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2017-04-23 20:04 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2017-04-23 20:04 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2017-04-23 20:04 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2017-04-23 20:04 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2017-04-23 20:04 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2017-04-23 20:04 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2017-04-23 20:04 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2017-04-23 20:04 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2017-04-23 20:04 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2017-04-23 20:04 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2017-04-23 20:04 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2017-04-23 20:04 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2017-04-23 20:04 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2017-04-23 20:04 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2017-04-23 20:03 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2017-04-23 20:03 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2017-04-23 20:03 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2017-04-23 20:03 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2017-04-23 20:03 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2017-04-23 20:03 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2017-04-23 20:03 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2017-04-23 20:03 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2017-04-23 20:03 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2017-04-23 20:03 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2017-04-23 20:03 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2017-04-23 20:03 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2017-04-23 20:03 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2017-04-23 20:03 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2017-04-23 20:03 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2017-04-23 20:03 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2017-04-23 20:03 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2017-04-23 20:03 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2017-04-23 20:03 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2017-04-23 20:03 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2017-04-23 20:03 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2017-04-23 20:03 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2017-04-23 20:03 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2017-04-23 20:03 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2017-04-23 20:03 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2017-04-23 20:03 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2017-04-23 19:55 - 2017-04-23 20:05 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-04-23 19:53 - 2017-04-23 19:54 - 00292184 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\dxwebsetup.exe
2017-04-23 02:21 - 2017-04-23 02:21 - 00001889 _____ C:\Users\admin 01\Desktop\JRT.txt
2017-04-23 02:00 - 2017-04-23 02:00 - 00002698 _____ C:\Users\admin 01\Downloads\fixlist.txt
2017-04-22 21:59 - 2017-04-22 22:01 - 00030593 _____ C:\Users\Steve\Downloads\Addition 04-23-17.txt
2017-04-22 21:56 - 2017-04-22 22:01 - 00053479 _____ C:\Users\Steve\Downloads\FRST 04-23-17.txt
2017-04-22 14:20 - 2017-04-22 14:20 - 00000298 _____ C:\Users\admin 01\Documents\eset scan 04-22-17.txt
2017-04-22 08:47 - 2017-04-23 02:08 - 00000000 ____D C:\Users\admin 01\AppData\Local\ESET
2017-04-22 08:45 - 2017-04-22 08:46 - 06752896 _____ (ESET spol. s r.o.) C:\Users\Steve\Desktop\esetonlinescanner_enu.exe
2017-04-22 07:06 - 2017-04-22 07:06 - 00030974 _____ C:\Users\admin 01\Desktop\Addition 04-22-17 7am.txt
2017-04-22 07:05 - 2017-04-22 07:05 - 00053156 _____ C:\Users\admin 01\Desktop\FRST 04-22-17 7am.txt
2017-04-22 04:48 - 2017-04-22 04:50 - 00053156 _____ C:\Users\Steve\Downloads\FRST 04-22-2017.txt
2017-04-21 22:57 - 2017-04-30 06:38 - 00000000 ____D C:\Users\Steve\AppData\Roaming\MysteryTag
2017-04-21 19:46 - 2017-04-21 19:46 - 00051570 _____ C:\Users\admin 01\Desktop\FRST scan list 04-21-2017 -pm.txt
2017-04-21 19:46 - 2017-04-21 19:46 - 00028177 _____ C:\Users\admin 01\Desktop\Addition scan list 04-21-2017 -pm.txt
2017-04-21 19:40 - 2017-04-21 19:41 - 00028174 _____ C:\Users\admin 01\Desktop\Addition.txt
2017-04-21 19:39 - 2017-04-21 19:41 - 00051570 _____ C:\Users\admin 01\Desktop\FRST.txt
2017-04-21 19:39 - 2017-04-21 19:39 - 00000000 ____D C:\Users\admin 01\Desktop\FRST-OlderVersion
2017-04-21 16:19 - 2017-04-21 16:19 - 00000000 ____D C:\Users\admin 01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2017-04-21 16:18 - 2017-04-21 16:18 - 00013858 _____ C:\Users\admin 01\Downloads\DellSystemDetectLauncher.Application
2017-04-21 04:00 - 2017-04-21 16:27 - 00000000 ____D C:\Users\admin 01\AppData\Local\Deployment
2017-04-21 04:00 - 2017-04-21 04:00 - 00000000 ____D C:\Users\admin 01\AppData\Local\Apps\2.0
2017-04-21 01:49 - 2017-04-21 01:51 - 00201794 _____ C:\TDSSKiller.3.1.0.12_21.04.2017_01.49.14_log.txt
2017-04-21 01:49 - 2017-04-21 01:49 - 00000000 ____D C:\Users\admin 01\AppData\Roaming\ZAM
2017-04-21 00:58 - 2017-04-22 04:44 - 00030971 _____ C:\Users\Steve\Downloads\Addition 04-22-2017 -4am.txt
2017-04-20 18:23 - 2017-04-20 18:24 - 00011740 _____ C:\TDSSKiller.3.1.0.12_20.04.2017_18.23.55_log.txt
2017-04-20 15:04 - 2017-04-20 15:04 - 00003607 _____ C:\Users\Steve\Downloads\FSS.txt
2017-04-20 15:03 - 2017-04-20 15:03 - 00899584 _____ (Farbar) C:\Users\Steve\Downloads\FSS.exe
2017-04-20 13:43 - 2017-04-20 13:43 - 00012288 _____ C:\Users\Steve\{4F1595E9-393D-4B36-B7DF-83AC3A9F0544}
2017-04-20 13:07 - 2017-04-25 07:40 - 00942932 _____ C:\Windows\ntbtlog.txt
2017-04-20 13:03 - 2017-04-20 13:03 - 01663672 _____ (Malwarebytes) C:\Users\admin 01\Downloads\JRT.exe
2017-04-20 13:01 - 2017-04-21 19:39 - 02424832 _____ (Farbar) C:\Users\admin 01\Desktop\FRST64.exe
2017-04-20 13:00 - 2017-04-20 13:00 - 00899584 _____ (Farbar) C:\Users\admin 01\Desktop\FSS.exe
2017-04-20 11:53 - 2017-04-20 11:53 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DELL-PC-Windows-7-Professional-(64-bit).dat
2017-04-20 11:53 - 2017-04-20 11:53 - 00000000 ____D C:\RegBackup
2017-04-20 11:40 - 2017-04-20 11:40 - 00012288 _____ C:\Users\Steve\{1A89B142-10B6-42E7-9453-20D3E7C3B4BC}
2017-04-20 05:17 - 2017-04-20 05:17 - 00014628 _____ C:\Users\admin 01\Desktop\tweaking- Win Repair - Found Reparse Points.txt
2017-04-20 05:07 - 2017-04-20 05:07 - 00012288 _____ C:\Users\admin 01\{A3C7DC76-9755-497E-BD26-622AEEBC5744}
2017-04-20 04:33 - 2017-04-20 04:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-20 04:33 - 2017-04-20 04:32 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-04-20 04:31 - 2017-04-20 04:31 - 00000000 ____D C:\Program Files (x86)\Java
2017-04-20 04:23 - 2017-04-20 04:28 - 00000000 ____D C:\Windows\system32\appmgmt
2017-04-20 04:20 - 2017-04-30 15:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-20 01:54 - 2017-04-21 00:59 - 00043933 _____ C:\Users\Steve\Downloads\Shortcut.txt
2017-04-19 18:48 - 2017-04-19 18:48 - 00662200 _____ C:\Users\Steve\Downloads\Fixlog 04-19-17.txt
2017-04-16 22:08 - 2017-04-30 06:25 - 00000000 ____D C:\Games
2017-04-13 17:14 - 2017-04-13 17:14 - 00000000 ____D C:\ProgramData\Sophos
2017-04-13 17:13 - 2017-04-13 17:13 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-04-13 17:13 - 2017-04-13 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-04-13 17:13 - 2017-04-13 17:13 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-04-10 01:44 - 2017-04-25 04:49 - 00001523 _____ C:\Users\Steve\Downloads\Fixlog.txt
2017-04-10 01:28 - 2017-04-10 01:29 - 164963416 _____ (Sophos Limited) C:\Users\Steve\Desktop\Sophos Virus Removal Tool.exe
2017-04-08 23:29 - 2017-04-08 23:45 - 00001704 _____ C:\Users\Steve\Desktop\mbam.exe - Shortcut.lnk
2017-04-08 22:57 - 2015-06-06 19:13 - 00961192 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00062304 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00883712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00064352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-08 22:20 - 2017-04-08 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-04-08 22:07 - 2017-04-08 22:08 - 32824320 _____ (Tweaking.com) C:\Users\admin 01\Downloads\tweaking.com_windows_repair_aio_setup.exe
2017-04-08 06:38 - 2017-04-08 06:38 - 00001616 _____ C:\Users\Steve\Desktop\PotPlayerMini.exe - Shortcut.lnk
2017-04-08 06:38 - 2017-04-08 06:38 - 00000000 ____D C:\Users\Steve\AppData\Roaming\PotPlayerMini
2017-04-08 06:23 - 2017-04-08 06:23 - 00000000 ____D C:\Users\admin 01\AppData\Roaming\PotPlayerMini
2017-04-08 06:13 - 2017-04-08 06:13 - 00001169 _____ C:\Users\admin 01\Desktop\PotPlayer.lnk
2017-04-08 06:13 - 2017-04-08 06:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2017-04-08 06:13 - 2017-04-08 06:13 - 00000000 ____D C:\Program Files (x86)\DAUM
2017-04-06 00:39 - 2017-04-06 00:41 - 00003025 _____ C:\Users\Steve\Downloads\Fixlog 04-06.txt
2017-04-05 19:49 - 2017-04-05 19:49 - 00000017 _____ C:\Users\Steve\AppData\Local\resmon.resmoncfg
2017-04-05 13:02 - 2017-04-20 03:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-04-05 13:01 - 2017-04-20 03:34 - 00000000 ____D C:\Users\admin 01\Desktop\mbar
2017-04-05 12:22 - 2017-04-05 12:22 - 21048104 _____ (Kakao) C:\Users\Steve\Downloads\PotPlayerSetup.exe
2017-04-05 12:19 - 2017-04-05 12:19 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Steve\Downloads\mbar-1.09.3.1001.exe
2017-04-04 21:39 - 2017-04-04 21:39 - 00000000 ____D C:\Program Files (x86)\ffdlls
2017-04-04 16:20 - 2017-04-04 16:21 - 00012436 _____ C:\TDSSKiller.3.1.0.12_04.04.2017_16.20.57_log.txt
2017-04-04 07:27 - 2017-04-04 07:29 - 00554940 _____ C:\TDSSKiller.3.1.0.12_04.04.2017_07.27.38_log.txt
2017-04-04 07:24 - 2017-04-04 07:24 - 00012602 _____ C:\TDSSKiller.3.1.0.12_04.04.2017_07.24.28_log.txt
2017-04-04 05:32 - 2017-04-04 05:32 - 00001987 _____ C:\config.ini
2017-04-04 05:32 - 2017-04-04 05:32 - 00000000 ____D C:\Quarantine
2017-04-04 05:12 - 2017-04-04 05:12 - 04089296 _____ C:\Users\admin 01\Downloads\adwcleaner_6.045.exe
2017-04-02 13:07 - 2017-04-02 13:09 - 07097928 _____ (VS Revo Group ) C:\Users\Steve\Downloads\revosetup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-02 06:42 - 2016-11-26 04:43 - 00000000 ____D C:\FRST
2017-05-02 06:41 - 2016-12-03 16:57 - 00000000 ____D C:\Users\Steve\Desktop\tool logs
2017-05-02 06:29 - 2016-12-03 00:09 - 00000000 ____D C:\Users\Steve\Downloads\FRST-OlderVersion
2017-05-02 06:29 - 2016-11-25 18:24 - 02428416 _____ (Farbar) C:\Users\Steve\Downloads\FRST64.exe
2017-05-02 06:04 - 2009-07-14 00:45 - 00021696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-02 06:04 - 2009-07-14 00:45 - 00021696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-02 06:03 - 2009-07-14 01:13 - 00778180 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-02 06:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-05-02 06:00 - 2017-03-04 04:08 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-05-02 05:59 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-02 05:38 - 2016-11-24 00:02 - 00000000 ____D C:\Users\Steve\AppData\Roaming\vlc
2017-05-02 05:12 - 2016-11-23 08:01 - 00000000 ____D C:\Users\Steve\AppData\LocalLow\Mozilla
2017-04-30 15:27 - 2016-12-01 15:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-29 21:10 - 2016-11-26 17:56 - 00000000 ____D C:\ProgramData\TEMP
2017-04-29 21:08 - 2016-11-26 17:56 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2017-04-29 11:21 - 2009-07-14 01:08 - 00032614 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-27 00:01 - 2016-12-07 01:46 - 00000000 ____D C:\Windows\Minidump
2017-04-26 10:59 - 2016-11-22 00:23 - 00058016 _____ C:\Users\admin 01\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-26 00:15 - 2017-02-17 19:43 - 00025442 _____ C:\Users\Steve\Downloads\MTB.txt
2017-04-25 10:42 - 2016-11-25 05:06 - 00000000 ____D C:\AdwCleaner
2017-04-25 09:05 - 2009-07-14 00:45 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-25 09:04 - 2016-11-18 16:14 - 00000000 ____D C:\Windows\CSC
2017-04-25 08:58 - 2009-07-13 22:34 - 00000439 _____ C:\Windows\win.ini
2017-04-25 08:56 - 2016-11-22 19:08 - 00778180 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-04-25 08:22 - 2016-11-21 22:38 - 00000000 ____D C:\Users\admin 01
2017-04-24 13:50 - 2009-07-13 22:34 - 00002031 _____ C:\Windows\system32\Drivers\etc\hosts_bak_992
2017-04-23 02:21 - 2017-03-28 09:48 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-04-23 01:56 - 2017-01-18 08:36 - 00000000 ____D C:\Users\admin 01\Desktop\scan logs
2017-04-22 05:28 - 2016-11-23 04:03 - 00000000 ____D C:\Users\admin 01\AppData\Local\ElevatedDiagnostics
2017-04-22 04:46 - 2017-04-01 01:26 - 00000000 ____D C:\Users\Steve\AppData\Local\Deployment
2017-04-21 19:39 - 2016-11-23 16:57 - 00000000 ____D C:\Users\admin 01\AppData\LocalLow\Mozilla
2017-04-21 17:14 - 2017-04-01 04:44 - 00000000 ____D C:\ProgramData\Dell
2017-04-21 17:01 - 2016-11-22 19:09 - 00000000 ____D C:\Program Files\Intel
2017-04-21 17:01 - 2016-11-22 19:06 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-21 02:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-04-20 13:43 - 2016-11-23 04:08 - 00000000 ____D C:\Users\Steve
2017-04-20 13:20 - 2009-07-13 22:34 - 00002851 _____ C:\Windows\system32\Drivers\etc\hosts_bak_338
2017-04-20 12:10 - 2010-11-21 03:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-04-20 11:39 - 2009-07-13 22:34 - 00004929 _____ C:\Windows\system32\Drivers\etc\hosts_bak_9
2017-04-20 04:34 - 2016-11-23 18:41 - 00000000 ____D C:\ProgramData\Oracle
2017-04-20 03:49 - 2017-03-28 09:47 - 00000865 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-04-20 03:49 - 2017-03-28 09:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-04-20 03:49 - 2017-03-28 09:47 - 00000000 ____D C:\Program Files\RogueKiller
2017-04-20 03:24 - 2016-11-25 04:54 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-20 03:24 - 2016-11-25 04:54 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-04-16 05:18 - 2016-11-29 18:04 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Audacity
2017-04-11 15:09 - 2017-01-08 18:22 - 00000000 ____D C:\Program Files\Movie Maker
2017-04-08 22:59 - 2016-12-03 01:16 - 00001623 _____ C:\Users\admin 01\Desktop\DivX Movies.lnk
2017-04-08 22:59 - 2016-12-03 01:14 - 00000000 ____D C:\Program Files (x86)\DivX
2017-04-08 22:59 - 2016-12-03 01:11 - 00000000 ____D C:\ProgramData\DivX
2017-04-08 22:58 - 2016-12-03 01:16 - 00003652 _____ C:\Windows\System32\Tasks\DivXUpdate
2017-04-08 22:58 - 2016-12-03 01:16 - 00001098 _____ C:\Users\Public\Desktop\DivX Converter.lnk
2017-04-08 22:58 - 2016-12-03 01:16 - 00001073 _____ C:\Users\Public\Desktop\DivX Player.lnk
2017-04-08 22:58 - 2016-12-03 01:15 - 00000000 ____D C:\Users\admin 01\AppData\Roaming\DivX
2017-04-08 22:58 - 2016-12-03 01:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2017-04-08 22:20 - 2016-11-26 18:07 - 00003658 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2017-04-08 22:20 - 2016-11-26 18:07 - 00002170 _____ C:\Users\admin 01\Desktop\Tweaking.com - Windows Repair.lnk
2017-04-08 00:57 - 2016-11-26 17:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-04-04 16:30 - 2016-12-01 15:24 - 00001158 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-04-04 16:30 - 2016-11-23 08:01 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-04 07:19 - 2017-03-26 14:53 - 00666693 _____ C:\Users\Steve\Downloads\Fixlog 04-04-17.txt
2017-04-03 13:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-24 14:03

==================== End of FRST.txt ============================

 

The Additional scan:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-05-2017
Ran by admin 01 (02-05-2017 06:44:29)
Running from C:\Users\Steve\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-11-22 02:38:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin 01 (S-1-5-21-2391963144-3888246503-2386156485-1000 - Administrator - Enabled) => C:\Users\admin 01
Administrator (S-1-5-21-2391963144-3888246503-2386156485-500 - Administrator - Disabled)
Guest (S-1-5-21-2391963144-3888246503-2386156485-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2391963144-3888246503-2386156485-1002 - Limited - Enabled)
Steve (S-1-5-21-2391963144-3888246503-2386156485-1003 - Limited - Enabled) => C:\Users\Steve

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Disabled - Up to date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
AS: Emsisoft Anti-Malware (Disabled - Up to date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAC ACM Codec 1.9 (HKLM-x32\...\AACACM) (Version: 1.9 - fccHandler)
AAC ACM Codec x64 1.9 (HKLM\...\AACACM) (Version: 1.9 - fccHandler)
AC-3 ACM Codec x64 2.2 (HKLM\...\AC3ACM) (Version: 2.2 - fccHandler)
ATI Catalyst Install Manager (HKLM\...\{27DBADDC-5CE7-6A3F-C68F-C84CB921ED50}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: 8.0.3.4 - Foolish IT LLC)
Dell System Detect (HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\d24084d039586cae) (Version: 8.4.0.5 - Dell)
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.230 - DivX, LLC)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 12.0 - Emsisoft Ltd.)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
FastStone Image Viewer 6.1 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.1 - FastStone Soft)
ffdshow v1.3.4531 [2014-06-28] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4531.0 - )
FlashBack Express 5 (HKLM-x32\...\FlashBack Express 5) (Version: 5.22.0.4178 - Blueberry)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
Hope Lake (HKLM-x32\...\Hope Lake1.0) (Version: 1.0 - Digital Download)
Intel® Network Connections 21.1.30.0 (HKLM\...\PROSetDX) (Version: 21.1.30.0 - Intel)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Lame ACM MP3 Codec (HKLM\...\LameACM) (Version:  - )
Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Medford Asylum Paranormal Case (HKLM-x32\...\Medford Asylum Paranormal Case1.0) (Version: 1.0 - Digital Download)
MediaInfo 0.7.91 (HKLM\...\MediaInfo) (Version: 0.7.91 - MediaArea.net)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
Mozilla Firefox 53.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 en-US)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.0.6312 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 en-US)) (Version: 45.8.0 - Mozilla)
PotPlayer (HKLM-x32\...\PotPlayer) (Version:  - Kakao Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
RogueKiller version 12.10.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.5.0 - Adlice Software)
ShaderTFX version 1.1 (HKLM\...\ShaderTFX_is1) (Version:  - )
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.6 - Safer-Networking Ltd.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1228 - SUPERAntiSpyware.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.27 - Tweaking.com)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1C967F7C-7C84-4309-8D6F-7A06C89DA11A} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [2017-03-07] (DivX, LLC)
Task: {29B8E347-353C-4DB5-ACB1-2CEB1557AD89} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {5658ADD1-9AB3-434F-911C-E05E8EF920D2} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe [2016-11-11] (Safer-Networking Ltd.)
Task: {CE334E87-24E3-42DE-81AE-4F26CB8F7214} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00627794.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\10193793.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\21582439.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\35204998.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70523341.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70871810.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\89598495.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.

IE trusted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2017-05-02 06:13 - 00002851 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost0.0.0.0    choice.microsoft.com
0.0.0.0    choice.microsoft.com.nstac.net
0.0.0.0    df.telemetry.microsoft.com
0.0.0.0    oca.telemetry.microsoft.com
0.0.0.0    oca.telemetry.microsoft.com.nsatc.net
0.0.0.0    redir.metaservices.microsoft.com
0.0.0.0    reports.wes.df.telemetry.microsoft.com
0.0.0.0    services.wes.df.telemetry.microsoft.com
0.0.0.0    settings-sandbox.data.microsoft.com
0.0.0.0    settings-win.data.microsoft.com
0.0.0.0    sqm.df.telemetry.microsoft.com
0.0.0.0    sqm.telemetry.microsoft.com
0.0.0.0    sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0    telecommand.telemetry.microsoft.com
0.0.0.0    telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0    telemetry.appex.bing.net
0.0.0.0    telemetry.microsoft.com
0.0.0.0    telemetry.urs.microsoft.com
0.0.0.0    vortex-sandbox.data.microsoft.com
0.0.0.0    vortex-win.data.microsoft.com
0.0.0.0    vortex.data.microsoft.com
0.0.0.0    watson.telemetry.microsoft.com
0.0.0.0    watson.telemetry.microsoft.com.nsatc.net
0.0.0.0    watson.ppe.telemetry.microsoft.com
0.0.0.0    wes.df.telemetry.microsoft.com
0.0.0.0    vortex-bn2.metron.live.com.nsatc.net
0.0.0.0    vortex-cy2.metron.live.com.nsatc.net
0.0.0.0    watson.live.com
0.0.0.0    watson.microsoft.com
0.0.0.0    feedback.search.microsoft.com

There are 11 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin 01\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{AD7882F8-B389-4773-867F-1B9750AC8D3D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1EE7F615-8481-46AD-A232-E0DB35737615}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

20-04-2017 04:20:50 Removed Java 8 Update 121
20-04-2017 04:24:18 Removed Java 8 Update 121
23-04-2017 02:01:43 Restore Point Created by FRST
23-04-2017 02:10:56 JRT Pre-Junkware Removal
23-04-2017 20:00:27 Installed DirectX
25-04-2017 04:45:45 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/02/2017 06:12:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SUPERAntiSpyware.exe, version: 6.0.0.1240, time stamp: 0x58e3ee59
Faulting module name: ntdll.dll, version: 6.1.7601.23677, time stamp: 0x589c99e1
Exception code: 0xc0000374
Fault offset: 0x00000000000bf3e2
Faulting process id: 0xd1c
Faulting application start time: 0x01d2c32b18cb31b8
Faulting application path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: cc42d29f-2f1f-11e7-b589-842b2bb5c785

Error: (04/28/2017 09:42:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PotPlayerMini.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c44

Start Time: 01d2c08983811646

Termination Time: 31

Application Path: C:\Program Files (x86)\DAUM\PotPlayer\PotPlayerMini.exe

Report Id: 1814ad91-2c7d-11e7-9e3e-842b2bb5c785

Error: (04/28/2017 01:09:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PotPlayerMini.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ce0

Start Time: 01d2bfdb73770b81

Termination Time: 47

Application Path: C:\Program Files (x86)\DAUM\PotPlayer\PotPlayerMini.exe

Report Id: e63398d6-2bd0-11e7-8373-842b2bb5c785

Error: (04/26/2017 08:14:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PotPlayerMini.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fe0

Start Time: 01d2be86000cb6f9

Termination Time: 32

Application Path: C:\Program Files (x86)\DAUM\PotPlayer\PotPlayerMini.exe

Report Id: f2225600-2a79-11e7-a768-842b2bb5c785

Error: (04/26/2017 03:20:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PotPlayerMini.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d4c

Start Time: 01d2be5c568b3a4e

Termination Time: 46

Application Path: C:\Program Files (x86)\DAUM\PotPlayer\PotPlayerMini.exe

Report Id: bd025bbd-2a50-11e7-98e3-842b2bb5c785

Error: (04/25/2017 11:16:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FSViewer.exe version 6.1.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f40

Start Time: 01d2bdd6d8757021

Termination Time: 31

Application Path: C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe

Report Id: 289bc942-29ca-11e7-9c3d-842b2bb5c785

Error: (04/25/2017 09:05:53 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (04/25/2017 09:05:53 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (04/25/2017 08:57:01 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL while recovering .MOF file marked with autorecover.

Error: (04/25/2017 08:56:46 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF while recovering .MOF file marked with autorecover.


System errors:
=============
Error: (05/02/2017 05:59:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Color System service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/02/2017 05:59:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Color System service to connect.

Error: (05/02/2017 05:59:21 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:38:00 AM on ‎5/‎2/‎2017 was unexpected.

Error: (05/02/2017 12:54:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Color System service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/02/2017 12:54:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Color System service to connect.

Error: (05/02/2017 12:53:57 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:10:24 PM on ‎5/‎1/‎2017 was unexpected.

Error: (05/01/2017 12:37:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Color System service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/01/2017 12:37:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Color System service to connect.

Error: (05/01/2017 12:36:40 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:07:04 PM on ‎5/‎1/‎2017 was unexpected.

Error: (05/01/2017 02:18:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Color System service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================
  Date: 2017-05-02 06:42:08.101
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-02 06:30:46.520
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-02 06:12:42.787
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-02 05:00:22.644
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-02 04:52:18.302
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-02 04:36:40.955
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-01 17:58:19.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-01 17:48:21.094
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-01 17:40:20.856
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-01 14:27:34.534
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 870 @ 2.93GHz
Percentage of memory in use: 20%
Total physical RAM: 8118.43 MB
Available physical RAM: 6482.63 MB
Total Virtual: 16236.85 MB
Available Virtual: 13437.35 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1859.09 GB) (Free:1513.66 GB) NTFS
Drive e: (Safari 2) (Fixed) (Total:931.41 GB) (Free:248.5 GB) NTFS
Drive f: (Mixed Content) (Fixed) (Total:1397.17 GB) (Free:79.23 GB) NTFS
Drive g: (Holiday  n Kids) (Fixed) (Total:465.66 GB) (Free:23.87 GB) NTFS
Drive h: (Music Videos) (Fixed) (Total:1862.92 GB) (Free:75.63 GB) NTFS
Drive m: (Mainstream Movies 1) (Fixed) (Total:1862.92 GB) (Free:4.56 GB) NTFS
Drive r: (Mainstream Movies 2) (Fixed) (Total:1862.98 GB) (Free:0.41 GB) NTFS
Drive s: (Mainstream Movies 4) (Fixed) (Total:3725.9 GB) (Free:1725.15 GB) NTFS
Drive t: (Mainstream Movies 3) (Fixed) (Total:2794.52 GB) (Free:4.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: AFEB22B4)
Partition 1: (Active) - (Size=3.9 GB) - (Type=27)
Partition 2: (Not Active) - (Size=1859.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 9BCBC3C7)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 8410C6AD)
Partition 1: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 3.

========================================================
Disk: 4 (Size: 1863 GB) (Disk ID: 7166786F)
Partition 1: (Active) - (Size=1862.9 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: F46F70FC)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 1863 GB) (Disk ID: 16F2A91F)

Partition: GPT.

========================================================
Disk: 7 (Size: 931.5 GB) (Disk ID: 32D7AEDC)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 8 (Size: 1397.3 GB) (Disk ID: 2B3A3EA6)
Partition 1: (Active) - (Size=1397.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

  Thank You

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:50 AM

Posted 02 May 2017 - 09:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
 
Please copy the entire contents of the code box below to a new file.
 
 
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
 
cmd: netsh winsock reset catalog
 
End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.
 
Run FRST and click Fix only once and wait.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
 
Please let me know what problem persists with this computer.
 
 


#3 chriffan

chriffan
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 02 May 2017 - 11:28 AM

  Hi Nasdaq,

Thanks for the quick reply. Your fixlist had a couple entries I hadn't included on the fixlists I had made previously. After my attempts to clear any infection it would return a day or two after. Hoping your fix will finally get rid of the issues once and for all.

 

Here's the fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-05-2017
Ran by admin 01 (02-05-2017 12:08:10) Run:14
Running from C:\Users\Steve\Downloads
Loaded Profiles: admin 01 & Steve (Available Profiles: admin 01 & Steve)
Boot Mode: Normal
==============================================

fixlist content:
*****************

Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
 
cmd: netsh winsock reset catalog
 
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009 => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.

========= netsh winsock reset catalog =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 4194304 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10541843 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 954 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83391 B
systemprofile32 => 0 B
LocalService => 960 B
NetworkService => 960 B
admin 01 => 3125606 B
Steve => 2895179 B

RecycleBin => 0 B
EmptyTemp: => 19.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:12:52 ====



#4 chriffan

chriffan
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 03 May 2017 - 06:03 AM

hi Nasdaq,

I needed to reboot after running the fixlist and, as usual, the computer crashed or screen froze with horizontal lines across the screen. I had to manually shut off the computer and turn it back on. Then I posted the fixlog and shut off the computer, again with the horizontal lines on screen. I went to turn on later in the day and have spent the last 14 hours trying to figure out why I find myself at a startup repair screen that says it cant fix the problem. I then ran sfc, chkdsk and memory diagnostics, all found nothing wrong. I can't get safe mode to work, I get BSOD, but can get into the boot options screen. I then tried to restore from an earlier restore point but it didn't fix the problem. The codes I see on the BSOD are 000007b, 880009a9928, 000034. I have no idea what to do to fix it.

Thank You, Steve

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:50 AM

Posted 03 May 2017 - 07:34 AM

 
There could be many reasons for the BSOD
Read about it.
 
 We can possibly find out what is causing this BSOD.
 
Try to run this tool.
Please download the free home edition of WhoCrashed to your Desktop from here whocra10.png and install it by double-clicking "whocrashedSetup.exe".
At the end, it will open automatically. Click the "Analyze" button.
 
Please scroll down the Information window to copy and paste the results in your next reply.


#6 chriffan

chriffan
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 03 May 2017 - 08:03 AM

Sorry,

I can't get windows to load. Not even safe mode works. I get a blue screen stating i should run startup repair. It can't fix the problem. SFC, chkdsk and memory diagnostic find no issues. I can use startup repair, system restore/repair, boot menu and command prompt. I tried to view services using the cmmnd prompt to see if something is disabled that shouldn't be and was unable to. I got a message stating sc is not a valid command. I was using the admin acct. I'm using my wifes android at present and no other computer available. Any alternate options?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:50 AM

Posted 03 May 2017 - 09:00 AM


Are you able to get to the Windows Recovery Environment?
How to:
https://www.bleepingcomputer.com/tutorials/start-the-windows-7-recovery-environment/#skip

Are any options available to you?
What have you tried?

p.s.
Do you have the Windows 7 installation disk?

#8 chriffan

chriffan
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 03 May 2017 - 10:35 AM

Yes, I can get into the recovery screen. I have, in order, ran startup repair 7x, SFC, chkdsk, memory diagnostics, restore from 2 different restore points, and start from last known good configuration. I can get into the Bios, boot options and F2. Also, tried to view services using a command prompt to see if a virus or malware had disabled anything. As I stated in my original post, system recovery had been disabled. The Startup repair reports problem signature 04: 21198497 and problem signature 06: is 10, if thats any help. No recovery discs and the USB I made doesn't work (I am an admitted novice with computers) and trying to get a Windows 7 repair/restore USB from my wifes co-worker. Safe mode doesn't work and command prompt is available. The system still hangs when I try to shut down and have to manually turn it off. I don't know what to do from here but if there's a way to check other parts of the system with a command prompt, I may get more info(?). Thanks for your help.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:50 AM

Posted 03 May 2017 - 12:37 PM


I suggest you strart a new topic in the Windows 7 forum.

https://www.bleepingcomputer.com/forums/f/167/windows-7/

Explain your booting problems. A technician should be able to guide you better than I can.
This is not malware and not my forte.

====

Good luck.

p.s.
and trying to get a Windows 7 repair/restore USB from my wifes co-worker
May not be wise to use this USB at this time. Check with the Tech.

#10 chriffan

chriffan
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 03 May 2017 - 05:44 PM

OK, will do. Thank You for your help, Nasdaq.

#11 chriffan

chriffan
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 05 May 2017 - 06:03 AM

  Nasdaq,

 

I finally got the boot issue fixed. I had to change settings in BIOS to be able to boot my system. Just as a check, I re-ran Farbar and I have some of the same files we removed back again. Should I CCP the scans here, or open a new topic?

 

Regards, Steve



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:50 AM

Posted 05 May 2017 - 08:33 AM

Run the Farbar tool one more time.
Make sure the the Box to create an Addition.txt file is checked. This will replace the old version.

Post both logs for my review.

#13 chriffan

chriffan
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 05 May 2017 - 08:55 AM

Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-05-2017
Ran by admin 01 (administrator) on DELL-PC (05-05-2017 09:31:04)
Running from C:\Users\Steve\Downloads
Loaded Profiles: admin 01 & Steve (Available Profiles: admin 01 & Steve)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Foolish IT LLC) C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-02] (UltimateOutsider)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1046488 2017-03-16] (DivX, LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-13] (Microsoft Corporation)
HKLM\...\RunOnce: [*Restore] => C:\Windows\System32\rstrui.exe [296960 2017-02-09] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946656 2017-04-07] (SUPERAntiSpyware)
HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\Run: [DellSystemDetect] => C:\Users\admin 01\AppData\Local\Apps\2.0\Q0C5R2QR.XRA\G46JO22C.HVE\dell..tion_831211ca63b981c5_0008.0004_3d463ceeb98aa2c1\DellSystemDetect.exe [313264 2017-04-21] (Dell)
HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{0EFCFF68-24F7-49E7-8C23-5D8C3CFD651B}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-20] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-20] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: p5xrxrcp.default
FF ProfilePath: C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default [2017-05-05]
FF Extension: (Adguard AdBlocker) - C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default\Extensions\adguardadblocker@adguard.com.xpi [2017-04-04]
FF Extension: (YouTube Plus) - C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default\Extensions\particle@particlecore.github.io.xpi [2017-04-04]
FF Extension: (Save File to) - C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default\Extensions\savefileto@mozdev.org.xpi [2017-04-04]
FF Extension: (uBlock Origin) - C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default\Extensions\uBlock0@raymondhill.net.xpi [2017-04-04]
FF Extension: (FlashGot) - C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2017-04-04]
FF Extension: (Bluhell Firewall) - C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2017-04-04]
FF Extension: (NoScript) - C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-04-04]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-04-04]
FF Extension: (Adblock Plus) - C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-04-04]
FF Extension: (Disable TLS Certificate Transparency) - C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default\features\{bddbd687-cb69-4ae7-aac5-63dbe6cb620b}\disable-cert-transparency@mozilla.org.xpi [2017-04-20]
FF Extension: (Disable Prefetch) - C:\Users\admin 01\AppData\Roaming\Mozilla\Firefox\Profiles\p5xrxrcp.default\features\{bddbd687-cb69-4ae7-aac5-63dbe6cb620b}\disable-prefetch@mozilla.org.xpi [2017-04-20]
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2017-03-16] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-20] (Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-11] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [8147528 2017-04-24] (Emsisoft Ltd)
R3 CryptoPreventEmail; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [688792 2017-04-11] (Foolish IT LLC)
R3 CryptoPreventFolderWatch; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [688792 2017-04-11] (Foolish IT LLC)
R2 CryptoPreventMonSvc; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [688792 2017-04-11] (Foolish IT LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-05 09:26 - 2017-05-05 09:27 - 04958280 _____ (Resplendence Software Projects Sp. ) C:\Users\Steve\Desktop\whocrashedSetup.exe
2017-05-05 09:23 - 2017-05-05 09:23 - 00002883 _____ C:\Users\admin 01\Desktop\Junkkware Removal T 05-05-17.txt
2017-05-05 08:37 - 2017-05-05 08:37 - 04102600 _____ C:\Users\Steve\Downloads\adwcleaner_6.046.exe
2017-05-05 07:43 - 2017-05-05 07:43 - 35354672 _____ (Adlice Software ) C:\Users\Steve\Downloads\setup.exe
2017-05-05 07:39 - 2017-05-05 07:39 - 35354672 _____ (Adlice Software ) C:\Users\admin 01\Downloads\setup.exe
2017-05-02 06:12 - 2017-05-02 12:44 - 00000000 ____D C:\Users\Steve\AppData\Local\CrashDumps
2017-04-30 06:38 - 2017-05-05 05:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hope Lake
2017-04-30 06:38 - 2017-04-30 06:38 - 00001584 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Hope Lake.lnk
2017-04-30 06:38 - 2017-04-30 06:38 - 00001578 _____ C:\Users\Public\Desktop\Hope Lake.lnk
2017-04-30 06:27 - 2017-05-05 05:36 - 00000000 ____D C:\Users\admin 01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hope Lake
2017-04-30 06:27 - 2017-04-30 06:27 - 00001602 _____ C:\Users\admin 01\AppData\Roaming\Microsoft\Windows\Start Menu\Hope Lake.lnk
2017-04-30 06:27 - 2017-04-30 06:27 - 00001578 _____ C:\Users\admin 01\Desktop\Hope Lake.lnk
2017-04-25 09:10 - 2017-05-05 01:57 - 00058016 _____ C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-24 06:04 - 2017-04-24 06:04 - 00024448 _____ C:\Users\Steve\Downloads\Addition 04-24-17 -6am.txt
2017-04-24 06:00 - 2017-04-24 06:00 - 00050367 _____ C:\Users\Steve\Downloads\FRST 04-24-17 -6am.txt
2017-04-24 05:48 - 2017-05-05 06:44 - 00030472 _____ C:\Users\Steve\Downloads\Addition.txt
2017-04-24 05:46 - 2017-05-05 09:31 - 00009890 _____ C:\Users\Steve\Downloads\FRST.txt
2017-04-24 05:42 - 2017-04-25 09:41 - 00003946 _____ C:\Users\admin 01\Desktop\Rkill.txt
2017-04-23 20:16 - 2017-04-25 16:34 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Hidden Objects MedfordAsylum
2017-04-23 20:05 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2017-04-23 20:05 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2017-04-23 20:05 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-04-23 20:05 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-04-23 20:05 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2017-04-23 20:05 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2017-04-23 20:05 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-04-23 20:05 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2017-04-23 20:05 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2017-04-23 20:05 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2017-04-23 20:05 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2017-04-23 20:05 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2017-04-23 20:05 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2017-04-23 20:05 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2017-04-23 20:05 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2017-04-23 20:05 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2017-04-23 20:05 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2017-04-23 20:05 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2017-04-23 20:05 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2017-04-23 20:05 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2017-04-23 20:05 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2017-04-23 20:05 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2017-04-23 20:05 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2017-04-23 20:05 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2017-04-23 20:05 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2017-04-23 20:05 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2017-04-23 20:05 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2017-04-23 20:05 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2017-04-23 20:05 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2017-04-23 20:05 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2017-04-23 20:05 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2017-04-23 20:05 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2017-04-23 20:05 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2017-04-23 20:05 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2017-04-23 20:05 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2017-04-23 20:05 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2017-04-23 20:05 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2017-04-23 20:05 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2017-04-23 20:05 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2017-04-23 20:05 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2017-04-23 20:05 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2017-04-23 20:05 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2017-04-23 20:05 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2017-04-23 20:05 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2017-04-23 20:04 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2017-04-23 20:04 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2017-04-23 20:04 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2017-04-23 20:04 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2017-04-23 20:04 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2017-04-23 20:04 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2017-04-23 20:04 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2017-04-23 20:04 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2017-04-23 20:04 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2017-04-23 20:04 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2017-04-23 20:04 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2017-04-23 20:04 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2017-04-23 20:04 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2017-04-23 20:04 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2017-04-23 20:04 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2017-04-23 20:04 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2017-04-23 20:04 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2017-04-23 20:04 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2017-04-23 20:04 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2017-04-23 20:04 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2017-04-23 20:04 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2017-04-23 20:04 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2017-04-23 20:04 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2017-04-23 20:04 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2017-04-23 20:04 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2017-04-23 20:04 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2017-04-23 20:04 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2017-04-23 20:04 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2017-04-23 20:04 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2017-04-23 20:04 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2017-04-23 20:04 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2017-04-23 20:04 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2017-04-23 20:04 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2017-04-23 20:04 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2017-04-23 20:04 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2017-04-23 20:04 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2017-04-23 20:04 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2017-04-23 20:04 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2017-04-23 20:04 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2017-04-23 20:04 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2017-04-23 20:04 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2017-04-23 20:04 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2017-04-23 20:04 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2017-04-23 20:04 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2017-04-23 20:04 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2017-04-23 20:04 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2017-04-23 20:04 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2017-04-23 20:04 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2017-04-23 20:04 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2017-04-23 20:04 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2017-04-23 20:04 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2017-04-23 20:04 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2017-04-23 20:04 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2017-04-23 20:04 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2017-04-23 20:04 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2017-04-23 20:04 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2017-04-23 20:04 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2017-04-23 20:04 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2017-04-23 20:04 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2017-04-23 20:04 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2017-04-23 20:04 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2017-04-23 20:04 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2017-04-23 20:04 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2017-04-23 20:04 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2017-04-23 20:04 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2017-04-23 20:04 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2017-04-23 20:04 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2017-04-23 20:04 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2017-04-23 20:04 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2017-04-23 20:04 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2017-04-23 20:04 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2017-04-23 20:04 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2017-04-23 20:04 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2017-04-23 20:04 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2017-04-23 20:04 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2017-04-23 20:04 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2017-04-23 20:04 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2017-04-23 20:04 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2017-04-23 20:04 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2017-04-23 20:04 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2017-04-23 20:04 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2017-04-23 20:04 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2017-04-23 20:04 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2017-04-23 20:04 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2017-04-23 20:04 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2017-04-23 20:04 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2017-04-23 20:04 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2017-04-23 20:04 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2017-04-23 20:04 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2017-04-23 20:04 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2017-04-23 20:04 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2017-04-23 20:04 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2017-04-23 20:04 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2017-04-23 20:04 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2017-04-23 20:04 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2017-04-23 20:04 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2017-04-23 20:04 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2017-04-23 20:04 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2017-04-23 20:03 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2017-04-23 20:03 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2017-04-23 20:03 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2017-04-23 20:03 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2017-04-23 20:03 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2017-04-23 20:03 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2017-04-23 20:03 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2017-04-23 20:03 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2017-04-23 20:03 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2017-04-23 20:03 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2017-04-23 20:03 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2017-04-23 20:03 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2017-04-23 20:03 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2017-04-23 20:03 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2017-04-23 20:03 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2017-04-23 20:03 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2017-04-23 20:03 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2017-04-23 20:03 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2017-04-23 20:03 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2017-04-23 20:03 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2017-04-23 20:03 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2017-04-23 20:03 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2017-04-23 20:03 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2017-04-23 20:03 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2017-04-23 20:03 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2017-04-23 20:03 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2017-04-23 19:55 - 2017-04-23 20:05 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-04-23 19:53 - 2017-04-23 19:54 - 00292184 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\dxwebsetup.exe
2017-04-23 19:15 - 2017-05-05 05:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medford Asylum Paranormal Case
2017-04-23 19:15 - 2017-04-23 19:15 - 00001808 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Medford Asylum Paranormal Case.lnk
2017-04-23 19:15 - 2017-04-23 19:15 - 00001802 _____ C:\Users\Public\Desktop\Medford Asylum Paranormal Case.lnk
2017-04-23 02:21 - 2017-05-05 09:21 - 00002883 _____ C:\Users\admin 01\Desktop\JRT.txt
2017-04-23 02:00 - 2017-04-23 02:00 - 00002698 _____ C:\Users\admin 01\Downloads\fixlist.txt
2017-04-22 21:59 - 2017-04-22 22:01 - 00030593 _____ C:\Users\Steve\Downloads\Addition 04-23-17.txt
2017-04-22 21:56 - 2017-04-22 22:01 - 00053479 _____ C:\Users\Steve\Downloads\FRST 04-23-17.txt
2017-04-22 14:20 - 2017-04-22 14:20 - 00000298 _____ C:\Users\admin 01\Documents\eset scan 04-22-17.txt
2017-04-22 08:47 - 2017-04-23 02:08 - 00000000 ____D C:\Users\admin 01\AppData\Local\ESET
2017-04-22 08:45 - 2017-04-22 08:46 - 06752896 _____ (ESET spol. s r.o.) C:\Users\Steve\Desktop\esetonlinescanner_enu.exe
2017-04-22 07:06 - 2017-04-22 07:06 - 00030974 _____ C:\Users\admin 01\Desktop\Addition 04-22-17 7am.txt
2017-04-22 07:05 - 2017-04-22 07:05 - 00053156 _____ C:\Users\admin 01\Desktop\FRST 04-22-17 7am.txt
2017-04-22 04:48 - 2017-04-22 04:50 - 00053156 _____ C:\Users\Steve\Downloads\FRST 04-22-2017.txt
2017-04-21 22:57 - 2017-04-30 06:38 - 00000000 ____D C:\Users\Steve\AppData\Roaming\MysteryTag
2017-04-21 19:54 - 2017-04-21 20:02 - 00000777 _____ C:\Users\admin 01\Desktop\potential fixlist.txt
2017-04-21 19:46 - 2017-04-21 19:46 - 00051570 _____ C:\Users\admin 01\Desktop\FRST scan list 04-21-2017 -pm.txt
2017-04-21 19:46 - 2017-04-21 19:46 - 00028177 _____ C:\Users\admin 01\Desktop\Addition scan list 04-21-2017 -pm.txt
2017-04-21 19:40 - 2017-04-21 19:41 - 00028174 _____ C:\Users\admin 01\Desktop\Addition.txt
2017-04-21 19:39 - 2017-05-05 05:36 - 00000000 ____D C:\Users\admin 01\Desktop\FRST-OlderVersion
2017-04-21 19:39 - 2017-04-21 19:41 - 00051570 _____ C:\Users\admin 01\Desktop\FRST.txt
2017-04-21 16:19 - 2017-05-05 05:36 - 00000000 ____D C:\Users\admin 01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2017-04-21 16:18 - 2017-04-21 16:18 - 00013858 _____ C:\Users\admin 01\Downloads\DellSystemDetectLauncher.Application
2017-04-21 04:00 - 2017-05-05 05:21 - 00000000 ____D C:\Users\admin 01\AppData\Local\Apps\2.0
2017-04-21 04:00 - 2017-04-21 16:27 - 00000000 ____D C:\Users\admin 01\AppData\Local\Deployment
2017-04-21 01:49 - 2017-04-21 01:51 - 00201794 _____ C:\TDSSKiller.3.1.0.12_21.04.2017_01.49.14_log.txt
2017-04-21 01:49 - 2017-04-21 01:49 - 00000000 ____D C:\Users\admin 01\AppData\Roaming\ZAM
2017-04-21 00:58 - 2017-04-22 04:44 - 00030971 _____ C:\Users\Steve\Downloads\Addition 04-22-2017 -4am.txt
2017-04-20 18:23 - 2017-04-20 18:24 - 00011740 _____ C:\TDSSKiller.3.1.0.12_20.04.2017_18.23.55_log.txt
2017-04-20 15:04 - 2017-04-20 15:04 - 00003607 _____ C:\Users\Steve\Downloads\FSS.txt
2017-04-20 15:03 - 2017-04-20 15:03 - 00899584 _____ (Farbar) C:\Users\Steve\Downloads\FSS.exe
2017-04-20 13:43 - 2017-04-20 13:43 - 00012288 _____ C:\Users\Steve\{4F1595E9-393D-4B36-B7DF-83AC3A9F0544}
2017-04-20 13:07 - 2017-04-25 07:40 - 00942932 _____ C:\Windows\ntbtlog.txt
2017-04-20 13:03 - 2017-04-20 13:03 - 01663672 _____ (Malwarebytes) C:\Users\admin 01\Downloads\JRT.exe
2017-04-20 13:01 - 2017-04-21 19:39 - 02424832 _____ (Farbar) C:\Users\admin 01\Desktop\FRST64.exe
2017-04-20 13:00 - 2017-04-20 13:00 - 00899584 _____ (Farbar) C:\Users\admin 01\Desktop\FSS.exe
2017-04-20 11:53 - 2017-04-20 11:53 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DELL-PC-Windows-7-Professional-(64-bit).dat
2017-04-20 11:53 - 2017-04-20 11:53 - 00000000 ____D C:\RegBackup
2017-04-20 11:40 - 2017-04-20 11:40 - 00012288 _____ C:\Users\Steve\{1A89B142-10B6-42E7-9453-20D3E7C3B4BC}
2017-04-20 05:17 - 2017-04-20 05:17 - 00014628 _____ C:\Users\admin 01\Desktop\tweaking- Win Repair - Found Reparse Points.txt
2017-04-20 05:07 - 2017-04-20 05:07 - 00012288 _____ C:\Users\admin 01\{A3C7DC76-9755-497E-BD26-622AEEBC5744}
2017-04-20 04:33 - 2017-05-05 05:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-20 04:33 - 2017-04-20 04:32 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-04-20 04:31 - 2017-04-20 04:31 - 00000000 ____D C:\Program Files (x86)\Java
2017-04-20 04:23 - 2017-04-20 04:28 - 00000000 ____D C:\Windows\system32\appmgmt
2017-04-20 04:20 - 2017-05-05 05:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-20 01:54 - 2017-04-21 00:59 - 00043933 _____ C:\Users\Steve\Downloads\Shortcut.txt
2017-04-19 18:48 - 2017-04-19 18:48 - 00662200 _____ C:\Users\Steve\Downloads\Fixlog 04-19-17.txt
2017-04-16 22:08 - 2017-05-05 05:21 - 00000000 ____D C:\Games
2017-04-13 17:14 - 2017-05-05 05:21 - 00000000 ____D C:\ProgramData\Sophos
2017-04-13 17:13 - 2017-05-05 05:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-04-13 17:13 - 2017-04-13 17:13 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-04-13 17:13 - 2017-04-13 17:13 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-04-10 01:44 - 2017-05-02 12:12 - 00003239 _____ C:\Users\Steve\Downloads\Fixlog.txt
2017-04-10 01:28 - 2017-04-10 01:29 - 164963416 _____ (Sophos Limited) C:\Users\Steve\Desktop\Sophos Virus Removal Tool.exe
2017-04-08 23:29 - 2017-04-08 23:45 - 00001704 _____ C:\Users\Steve\Desktop\mbam.exe - Shortcut.lnk
2017-04-08 22:57 - 2015-06-06 19:13 - 00961192 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00062304 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00883712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00064352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-08 22:57 - 2015-06-06 19:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-08 22:20 - 2017-05-05 05:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-04-08 22:07 - 2017-04-08 22:08 - 32824320 _____ (Tweaking.com) C:\Users\admin 01\Downloads\tweaking.com_windows_repair_aio_setup.exe
2017-04-08 06:38 - 2017-04-08 06:38 - 00001616 _____ C:\Users\Steve\Desktop\PotPlayerMini.exe - Shortcut.lnk
2017-04-08 06:38 - 2017-04-08 06:38 - 00000000 ____D C:\Users\Steve\AppData\Roaming\PotPlayerMini
2017-04-08 06:23 - 2017-04-08 06:23 - 00000000 ____D C:\Users\admin 01\AppData\Roaming\PotPlayerMini
2017-04-08 06:13 - 2017-05-05 05:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2017-04-08 06:13 - 2017-04-08 06:13 - 00001169 _____ C:\Users\admin 01\Desktop\PotPlayer.lnk
2017-04-08 06:13 - 2017-04-08 06:13 - 00000000 ____D C:\Program Files (x86)\DAUM
2017-04-06 00:39 - 2017-04-06 00:41 - 00003025 _____ C:\Users\Steve\Downloads\Fixlog 04-06.txt
2017-04-05 19:49 - 2017-04-05 19:49 - 00000017 _____ C:\Users\Steve\AppData\Local\resmon.resmoncfg
2017-04-05 13:02 - 2017-04-20 03:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-04-05 13:01 - 2017-05-05 05:36 - 00000000 ____D C:\Users\admin 01\Desktop\mbar
2017-04-05 12:53 - 2017-04-05 12:53 - 00000000 ____D C:\Users\Steve\AppData\Local\Zemana
2017-04-05 12:51 - 2017-04-21 17:11 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-04-05 12:51 - 2017-04-21 03:27 - 00041326 _____ C:\Windows\ZAM.krnl.trace
2017-04-05 12:51 - 2017-04-21 03:27 - 00009099 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-04-05 12:50 - 2017-05-05 05:21 - 00000000 ____D C:\Users\admin 01\AppData\Local\Zemana
2017-04-05 12:22 - 2017-04-05 12:22 - 21048104 _____ (Kakao) C:\Users\Steve\Downloads\PotPlayerSetup.exe
2017-04-05 12:19 - 2017-04-05 12:19 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Steve\Downloads\mbar-1.09.3.1001.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-05 09:31 - 2016-11-26 04:43 - 00000000 ____D C:\FRST
2017-05-05 09:30 - 2016-12-03 00:09 - 00000000 ____D C:\Users\Steve\Downloads\FRST-OlderVersion
2017-05-05 09:30 - 2016-11-25 18:24 - 02429440 _____ (Farbar) C:\Users\Steve\Downloads\FRST64.exe
2017-05-05 09:23 - 2016-11-23 08:01 - 00000000 ____D C:\Users\Steve\AppData\LocalLow\Mozilla
2017-05-05 09:09 - 2016-11-25 05:06 - 00000000 ____D C:\AdwCleaner
2017-05-05 08:39 - 2017-03-04 04:08 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-05-05 07:46 - 2017-03-28 09:48 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-05-05 07:45 - 2017-03-28 09:47 - 00000865 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-05-05 07:45 - 2017-03-28 09:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-05-05 07:45 - 2017-03-28 09:47 - 00000000 ____D C:\Program Files\RogueKiller
2017-05-05 07:39 - 2016-11-23 16:57 - 00000000 ____D C:\Users\admin 01\AppData\LocalLow\Mozilla
2017-05-05 06:43 - 2009-07-14 00:45 - 00021696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-05 06:43 - 2009-07-14 00:45 - 00021696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-05 06:42 - 2009-07-14 01:13 - 00778180 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-05 06:42 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-05-05 06:40 - 2016-11-21 22:38 - 00000000 ____D C:\Users\admin 01
2017-05-05 06:37 - 2016-11-23 04:08 - 00000000 ____D C:\Users\Steve
2017-05-05 06:37 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-05 06:36 - 2017-03-04 04:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2017-05-05 06:36 - 2016-11-26 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2017-05-05 06:36 - 2016-11-23 08:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel
2017-05-05 05:39 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-05-05 05:39 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Offline Web Pages
2017-05-05 05:39 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2017-05-05 05:39 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2017-05-05 05:39 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2017-05-05 05:39 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
2017-05-05 05:39 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\TAPI
2017-05-05 05:39 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Msdtc
2017-05-05 05:39 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\ias
2017-05-05 05:39 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-05-05 05:37 - 2017-01-08 17:56 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-05-05 05:37 - 2009-07-14 00:45 - 00000000 ____D C:\Windows\Setup
2017-05-05 05:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-05-05 05:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\servicing
2017-05-05 05:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\security
2017-05-05 05:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PLA
2017-05-05 05:36 - 2017-03-28 09:47 - 00000000 ____D C:\ProgramData\RogueKiller
2017-05-05 05:36 - 2017-01-18 10:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2017-05-05 05:36 - 2017-01-13 15:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blueberry Software
2017-05-05 05:36 - 2017-01-08 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot Anti-Beacon
2017-05-05 05:36 - 2017-01-02 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
2017-05-05 05:36 - 2016-12-06 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\x264vfw
2017-05-05 05:36 - 2016-12-04 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2017-05-05 05:36 - 2016-12-03 01:15 - 00000000 ____D C:\Users\admin 01\AppData\Roaming\DivX
2017-05-05 05:36 - 2016-12-03 01:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2017-05-05 05:36 - 2016-12-03 01:11 - 00000000 ____D C:\ProgramData\DivX
2017-05-05 05:36 - 2016-12-01 15:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-05 05:36 - 2016-11-29 12:52 - 00000000 ____D C:\Users\Steve\AppData\Roaming\dvdcss
2017-05-05 05:36 - 2016-11-26 18:07 - 00000000 ____D C:\Users\admin 01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-05-05 05:36 - 2016-11-26 17:56 - 00000000 ____D C:\ProgramData\Licenses
2017-05-05 05:36 - 2016-11-26 17:55 - 00000000 ____D C:\Users\admin 01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-05-05 05:36 - 2016-11-26 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-05-05 05:36 - 2016-11-25 05:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CryptoPrevent
2017-05-05 05:36 - 2016-11-25 04:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-05-05 05:36 - 2016-11-24 08:29 - 00000000 ____D C:\Users\admin 01\AppData\Roaming\vlc
2017-05-05 05:36 - 2016-11-24 00:02 - 00000000 ____D C:\Users\Steve\AppData\Roaming\vlc
2017-05-05 05:36 - 2016-11-22 19:12 - 00000000 ____D C:\Users\admin 01\Downloads\Intel Components
2017-05-05 05:36 - 2016-11-22 19:11 - 00000000 ____D C:\Users\admin 01\AppData\Local\Intel
2017-05-05 05:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2017-05-05 05:33 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2017-05-05 05:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Vss
2017-05-05 05:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\spool
2017-05-05 05:24 - 2009-07-14 00:45 - 00000000 ____D C:\Windows\ServiceProfiles
2017-05-05 05:22 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help
2017-05-05 05:21 - 2016-11-26 17:49 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-05-05 05:21 - 2016-11-25 05:02 - 00000000 ____D C:\ProgramData\Foolish IT
2017-05-05 05:21 - 2016-11-25 04:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-05 05:21 - 2016-11-23 18:41 - 00000000 ____D C:\Users\admin 01\AppData\LocalLow\Sun
2017-05-05 05:21 - 2016-11-23 18:41 - 00000000 ____D C:\ProgramData\Oracle
2017-05-05 05:21 - 2016-11-23 16:57 - 00000000 ____D C:\Users\admin 01\AppData\Roaming\Mozilla
2017-05-05 05:21 - 2016-11-23 08:01 - 00000000 ____D C:\Users\Steve\AppData\Local\Mozilla
2017-05-05 05:21 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\MSBuild
2017-05-05 05:21 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-05-05 03:31 - 2017-04-01 01:26 - 00000000 ____D C:\Users\Steve\AppData\Local\Deployment
2017-05-02 06:41 - 2016-12-03 16:57 - 00000000 ____D C:\Users\Steve\Desktop\tool logs
2017-04-29 21:10 - 2016-11-26 17:56 - 00000000 ____D C:\ProgramData\TEMP
2017-04-29 21:08 - 2016-11-26 17:56 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2017-04-29 11:21 - 2009-07-14 01:08 - 00032614 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-27 00:01 - 2016-12-07 01:46 - 00000000 ____D C:\Windows\Minidump
2017-04-26 10:59 - 2016-11-22 00:23 - 00058016 _____ C:\Users\admin 01\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-26 00:15 - 2017-02-17 19:43 - 00025442 _____ C:\Users\Steve\Downloads\MTB.txt
2017-04-25 09:05 - 2009-07-14 00:45 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-25 09:04 - 2016-11-18 16:14 - 00000000 ____D C:\Windows\CSC
2017-04-25 08:58 - 2009-07-13 22:34 - 00000439 _____ C:\Windows\win.ini
2017-04-25 08:56 - 2016-11-22 19:08 - 00778180 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-04-24 13:50 - 2009-07-13 22:34 - 00002031 _____ C:\Windows\system32\Drivers\etc\hosts_bak_992
2017-04-23 01:56 - 2017-01-18 08:36 - 00000000 ____D C:\Users\admin 01\Desktop\scan logs
2017-04-22 05:28 - 2016-11-23 04:03 - 00000000 ____D C:\Users\admin 01\AppData\Local\ElevatedDiagnostics
2017-04-21 17:14 - 2017-04-01 04:44 - 00000000 ____D C:\ProgramData\Dell
2017-04-21 17:01 - 2016-11-22 19:09 - 00000000 ____D C:\Program Files\Intel
2017-04-21 17:01 - 2016-11-22 19:06 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-20 13:20 - 2009-07-13 22:34 - 00002851 _____ C:\Windows\system32\Drivers\etc\hosts_bak_338
2017-04-20 12:10 - 2010-11-21 03:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-04-20 11:39 - 2009-07-13 22:34 - 00004929 _____ C:\Windows\system32\Drivers\etc\hosts_bak_9
2017-04-20 03:24 - 2016-11-25 04:54 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-20 03:24 - 2016-11-25 04:54 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-04-16 05:18 - 2016-11-29 18:04 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Audacity
2017-04-11 15:09 - 2017-01-08 18:22 - 00000000 ____D C:\Program Files\Movie Maker
2017-04-08 22:59 - 2016-12-03 01:16 - 00001623 _____ C:\Users\admin 01\Desktop\DivX Movies.lnk
2017-04-08 22:59 - 2016-12-03 01:14 - 00000000 ____D C:\Program Files (x86)\DivX
2017-04-08 22:58 - 2016-12-03 01:16 - 00003652 _____ C:\Windows\System32\Tasks\DivXUpdate
2017-04-08 22:58 - 2016-12-03 01:16 - 00001098 _____ C:\Users\Public\Desktop\DivX Converter.lnk
2017-04-08 22:58 - 2016-12-03 01:16 - 00001073 _____ C:\Users\Public\Desktop\DivX Player.lnk
2017-04-08 22:20 - 2016-11-26 18:07 - 00003658 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2017-04-08 22:20 - 2016-11-26 18:07 - 00002170 _____ C:\Users\admin 01\Desktop\Tweaking.com - Windows Repair.lnk
2017-04-08 00:57 - 2016-11-26 17:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

Some files in TEMP:
====================
2017-05-05 07:36 - 2017-02-09 12:33 - 1732864 _____ (Microsoft Corporation) C:\Users\admin 01\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-24 14:03

==================== End of FRST.txt ============================

 

 

  and the Additional scan:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-05-2017
Ran by admin 01 (05-05-2017 09:33:30)
Running from C:\Users\Steve\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-11-22 02:38:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin 01 (S-1-5-21-2391963144-3888246503-2386156485-1000 - Administrator - Enabled) => C:\Users\admin 01
Administrator (S-1-5-21-2391963144-3888246503-2386156485-500 - Administrator - Disabled)
Guest (S-1-5-21-2391963144-3888246503-2386156485-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2391963144-3888246503-2386156485-1002 - Limited - Enabled)
Steve (S-1-5-21-2391963144-3888246503-2386156485-1003 - Limited - Enabled) => C:\Users\Steve

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Disabled - Up to date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
AS: Emsisoft Anti-Malware (Disabled - Up to date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAC ACM Codec 1.9 (HKLM-x32\...\AACACM) (Version: 1.9 - fccHandler)
AAC ACM Codec x64 1.9 (HKLM\...\AACACM) (Version: 1.9 - fccHandler)
AC-3 ACM Codec x64 2.2 (HKLM\...\AC3ACM) (Version: 2.2 - fccHandler)
ATI Catalyst Install Manager (HKLM\...\{27DBADDC-5CE7-6A3F-C68F-C84CB921ED50}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: 8.0.3.4 - Foolish IT LLC)
Dell System Detect (HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\d24084d039586cae) (Version: 8.4.0.5 - Dell)
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.230 - DivX, LLC)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 12.0 - Emsisoft Ltd.)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
FastStone Image Viewer 6.1 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.1 - FastStone Soft)
ffdshow v1.3.4531 [2014-06-28] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4531.0 - )
FlashBack Express 5 (HKLM-x32\...\FlashBack Express 5) (Version: 5.22.0.4178 - Blueberry)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
Hope Lake (HKLM-x32\...\Hope Lake1.0) (Version: 1.0 - Digital Download)
Intel® Network Connections 21.1.30.0 (HKLM\...\PROSetDX) (Version: 21.1.30.0 - Intel)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Lame ACM MP3 Codec (HKLM\...\LameACM) (Version:  - )
Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Medford Asylum Paranormal Case (HKLM-x32\...\Medford Asylum Paranormal Case1.0) (Version: 1.0 - Digital Download)
MediaInfo 0.7.91 (HKLM\...\MediaInfo) (Version: 0.7.91 - MediaArea.net)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
Mozilla Firefox 53.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 en-US)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.0.6312 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 en-US)) (Version: 45.8.0 - Mozilla)
PotPlayer (HKLM-x32\...\PotPlayer) (Version:  - Kakao Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
RogueKiller version 12.10.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.7.0 - Adlice Software)
ShaderTFX version 1.1 (HKLM\...\ShaderTFX_is1) (Version:  - )
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.6 - Safer-Networking Ltd.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1228 - SUPERAntiSpyware.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.27 - Tweaking.com)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1C967F7C-7C84-4309-8D6F-7A06C89DA11A} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [2017-03-07] (DivX, LLC)
Task: {29B8E347-353C-4DB5-ACB1-2CEB1557AD89} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {5658ADD1-9AB3-434F-911C-E05E8EF920D2} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe [2016-11-11] (Safer-Networking Ltd.)
Task: {CE334E87-24E3-42DE-81AE-4F26CB8F7214} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00627794.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\10193793.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\21582439.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\35204998.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70523341.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70871810.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\89598495.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.

IE trusted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2017-05-02 06:13 - 00002851 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost0.0.0.0    choice.microsoft.com
0.0.0.0    choice.microsoft.com.nstac.net
0.0.0.0    df.telemetry.microsoft.com
0.0.0.0    oca.telemetry.microsoft.com
0.0.0.0    oca.telemetry.microsoft.com.nsatc.net
0.0.0.0    redir.metaservices.microsoft.com
0.0.0.0    reports.wes.df.telemetry.microsoft.com
0.0.0.0    services.wes.df.telemetry.microsoft.com
0.0.0.0    settings-sandbox.data.microsoft.com
0.0.0.0    settings-win.data.microsoft.com
0.0.0.0    sqm.df.telemetry.microsoft.com
0.0.0.0    sqm.telemetry.microsoft.com
0.0.0.0    sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0    telecommand.telemetry.microsoft.com
0.0.0.0    telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0    telemetry.appex.bing.net
0.0.0.0    telemetry.microsoft.com
0.0.0.0    telemetry.urs.microsoft.com
0.0.0.0    vortex-sandbox.data.microsoft.com
0.0.0.0    vortex-win.data.microsoft.com
0.0.0.0    vortex.data.microsoft.com
0.0.0.0    watson.telemetry.microsoft.com
0.0.0.0    watson.telemetry.microsoft.com.nsatc.net
0.0.0.0    watson.ppe.telemetry.microsoft.com
0.0.0.0    wes.df.telemetry.microsoft.com
0.0.0.0    vortex-bn2.metron.live.com.nsatc.net
0.0.0.0    vortex-cy2.metron.live.com.nsatc.net
0.0.0.0    watson.live.com
0.0.0.0    watson.microsoft.com
0.0.0.0    feedback.search.microsoft.com

There are 11 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin 01\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2391963144-3888246503-2386156485-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{AD7882F8-B389-4773-867F-1B9750AC8D3D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1EE7F615-8481-46AD-A232-E0DB35737615}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

23-04-2017 02:01:43 Restore Point Created by FRST
23-04-2017 02:10:56 JRT Pre-Junkware Removal
23-04-2017 20:00:27 Installed DirectX
25-04-2017 04:45:45 Restore Point Created by FRST
02-05-2017 12:08:13 Restore Point Created by FRST
05-05-2017 00:52:29 Restore Operation
05-05-2017 09:10:45 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/05/2017 09:13:21 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 - 00000000000001F0,0x00530194,0000000000000000,0,000000000030E020,4096,[0]).


Operation:
   Query Shadow Copies

Error: (05/05/2017 08:34:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d42
Faulting module name: TeamAgent.dll, version: 21.1.21.0, time stamp: 0x57b60194
Exception code: 0xc0000005
Fault offset: 0x0000000000068bb2
Faulting process id: 0x33c
Faulting application start time: 0x01d2c59be6ed4486
Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe
Faulting module path: C:\Program Files\Intel\NCS2\Agent\TeamAgent.dll
Report Id: 2b6d0170-318f-11e7-a9a0-842b2bb5c785

Error: (05/05/2017 05:19:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (05/02/2017 06:12:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SUPERAntiSpyware.exe, version: 6.0.0.1240, time stamp: 0x58e3ee59
Faulting module name: ntdll.dll, version: 6.1.7601.23677, time stamp: 0x589c99e1
Exception code: 0xc0000374
Fault offset: 0x00000000000bf3e2
Faulting process id: 0xd1c
Faulting application start time: 0x01d2c32b18cb31b8
Faulting application path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: cc42d29f-2f1f-11e7-b589-842b2bb5c785

Error: (04/28/2017 09:42:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PotPlayerMini.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c44

Start Time: 01d2c08983811646

Termination Time: 31

Application Path: C:\Program Files (x86)\DAUM\PotPlayer\PotPlayerMini.exe

Report Id: 1814ad91-2c7d-11e7-9e3e-842b2bb5c785

Error: (04/28/2017 01:09:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PotPlayerMini.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ce0

Start Time: 01d2bfdb73770b81

Termination Time: 47

Application Path: C:\Program Files (x86)\DAUM\PotPlayer\PotPlayerMini.exe

Report Id: e63398d6-2bd0-11e7-8373-842b2bb5c785

Error: (04/26/2017 08:14:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PotPlayerMini.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fe0

Start Time: 01d2be86000cb6f9

Termination Time: 32

Application Path: C:\Program Files (x86)\DAUM\PotPlayer\PotPlayerMini.exe

Report Id: f2225600-2a79-11e7-a768-842b2bb5c785

Error: (04/26/2017 03:20:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PotPlayerMini.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d4c

Start Time: 01d2be5c568b3a4e

Termination Time: 46

Application Path: C:\Program Files (x86)\DAUM\PotPlayer\PotPlayerMini.exe

Report Id: bd025bbd-2a50-11e7-98e3-842b2bb5c785

Error: (04/25/2017 11:16:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FSViewer.exe version 6.1.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f40

Start Time: 01d2bdd6d8757021

Termination Time: 31

Application Path: C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe

Report Id: 289bc942-29ca-11e7-9c3d-842b2bb5c785

Error: (04/25/2017 09:05:53 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


System errors:
=============
Error: (05/05/2017 06:37:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Color System service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/05/2017 06:37:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Color System service to connect.

Error: (05/05/2017 05:18:14 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (05/05/2017 05:17:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/05/2017 05:17:25 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/05/2017 05:17:25 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/05/2017 05:17:22 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/05/2017 05:17:14 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/05/2017 05:17:08 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
discache
epp
SASDIFSV
SASKUTIL
spldr
Wanarpv6

Error: (05/05/2017 05:17:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.


CodeIntegrity:
===================================
  Date: 2017-05-05 09:30:37.736
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-05 09:24:04.045
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-05 09:09:55.241
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-05 08:36:11.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-05 07:36:17.704
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-05 07:19:58.534
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-05 07:06:58.000
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-05 06:45:21.705
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-05 04:05:45.246
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-05 03:43:08.141
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 870 @ 2.93GHz
Percentage of memory in use: 32%
Total physical RAM: 8118.43 MB
Available physical RAM: 5482.95 MB
Total Virtual: 16236.85 MB
Available Virtual: 13103.61 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1859.09 GB) (Free:1514.66 GB) NTFS
Drive f: (Mixed Content) (Fixed) (Total:1397.17 GB) (Free:75.06 GB) NTFS
Drive g: (Holiday  n Kids) (Fixed) (Total:465.66 GB) (Free:23.87 GB) NTFS
Drive h: (Music Videos) (Fixed) (Total:1862.92 GB) (Free:75.63 GB) NTFS
Drive m: (Mainstream Movies 1) (Fixed) (Total:1862.92 GB) (Free:4.56 GB) NTFS
Drive r: (Mainstream Movies 2) (Fixed) (Total:1862.98 GB) (Free:0.41 GB) NTFS
Drive s: (Mainstream Movies 4) (Fixed) (Total:3725.9 GB) (Free:1713.01 GB) NTFS
Drive t: (Mainstream Movies 3) (Fixed) (Total:2794.52 GB) (Free:4.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: AFEB22B4)
Partition 1: (Active) - (Size=3.9 GB) - (Type=27)
Partition 2: (Not Active) - (Size=1859.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 9BCBC3C7)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 2.

========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: 7166786F)
Partition 1: (Active) - (Size=1862.9 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: F46F70FC)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 1863 GB) (Disk ID: 16F2A91F)

Partition: GPT.

========================================================
Disk: 6 (Size: 1397.3 GB) (Disk ID: 2B3A3EA6)
Partition 1: (Active) - (Size=1397.2 GB) - (Type=07 NTFS)

========================================================
Disk: 7 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 8410C6AD)
Partition 1: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

In the last fixlog I noticed an entry I'm concerned about and wonder if it could be malware related or partially responsible for the boot issues I experienced.

   ========= netsh winsock reset catalog =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
 

Thanks again for your help



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:50 AM

Posted 05 May 2017 - 01:35 PM


Do this fix one more time. Post the Fixlog.txt for my review.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
CloseProcesses:

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
cmd: netsh winsock reset catalog

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#15 chriffan

chriffan
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 05 May 2017 - 09:20 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-05-2017
Ran by admin 01 (05-05-2017 22:00:48) Run:15
Running from C:\Users\Steve\Downloads
Loaded Profiles: admin 01 & Steve (Available Profiles: admin 01 & Steve)
Boot Mode: Normal
==============================================

fixlist content:
*****************

Start

CreateRestorePoint:
CloseProcesses:

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
cmd: netsh winsock reset catalog

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009 => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-2391963144-3888246503-2386156485-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully

========= netsh winsock reset catalog =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 22:03:47 ====

 

The computer froze again on the "shutting down" screen and I had to manually shut it down then again to restart

 

Steve






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users