Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RKill : ZEROACCESS rootkit symptoms found!


  • This topic is locked This topic is locked
28 replies to this topic

#1 teresachristy5

teresachristy5

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 20 May 2017 - 06:04 PM

My computer has been acting a bit oddly for the past couple of weeks. I usually just suck it up and deal with it, but lately, my shockwave plugin has been crashing. My computer has been freezing. My browser seems to be connecting slower than normal. Streaming movies will stop and buffer even though it shows they are loaded. I had my daughter look at the computer. She ran RKill and this was the log.

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/20/2017 06:59:44 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * ALERT: ZEROACCESS rootkit symptoms found!
 
     * C:\$RECYCLE.BIN\S-1-5-18\$934f382ee646b1119c9c88b5c1e746e9\ [ZA Dir]
     * C:\$RECYCLE.BIN\S-1-5-18\$934f382ee646b1119c9c88b5c1e746e9\@ [ZA File]
     * C:\$RECYCLE.BIN\S-1-5-18\$934f382ee646b1119c9c88b5c1e746e9\L\ [ZA Dir]
     * C:\$RECYCLE.BIN\S-1-5-18\$934f382ee646b1119c9c88b5c1e746e9\L\00000004.@ [ZA File]
     * C:\$RECYCLE.BIN\S-1-5-18\$934f382ee646b1119c9c88b5c1e746e9\L\201d3dde [ZA File]
     * C:\$RECYCLE.BIN\S-1-5-18\$934f382ee646b1119c9c88b5c1e746e9\U\ [ZA Dir]
 
Checking Windows Service Integrity: 
 
 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 05/20/2017 07:00:38 PM
Execution time: 0 hours(s), 0 minute(s), and 54 seconds(s)
 
 
I have, read the preparation post and done as requested. The following is the FRST log.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-05-2017
Ran by bill (administrator) on CHRISTY-PC (20-05-2017 18:54:35)
Running from C:\Users\bill\Downloads
Loaded Profiles: Teresa & bill & diablo (Available Profiles: Teresa & bill & diablo)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
HKLM-x32\...\Run: [Easy Dock] => [X]
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2183752 2017-02-07] ()
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [270912 2015-06-17] (CANON INC.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5296416 2017-04-11] (IObit)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll <==== ATTENTION
HKU\S-1-5-21-43797885-4047640243-3447395773-1000\...\Run: [Google Update] => C:\Users\Teresa\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-04] (Google Inc.)
HKU\S-1-5-21-43797885-4047640243-3447395773-1000\...\MountPoints2: {156d3e70-6192-11e2-88b5-c89cdca4785c} - J:\SetUp.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {156d3e70-6192-11e2-88b5-c89cdca4785c} - J:\SetUp.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {394af56d-0c65-11e2-90a7-7a8020000200} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\TL-Bootstrap.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {4dc2df49-7c42-11e1-9142-806e6f6e6963} - D:\Msetup4.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {880b8740-f010-11e2-ac8f-806e6f6e6963} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {8cc70b41-f85a-11e2-beb6-806e6f6e6963} - E:\TL_Bootstrap.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {c98f28ea-b11a-11e4-8844-c89cdca4785c} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {f1c46f6e-a9d9-11e4-8012-c89cdca4785c} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {f1c46fa9-a9d9-11e4-8012-c89cdca4785c} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-43797885-4047640243-3447395773-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicyUsers\S-1-5-21-43797885-4047640243-3447395773-1000\User: Restriction - Chrome <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-43797885-4047640243-3447395773-1002] => http=127.0.0.1:50444;https=127.0.0.1:50444
Winsock: Catalog5 01 mswsock.dll => No File  ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll => No File  ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll => No File  ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll => No File  ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{274CD07B-E536-4377-85DD-CA653E3D3CF9}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{D6AAC21F-A3C6-4CFF-81C3-42552D287C5D}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-43797885-4047640243-3447395773-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131397850551111443&GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKU\S-1-5-21-43797885-4047640243-3447395773-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131397850554221621&GUID=00000000-0000-0000-0000-000000000000
URLSearchHook: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 -> Default = {7d139a74-4e4b-d0d4-6dc7-30168d640ee9}
URLSearchHook: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 - (No Name) - {03f38c00-dda9-46bf-9475-c6997746c740} - No File
URLSearchHook: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 - (No Name) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - No File
URLSearchHook: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 - FCToolbarURLSearchHook Class - {7d139a74-4e4b-d0d4-6dc7-30168d640ee9} - C:\Program Files (x86)\Bucksbee Loyalty Plugin - Guppy Media\Helper.dll ()
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {9B250290-2C8E-42E2-8BA0-1FEB920DBCB0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {9B250290-2C8E-42E2-8BA0-1FEB920DBCB0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL = hxxp://fastestwebsearch.com/search?q={searchterms}
SearchScopes: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 -> DefaultScope {9B250290-2C8E-42E2-8BA0-1FEB920DBCB0} URL = 
SearchScopes: HKU\S-1-5-21-43797885-4047640243-3447395773-1001 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = 
SearchScopes: HKU\S-1-5-21-43797885-4047640243-3447395773-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={2C41CACA-65C8-4956-BABC-46118C03EE35}&mid=85ae249d753c47d0ad1e19d59a4091af-a79cbb5dcdb1e31c5dd9b01c280237268f8e7523&lang=en&ds=AVG&coid=avgtbavg&cmpid=0117tb&pr=fr&d=2015-09-10 19:54:42&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-43797885-4047640243-3447395773-1001 -> {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL = hxxp://fastestwebsearch.com/search?q={searchterms}
SearchScopes: HKU\S-1-5-21-43797885-4047640243-3447395773-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO-x32: FBDownloader BHO -> {553318DA-D010-469E-84B1-496563CAE1BF} -> C:\Program Files (x86)\HTTO Group, Ltd\FBDownloader IE Add-on\FBDownloader.dll [2012-05-25] (HTTO Group, Ltd)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-02-07] (AVG)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2016-12-22] (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll [2016-12-22] (IObit)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 -> No Name - {03F38C00-DDA9-46BF-9475-C6997746C740} -  No File
Toolbar: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 -> No Name - {CCE665DD-F6DD-4808-968E-EAEC971F70EF} -  No File
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [fbdownloader@KMcore] - C:\Program Files (x86)\SDIV 2.0\Lib\xpi
FF Extension: (fbdownloader) - C:\Program Files (x86)\SDIV 2.0\Lib\xpi [2012-05-25] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-43797885-4047640243-3447395773-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Teresa\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-43797885-4047640243-3447395773-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Teresa\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-43797885-4047640243-3447395773-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\bill\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-30] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-43797885-4047640243-3447395773-1001: @us-w1.rockmelt.com/RockMelt Update;version=8 -> C:\Users\bill\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll [No File]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default [2017-05-20]
CHR Extension: (Google Drive) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
CHR Extension: (Google Search) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Spelunky) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogggnbbinagpdjpnmfihhgdlogfdmdko [2016-09-29]
CHR Extension: (Gmail) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
CHR HKU\S-1-5-21-43797885-4047640243-3447395773-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ncmdmcjifbkefpaijakdbgfjbpaonjhg] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [dlopielgodpjhkbapdlbbicpiefpaack] - C:\Users\bill\AppData\Local\Shopping Sidekick Plugin\Chrome\Shopping Sidekick Plugin.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [pollkeobaahnbmpcgombjfibedabcddd] - C:\Program Files (x86)\SDIV 2.0\Lib\FBDownloader.crx [2012-05-24]
StartMenuInternet: Google Chrome.Teresa - C:\Users\Teresa\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1764640 2017-04-11] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
S2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 vToolbarUpdater40.3.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-02-07] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-02-07] ()
S2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [X]
S2 avgsvc; "C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe" [X]
S2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360400 2015-05-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [204704 2015-07-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [249296 2015-05-26] (AVG Technologies CZ, s.r.o.)
S3 hitmanpro36; C:\Windows\system32\drivers\hitmanpro36.sys [30496 2012-11-07] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-25] (REALiX™)
R1 IMFCameraProtect; C:\Windows\system32\drivers\IMFCameraProtect.sys [26272 2017-03-29] (IObit.com)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFDownProtect.sys [21360 2017-03-08] (IObit.com)
R3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [22440 2016-12-22] (IObit)
R3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFForceDelete.sys [16216 2017-03-29] (IObit.com)
S3 PTDUBus; C:\Windows\System32\DRIVERS\PTDUBus.sys [70672 2009-08-12] (DEVGURU Co., LTD.)
S3 PTDUMdm; C:\Windows\System32\DRIVERS\PTDUMdm.sys [173456 2009-08-12] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTDUVsp; C:\Windows\System32\DRIVERS\PTDUVsp.sys [173456 2009-08-12] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTDUWFLT; C:\Windows\System32\DRIVERS\PTDUWFLT.sys [12688 2009-08-12] (DEVGURU Co., LTD.)
S3 PTDUWWAN; C:\Windows\System32\DRIVERS\PTDUWWAN.sys [141840 2009-08-12] (DEVGURU Co., LTD.)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34752 2016-11-03] (IObit.com)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-20 18:54 - 2017-05-20 18:55 - 00022318 _____ C:\Users\bill\Downloads\FRST.txt
2017-05-20 18:54 - 2017-05-20 18:54 - 00000000 ____D C:\FRST
2017-05-20 18:53 - 2017-05-20 18:53 - 02429952 _____ (Farbar) C:\Users\bill\Downloads\FRST64.exe
2017-05-20 18:30 - 2017-05-20 18:30 - 00002504 _____ C:\Users\bill\Desktop\Rkill.txt
2017-05-20 18:01 - 2017-05-20 18:15 - 152426840 _____ C:\Users\bill\Downloads\l8k4dykk.exe
2017-05-20 17:59 - 2017-05-20 17:59 - 00000000 ____D C:\Users\bill\Doctor Web
2017-05-20 17:32 - 2017-05-20 17:59 - 149014104 _____ C:\Users\bill\Downloads\cureit.exe
2017-05-20 17:28 - 2017-05-20 17:29 - 16778594 _____ C:\Users\bill\Downloads\drweb-11.1.1-ss-android.apk
2017-05-20 17:16 - 2017-05-20 17:16 - 00448512 _____ (OldTimer Tools) C:\Users\bill\Downloads\TFC.exe
2017-05-20 17:00 - 2017-05-20 17:00 - 00000000 ____D C:\Users\Teresa\AppData\Local\AVG Web TuneUp
2017-05-20 16:58 - 2017-05-20 16:58 - 00002910 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_diablo
2017-05-20 16:58 - 2017-05-20 16:58 - 00000000 ____D C:\Users\diablo\AppData\LocalLow\IObit
2017-05-20 16:36 - 2017-05-20 16:36 - 00000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-05-20 16:17 - 2017-05-20 16:17 - 00001049 _____ C:\Users\diablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-05-20 16:17 - 2017-05-20 16:17 - 00001049 _____ C:\Users\bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-05-20 15:59 - 2017-05-20 15:59 - 00000000 ____D C:\Users\bill\AppData\Local\AvgSetupLog
2017-05-20 14:43 - 2017-05-20 14:43 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\bill\Desktop\rkill.exe
2017-05-20 14:23 - 2017-05-20 15:36 - 00280360 _____ C:\Windows\ntbtlog.txt
2017-05-18 20:21 - 2017-05-18 20:22 - 00003168 _____ C:\Windows\System32\Tasks\SmartDefrag_AutoAnalyze
2017-05-18 20:21 - 2017-05-18 20:21 - 00003016 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup
2017-05-18 20:21 - 2017-05-18 20:21 - 00003014 _____ C:\Windows\System32\Tasks\SmartDefrag_Update
2017-05-18 19:53 - 2017-05-18 19:53 - 00000000 ____H C:\asc_rdflag
2017-05-18 16:25 - 2017-05-18 16:25 - 00001180 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2017-05-18 16:25 - 2017-05-18 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2017-05-18 16:25 - 2017-03-29 18:05 - 00026272 _____ (IObit.com) C:\Windows\system32\Drivers\IMFCameraProtect.sys
2017-05-18 16:24 - 2017-05-18 16:24 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2017-05-16 00:23 - 2017-05-16 00:23 - 00000000 ____D C:\Users\bill\AppData\Roaming\Google
2017-05-12 21:44 - 2017-05-12 21:44 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-05-12 21:44 - 2017-05-12 21:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-05-12 21:44 - 2017-05-12 21:44 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-12 21:44 - 2017-05-12 21:44 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-12 21:44 - 2017-05-12 21:44 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-12 21:44 - 2017-05-12 21:44 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-12 21:44 - 2017-05-12 21:44 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-05-12 21:44 - 2017-05-12 21:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-05-12 21:44 - 2017-05-12 21:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-12 21:44 - 2017-05-12 21:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-12 21:44 - 2017-05-12 21:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-12 21:44 - 2017-05-12 21:44 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-06 05:10 - 2017-05-06 05:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2017-04-22 12:04 - 2017-04-22 12:04 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-04-22 12:04 - 2017-04-22 12:04 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-04-22 12:04 - 2017-04-22 12:04 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-04-22 12:04 - 2017-04-22 12:04 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-04-22 12:04 - 2017-04-22 12:04 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-04-22 12:04 - 2017-04-22 12:04 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-04-22 12:04 - 2017-04-22 12:04 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-04-22 12:04 - 2017-04-22 12:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-04-22 12:04 - 2017-04-22 12:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-20 18:41 - 2012-07-27 16:36 - 00000924 _____ C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-43797885-4047640243-3447395773-1001UA.job
2017-05-20 18:36 - 2009-07-14 00:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-20 18:36 - 2009-07-14 00:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-20 18:31 - 2017-01-23 11:54 - 00002876 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (bill)
2017-05-20 18:29 - 2015-09-10 19:55 - 00000351 _____ C:\prefs.js
2017-05-20 18:28 - 2012-04-01 20:49 - 00000000 ____D C:\Users\bill
2017-05-20 18:28 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-20 18:27 - 2012-04-17 20:00 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-43797885-4047640243-3447395773-1000UA.job
2017-05-20 18:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Resources
2017-05-20 18:19 - 2012-04-04 13:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-20 18:11 - 2016-09-18 14:52 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-20 18:00 - 2013-01-07 13:33 - 00000478 _____ C:\Windows\Tasks\PC Utility Kit Registration3.job
2017-05-20 17:23 - 2013-01-07 13:43 - 00000000 ____D C:\ProgramData\IObit
2017-05-20 17:19 - 2012-12-04 20:31 - 00000386 _____ C:\Windows\Tasks\update-sys.job
2017-05-20 17:08 - 2012-12-04 20:31 - 00000386 _____ C:\Windows\Tasks\update-S-1-5-21-43797885-4047640243-3447395773-1001.job
2017-05-20 17:02 - 2013-01-24 22:48 - 00000000 ____D C:\Users\Teresa\AppData\Roaming\IObit
2017-05-20 17:00 - 2013-08-23 18:11 - 00597236 __RSH C:\Users\Teresa\ntuser.pol
2017-05-20 17:00 - 2012-04-01 16:34 - 00000000 ____D C:\Users\Teresa
2017-05-20 16:58 - 2017-02-24 10:51 - 00000000 ____D C:\Users\diablo\AppData\Roaming\ProductData
2017-05-20 16:58 - 2014-02-07 22:57 - 00000000 ____D C:\Users\diablo\AppData\Roaming\IObit
2017-05-20 16:56 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2017-05-20 16:51 - 2016-01-12 23:42 - 00002906 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_bill
2017-05-20 16:41 - 2012-07-27 16:36 - 00000872 _____ C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-43797885-4047640243-3447395773-1001Core.job
2017-05-20 16:37 - 2014-07-31 15:06 - 00000000 ____D C:\ProgramData\ProductData
2017-05-20 16:36 - 2016-01-12 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2017-05-20 16:24 - 2014-05-04 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-05-20 16:24 - 2012-11-24 21:54 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2017-05-20 16:21 - 2012-06-17 21:06 - 00000000 ____D C:\Program Files (x86)\The Weather Channel
2017-05-20 16:20 - 2012-05-22 23:41 - 00000000 ____D C:\Users\bill\AppData\Local\The Weather Channel
2017-05-20 16:01 - 2012-12-16 21:56 - 00000000 __HDC C:\ProgramData\~0
2017-05-20 16:00 - 2012-12-10 20:19 - 00000000 ____D C:\Program Files (x86)\AVG
2017-05-20 15:52 - 2012-12-10 19:57 - 00000000 ____D C:\ProgramData\MFAData
2017-05-20 15:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help
2017-05-20 13:36 - 2016-09-20 05:31 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-05-19 14:27 - 2012-04-17 20:00 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-43797885-4047640243-3447395773-1000Core.job
2017-05-18 20:21 - 2016-12-05 19:12 - 00001163 _____ C:\Users\Public\Desktop\Smart Defrag 5.lnk
2017-05-18 20:21 - 2016-12-05 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2017-05-18 20:07 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-18 20:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-05-18 19:53 - 2014-09-04 19:56 - 79970304 _____ C:\Windows\system32\config\software.iodefrag.bak
2017-05-18 19:53 - 2014-09-04 19:56 - 00286720 _____ C:\Windows\system32\config\default.iodefrag.bak
2017-05-18 19:53 - 2014-09-04 19:56 - 00135168 _____ C:\Windows\system32\config\sam.iodefrag.bak
2017-05-18 19:53 - 2014-09-04 19:56 - 00032768 _____ C:\Windows\system32\config\security.iodefrag.bak
2017-05-18 19:53 - 2013-12-24 18:43 - 00000000 ____D C:\Users\diablo
2017-05-18 16:25 - 2013-01-07 13:43 - 00000000 ____D C:\Program Files (x86)\IObit
2017-05-18 00:11 - 2013-01-07 13:33 - 00000444 _____ C:\Windows\Tasks\PC Utility Kit Update3.job
2017-05-17 18:57 - 2013-01-07 13:33 - 00000442 _____ C:\Windows\Tasks\PC Utility Kit.job
2017-05-15 18:29 - 2014-02-08 00:14 - 00002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-15 18:29 - 2014-02-08 00:14 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-14 22:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-05-14 18:05 - 2009-07-14 00:45 - 00269128 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-14 18:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-10 22:49 - 2017-03-18 13:09 - 00004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-10 22:49 - 2017-02-28 21:14 - 00004452 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-05-10 22:49 - 2012-04-04 13:15 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-10 22:49 - 2012-04-04 13:15 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-10 22:49 - 2012-04-04 13:15 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-06 05:10 - 2012-12-04 20:31 - 00003258 _____ C:\Windows\System32\Tasks\update-S-1-5-21-43797885-4047640243-3447395773-1001
2017-05-06 05:10 - 2012-12-04 20:31 - 00000658 _____ C:\Users\bill\AppData\Local\UserProducts.xml
2017-04-27 17:53 - 2012-04-04 13:16 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-27 17:53 - 2012-04-04 13:16 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-22 12:15 - 2014-11-06 17:26 - 45596672 _____ C:\Windows\system32\config\components.iodefrag.bak
 
==================== Files in the root of some directories =======
 
2014-02-13 23:27 - 2016-07-11 15:40 - 0009728 _____ () C:\Users\bill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-04 20:31 - 2012-12-04 20:31 - 0000003 _____ () C:\Users\bill\AppData\Local\updater.log
2012-12-04 20:31 - 2017-05-06 05:10 - 0000658 _____ () C:\Users\bill\AppData\Local\UserProducts.xml
2012-05-26 17:06 - 2012-05-26 17:06 - 0000000 _____ () C:\ProgramData\ca4d06f6f1583e6102664de7caa3e4bc_c
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$934f382ee646b1119c9c88b5c1e746e9
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-13 00:14
 
==================== End of FRST.txt ============================
 
The addition log is attached. Please help... I am trying to avoid a full reinstall if at all possible.

 

Attached Files



BC AdBot (Login to Remove)

 


#2 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 AM

Posted 24 May 2017 - 09:23 PM

Hello and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Special note: Please know that I am against pirating software in any form. Having pirated software on your machine is a direct violation of the Terms of Service you agreed to when creating your account. If pirated software is found on your machine, you will be asked to remove it. Refusing to do so will result in termination of assistance with your malware issues.


Now, let's get started, shall we? :thumbsup:

Due to the serious nature of the infection, I recommend you immediately use a clean computer and change the passwords of any bank accounts, PayPal accounts, etc that you access from the infected machine.

I have a question: Are you knowingly running a proxy on your machine? A proxy is a server/computer that your internet traffic passes through on it's way out to the net, and your return traffic passes through it as well. There is one setup on your machine.

Step 1: Upload File for Scanning

There is a file on your computer that I can find no information on. Please upload it to VirusTotal for scanning, then we can proceed.
  • Please go to VirusTotal.org by clicking here
  • Please click on Choose File
  • When the window opens, navigate to the location listed in the box below and select file that is listed in that location.

    C:\Users\bill\Downloads\l8k4dykk.exe

  • Once you have selected the file, click the blue Scan It! button.
  • VirusTotal will scan the file and produce a report for you. Please copy the link the address bar when it shows you the report and post it in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

VirusTotal Link

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#3 teresachristy5

teresachristy5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 24 May 2017 - 09:42 PM

Hello there! Thanks for your reply!

 

To answer your question, as far as I know, i do not have a proxy set up on my computer. Unless it could be my wireless card? Or my wireless printer?

 

The file that you could not identify is too large to be ran through the link you provided, however, I can tell you that it is the file I downloaded from the Web DR Cureit website. It is what I used to install the cureit to my PC. I have provided a screenshot for you in case this would help.

Attached Files



#4 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 AM

Posted 24 May 2017 - 10:33 PM

Hello there! Thanks for your reply!


Hello, you're very welcome. :)
 

To answer your question, as far as I know, i do not have a proxy set up on my computer. Unless it could be my wireless card? Or my wireless printer?


Thank you for your reply regarding that file. I'll remove the proxy from the machine, as most proxies are setup with the user's knowledge for specific reasons. Let's remove some malware related programs, run a fix with FRST, and get some fresh FRST logs. :thumbup2:




Please disable your antivirus for the duration of my instructions. Don't forget to re-enable it after you have completed the steps.


Step 1: Program Uninstalls

Please uninstall the following programs from your machine as they are adware/malware related. If one of the programs fails to uninstall, please move on to the next one in the list.
  • AVG Web TuneUp
  • BabylonObjectInstaller
  • Contextual Tool Sleekseek
  • GreatArcadeHits
  • PC Utility Kit
Step 2: Fix with FRST

Attention: Before running this step, please move FRST64.exe from C:\Users\bill\Downloads to your Desktop or the fix will not work. All tools must be run from the Desktop.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Save the file as fixlist.txt in the same location as the FRST executable. Both should be on the Desktop.

    Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Start
CreateRestorePoint:
CloseProcesses:
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
HKLM-x32\...\Run: [Easy Dock] => [X]
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2183752 2017-02-07] ()
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll <==== ATTENTION
HKU\S-1-5-21-43797885-4047640243-3447395773-1000\...\MountPoints2: {156d3e70-6192-11e2-88b5-c89cdca4785c} - J:\SetUp.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {156d3e70-6192-11e2-88b5-c89cdca4785c} - J:\SetUp.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {394af56d-0c65-11e2-90a7-7a8020000200} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\TL-Bootstrap.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {4dc2df49-7c42-11e1-9142-806e6f6e6963} - D:\Msetup4.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {880b8740-f010-11e2-ac8f-806e6f6e6963} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {8cc70b41-f85a-11e2-beb6-806e6f6e6963} - E:\TL_Bootstrap.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {c98f28ea-b11a-11e4-8844-c89cdca4785c} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {f1c46f6e-a9d9-11e4-8012-c89cdca4785c} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {f1c46fa9-a9d9-11e4-8012-c89cdca4785c} - F:\VZW_Software_upgrade_assistant.exe
GroupPolicyUsers\S-1-5-21-43797885-4047640243-3447395773-1000\User: Restriction - Chrome <======= ATTENTION
Winsock: Catalog5 01 mswsock.dll => No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll => No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll => No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll => No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 -> Default = {7d139a74-4e4b-d0d4-6dc7-30168d640ee9}
URLSearchHook: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 - (No Name) - {03f38c00-dda9-46bf-9475-c6997746c740} - No File
URLSearchHook: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 - (No Name) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - No File
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
SearchScopes: HKLM-x32 -> {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL = hxxp://fastestwebsearch.com/search?q={searchterms}
SearchScopes: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 -> DefaultScope {9B250290-2C8E-42E2-8BA0-1FEB920DBCB0} URL =
SearchScopes: HKU\S-1-5-21-43797885-4047640243-3447395773-1001 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
SearchScopes: HKU\S-1-5-21-43797885-4047640243-3447395773-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={2C41CACA-65C8-4956-BABC-46118C03EE35}&mid=85ae249d753c47d0ad1e19d59a4091af-a79cbb5dcdb1e31c5dd9b01c280237268f8e7523&lang=en&ds=AVG&coid=avgtbavg&cmpid=0117tb&pr=fr&d=2015-09-10 19:54:42&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-43797885-4047640243-3447395773-1001 -> {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL = hxxp://fastestwebsearch.com/search?q={searchterms}
SearchScopes: HKU\S-1-5-21-43797885-4047640243-3447395773-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-02-07] (AVG)
Toolbar: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 -> No Name - {03F38C00-DDA9-46BF-9475-C6997746C740} - No File
Toolbar: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 -> No Name - {CCE665DD-F6DD-4808-968E-EAEC971F70EF} - No File
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz => not found
FF Plugin HKU\S-1-5-21-43797885-4047640243-3447395773-1001: @us-w1.rockmelt.com/RockMelt Update;version=8 -> C:\Users\bill\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll [No File]
CHR HKU\S-1-5-21-43797885-4047640243-3447395773-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ncmdmcjifbkefpaijakdbgfjbpaonjhg] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [dlopielgodpjhkbapdlbbicpiefpaack] - C:\Users\bill\AppData\Local\Shopping Sidekick Plugin\Chrome\Shopping Sidekick Plugin.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
R2 vToolbarUpdater40.3.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-02-07] (AVG Secure Search)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-02-07] ()
S2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [X]
S2 avgsvc; "C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe" [X]
S2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [X]
Task: {0A9C92C5-B7F3-4C15-B398-623476B49F8F} - System32\Tasks\PC Utility Kit Update3 => C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe [2012-03-27] (PC Utility Kit) <==== ATTENTION
Task: {1C3450F2-FC00-4D6D-B183-E52E8232E329} - System32\Tasks\PC Utility Kit => C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe [2012-11-29] (PC Utility Kit) <==== ATTENTION
Task: {20F26BEE-8B0B-47AB-B0A6-E25A63AE64F6} - \ASC10_SkipUac_bill -> No File <==== ATTENTION
Task: {73EB2F14-2C3B-48A6-BC54-727518A002D1} - \ASC10_PerformanceMonitor -> No File <==== ATTENTION
Task: {B9AF8CF7-9EF1-4C44-88EE-65BF376AD34D} - \DTReg -> No File <==== ATTENTION
Task: C:\Windows\Tasks\PC Utility Kit Registration3.job => rundll32.exe C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\UUS3.dll <==== ATTENTION
Task: C:\Windows\Tasks\PC Utility Kit Update3.job => C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Utility Kit.job => C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe <==== ATTENTION
ProxyServer: [S-1-5-21-43797885-4047640243-3447395773-1002] => http=127.0.0.1:50444;https=127.0.0.1:50444
C:\Program Files (x86)\AVG Web TuneUp
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$934f382ee646b1119c9c88b5c1e746e9
RemoveProxy:
Cmd: netsh winsock reset catalog
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
Emptytemp:
End



Step 3: Fresh FRST Log
  • Start Farbar's Recovery Scan Tool, place a check in the Addition.txt box and press the Scan button.
  • FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Fresh FRST.txt Log

Fresh Addition.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#5 teresachristy5

teresachristy5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 26 May 2017 - 03:35 PM

Hello again! I have everything prepared to run the fix you provided, however, when I went to uninstall the programs you listed, this program does not show.

 

  • GreatArcadeHits

 

The others have been removed. I wasn't sure if I should go ahead and run the fix without that being taken out. Please let me know! And thank you again for your help!



#6 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 AM

Posted 26 May 2017 - 05:44 PM

Hello :)
 

I wasn't sure if I should go ahead and run the fix without that being taken out.


Yes, please proceed with the next steps. :thumbup2:

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#7 teresachristy5

teresachristy5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 27 May 2017 - 06:19 AM

I was wondering... How long is the fix meant to take?

 

I left it on overnight. It's been going for a little over 12 hours now and has not completed yet.. it still says fixing in progress, please wait.

 

Is this normal?



#8 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 AM

Posted 27 May 2017 - 11:20 AM

I was wondering... How long is the fix meant to take?
 
I left it on overnight. It's been going for a little over 12 hours now and has not completed yet.. it still says fixing in progress, please wait.
 
Is this normal?


Hello 😊

If the fix log is present on the Desktop, go ahead and stop FRST from running. Double-click the fix log and it should open up and it should have the results of the fix. It sounds like it froze up. If they fix log has the results inside of it, go ahead and and post it for me before running FRST to get fresh logs. If they fix log is empty, rerun the fix. It should not take too terribly long to run.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#9 teresachristy5

teresachristy5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 27 May 2017 - 11:26 AM

Oh thank goodness. I was getting concerned! Here is the requested log!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017
Ran by bill (26-05-2017 18:55:32) Run:1
Running from C:\Users\bill\Desktop
Loaded Profiles: bill (Available Profiles: Teresa & bill & diablo)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
HKLM-x32\...\Run: [Easy Dock] => [X]
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2183752 2017-02-07] ()
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll <==== ATTENTION
HKU\S-1-5-21-43797885-4047640243-3447395773-1000\...\MountPoints2: {156d3e70-6192-11e2-88b5-c89cdca4785c} - J:\SetUp.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {156d3e70-6192-11e2-88b5-c89cdca4785c} - J:\SetUp.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {394af56d-0c65-11e2-90a7-7a8020000200} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\TL-Bootstrap.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {4dc2df49-7c42-11e1-9142-806e6f6e6963} - D:\Msetup4.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {880b8740-f010-11e2-ac8f-806e6f6e6963} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {8cc70b41-f85a-11e2-beb6-806e6f6e6963} - E:\TL_Bootstrap.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {c98f28ea-b11a-11e4-8844-c89cdca4785c} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {f1c46f6e-a9d9-11e4-8012-c89cdca4785c} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {f1c46fa9-a9d9-11e4-8012-c89cdca4785c} - F:\VZW_Software_upgrade_assistant.exe
GroupPolicyUsers\S-1-5-21-43797885-4047640243-3447395773-1000\User: Restriction - Chrome <======= ATTENTION
Winsock: Catalog5 01 mswsock.dll => No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll => No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll => No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll => No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 -> Default = {7d139a74-4e4b-d0d4-6dc7-30168d640ee9}
URLSearchHook: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 - (No Name) - {03f38c00-dda9-46bf-9475-c6997746c740} - No File
URLSearchHook: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 - (No Name) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - No File
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
SearchScopes: HKLM-x32 -> {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL = hxxp://fastestwebsearch.com/search?q={searchterms}
SearchScopes: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 -> DefaultScope {9B250290-2C8E-42E2-8BA0-1FEB920DBCB0} URL =
SearchScopes: HKU\S-1-5-21-43797885-4047640243-3447395773-1001 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
SearchScopes: HKU\S-1-5-21-43797885-4047640243-3447395773-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={2C41CACA-65C8-4956-BABC-46118C03EE35}&mid=85ae249d753c47d0ad1e19d59a4091af-a79cbb5dcdb1e31c5dd9b01c280237268f8e7523&lang=en&ds=AVG&coid=avgtbavg&cmpid=0117tb&pr=fr&d=2015-09-10 19:54:42&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-43797885-4047640243-3447395773-1001 -> {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL = hxxp://fastestwebsearch.com/search?q={searchterms}
SearchScopes: HKU\S-1-5-21-43797885-4047640243-3447395773-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-02-07] (AVG)
Toolbar: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 -> No Name - {03F38C00-DDA9-46BF-9475-C6997746C740} - No File
Toolbar: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 -> No Name - {CCE665DD-F6DD-4808-968E-EAEC971F70EF} - No File
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz => not found
FF Plugin HKU\S-1-5-21-43797885-4047640243-3447395773-1001: @us-w1.rockmelt.com/RockMelt Update;version=8 -> C:\Users\bill\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll [No File]
CHR HKU\S-1-5-21-43797885-4047640243-3447395773-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ncmdmcjifbkefpaijakdbgfjbpaonjhg] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [dlopielgodpjhkbapdlbbicpiefpaack] - C:\Users\bill\AppData\Local\Shopping Sidekick Plugin\Chrome\Shopping Sidekick Plugin.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
R2 vToolbarUpdater40.3.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-02-07] (AVG Secure Search)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-02-07] ()
S2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [X]
S2 avgsvc; "C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe" [X]
S2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [X]
Task: {0A9C92C5-B7F3-4C15-B398-623476B49F8F} - System32\Tasks\PC Utility Kit Update3 => C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe [2012-03-27] (PC Utility Kit) <==== ATTENTION
Task: {1C3450F2-FC00-4D6D-B183-E52E8232E329} - System32\Tasks\PC Utility Kit => C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe [2012-11-29] (PC Utility Kit) <==== ATTENTION
Task: {20F26BEE-8B0B-47AB-B0A6-E25A63AE64F6} - \ASC10_SkipUac_bill -> No File <==== ATTENTION
Task: {73EB2F14-2C3B-48A6-BC54-727518A002D1} - \ASC10_PerformanceMonitor -> No File <==== ATTENTION
Task: {B9AF8CF7-9EF1-4C44-88EE-65BF376AD34D} - \DTReg -> No File <==== ATTENTION
Task: C:\Windows\Tasks\PC Utility Kit Registration3.job => rundll32.exe C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\UUS3.dll <==== ATTENTION
Task: C:\Windows\Tasks\PC Utility Kit Update3.job => C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Utility Kit.job => C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe <==== ATTENTION
ProxyServer: [S-1-5-21-43797885-4047640243-3447395773-1002] => http=127.0.0.1:50444;https=127.0.0.1:50444
C:\Program Files (x86)\AVG Web TuneUp
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$934f382ee646b1119c9c88b5c1e746e9
RemoveProxy:
Cmd: netsh winsock reset catalog
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
Emptytemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe => No running process found
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe => No running process found
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Easy Dock => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value not found.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => value restored successfully
HKU\S-1-5-21-43797885-4047640243-3447395773-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{156d3e70-6192-11e2-88b5-c89cdca4785c} => key not found. 
HKCR\CLSID\{156d3e70-6192-11e2-88b5-c89cdca4785c} => key not found. 
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{156d3e70-6192-11e2-88b5-c89cdca4785c} => key removed successfully
HKCR\CLSID\{156d3e70-6192-11e2-88b5-c89cdca4785c} => key not found. 
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{394af56d-0c65-11e2-90a7-7a8020000200} => key removed successfully
HKCR\CLSID\{394af56d-0c65-11e2-90a7-7a8020000200} => key not found. 
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4dc2df49-7c42-11e1-9142-806e6f6e6963} => key removed successfully
HKCR\CLSID\{4dc2df49-7c42-11e1-9142-806e6f6e6963} => key not found. 
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{880b8740-f010-11e2-ac8f-806e6f6e6963} => key removed successfully
HKCR\CLSID\{880b8740-f010-11e2-ac8f-806e6f6e6963} => key not found. 
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cc70b41-f85a-11e2-beb6-806e6f6e6963} => key removed successfully
HKCR\CLSID\{8cc70b41-f85a-11e2-beb6-806e6f6e6963} => key not found. 
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c98f28ea-b11a-11e4-8844-c89cdca4785c} => key removed successfully
HKCR\CLSID\{c98f28ea-b11a-11e4-8844-c89cdca4785c} => key not found. 
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1c46f6e-a9d9-11e4-8012-c89cdca4785c} => key removed successfully
HKCR\CLSID\{f1c46f6e-a9d9-11e4-8012-c89cdca4785c} => key not found. 
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1c46fa9-a9d9-11e4-8012-c89cdca4785c} => key removed successfully
HKCR\CLSID\{f1c46fa9-a9d9-11e4-8012-c89cdca4785c} => key not found. 
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-43797885-4047640243-3447395773-1000\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5 000000000005\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)
Winsock: Catalog5-x64 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5-x64 000000000005\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully


#10 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 AM

Posted 27 May 2017 - 11:54 AM

Hello :)

Looks like part of the fix did complete, but not all. Please delete the current fixlog on your Desktop and run the fix again. It shouldn't take too long. :thumbup2:

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#11 teresachristy5

teresachristy5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 27 May 2017 - 05:22 PM

It seems it may have frozen again... :( It has been a few hours and it still has not completed. I peeked at the fixlog just out of curiousity, and it ends at the same place the one priorly posted does.



#12 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 AM

Posted 27 May 2017 - 06:18 PM

It seems it may have frozen again... :( It has been a few hours and it still has not completed. I peeked at the fixlog just out of curiousity, and it ends at the same place the one priorly posted does.


Hello :)

Ok, go ahead and stop it for the moment. Let's get some fresh FRST Logs and see where we're at. Please post the current fixlog with the other requested logs below. :thumbup2:

Please follow the instructions in Step 3 in Post #4.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Current Fixlog.txt Log

Fresh FRST.txt Log

Fresh Addition.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#13 teresachristy5

teresachristy5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 27 May 2017 - 06:38 PM

Fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017
Ran by bill (27-05-2017 15:16:00) Run:4
Running from C:\Users\bill\Desktop
Loaded Profiles: bill (Available Profiles: Teresa & bill & diablo)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
HKLM-x32\...\Run: [Easy Dock] => [X]
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2183752 2017-02-07] ()
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll <==== ATTENTION
HKU\S-1-5-21-43797885-4047640243-3447395773-1000\...\MountPoints2: {156d3e70-6192-11e2-88b5-c89cdca4785c} - J:\SetUp.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {156d3e70-6192-11e2-88b5-c89cdca4785c} - J:\SetUp.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {394af56d-0c65-11e2-90a7-7a8020000200} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\TL-Bootstrap.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {4dc2df49-7c42-11e1-9142-806e6f6e6963} - D:\Msetup4.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {880b8740-f010-11e2-ac8f-806e6f6e6963} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {8cc70b41-f85a-11e2-beb6-806e6f6e6963} - E:\TL_Bootstrap.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {c98f28ea-b11a-11e4-8844-c89cdca4785c} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {f1c46f6e-a9d9-11e4-8012-c89cdca4785c} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\MountPoints2: {f1c46fa9-a9d9-11e4-8012-c89cdca4785c} - F:\VZW_Software_upgrade_assistant.exe
GroupPolicyUsers\S-1-5-21-43797885-4047640243-3447395773-1000\User: Restriction - Chrome <======= ATTENTION
Winsock: Catalog5 01 mswsock.dll => No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll => No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll => No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll => No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 -> Default = {7d139a74-4e4b-d0d4-6dc7-30168d640ee9}
URLSearchHook: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 - (No Name) - {03f38c00-dda9-46bf-9475-c6997746c740} - No File
URLSearchHook: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 - (No Name) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - No File
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
SearchScopes: HKLM-x32 -> {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL = hxxp://fastestwebsearch.com/search?q={searchterms}
SearchScopes: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 -> DefaultScope {9B250290-2C8E-42E2-8BA0-1FEB920DBCB0} URL =
SearchScopes: HKU\S-1-5-21-43797885-4047640243-3447395773-1001 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
SearchScopes: HKU\S-1-5-21-43797885-4047640243-3447395773-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={2C41CACA-65C8-4956-BABC-46118C03EE35}&mid=85ae249d753c47d0ad1e19d59a4091af-a79cbb5dcdb1e31c5dd9b01c280237268f8e7523&lang=en&ds=AVG&coid=avgtbavg&cmpid=0117tb&pr=fr&d=2015-09-10 19:54:42&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-43797885-4047640243-3447395773-1001 -> {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL = hxxp://fastestwebsearch.com/search?q={searchterms}
SearchScopes: HKU\S-1-5-21-43797885-4047640243-3447395773-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-02-07] (AVG)
Toolbar: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 -> No Name - {03F38C00-DDA9-46BF-9475-C6997746C740} - No File
Toolbar: HKU\S-1-5-21-43797885-4047640243-3447395773-1000 -> No Name - {CCE665DD-F6DD-4808-968E-EAEC971F70EF} - No File
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz => not found
FF Plugin HKU\S-1-5-21-43797885-4047640243-3447395773-1001: @us-w1.rockmelt.com/RockMelt Update;version=8 -> C:\Users\bill\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll [No File]
CHR HKU\S-1-5-21-43797885-4047640243-3447395773-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ncmdmcjifbkefpaijakdbgfjbpaonjhg] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [dlopielgodpjhkbapdlbbicpiefpaack] - C:\Users\bill\AppData\Local\Shopping Sidekick Plugin\Chrome\Shopping Sidekick Plugin.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
R2 vToolbarUpdater40.3.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-02-07] (AVG Secure Search)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-02-07] ()
S2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [X]
S2 avgsvc; "C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe" [X]
S2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [X]
Task: {0A9C92C5-B7F3-4C15-B398-623476B49F8F} - System32\Tasks\PC Utility Kit Update3 => C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe [2012-03-27] (PC Utility Kit) <==== ATTENTION
Task: {1C3450F2-FC00-4D6D-B183-E52E8232E329} - System32\Tasks\PC Utility Kit => C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe [2012-11-29] (PC Utility Kit) <==== ATTENTION
Task: {20F26BEE-8B0B-47AB-B0A6-E25A63AE64F6} - \ASC10_SkipUac_bill -> No File <==== ATTENTION
Task: {73EB2F14-2C3B-48A6-BC54-727518A002D1} - \ASC10_PerformanceMonitor -> No File <==== ATTENTION
Task: {B9AF8CF7-9EF1-4C44-88EE-65BF376AD34D} - \DTReg -> No File <==== ATTENTION
Task: C:\Windows\Tasks\PC Utility Kit Registration3.job => rundll32.exe C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\UUS3.dll <==== ATTENTION
Task: C:\Windows\Tasks\PC Utility Kit Update3.job => C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Utility Kit.job => C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe <==== ATTENTION
ProxyServer: [S-1-5-21-43797885-4047640243-3447395773-1002] => http=127.0.0.1:50444;https=127.0.0.1:50444
C:\Program Files (x86)\AVG Web TuneUp
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$934f382ee646b1119c9c88b5c1e746e9
RemoveProxy:
Cmd: netsh winsock reset catalog
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
Emptytemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe => No running process found
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe => No running process found
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Easy Dock => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value not found.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => value restored successfully
HKU\S-1-5-21-43797885-4047640243-3447395773-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{156d3e70-6192-11e2-88b5-c89cdca4785c} => key not found. 
HKCR\CLSID\{156d3e70-6192-11e2-88b5-c89cdca4785c} => key not found. 
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{156d3e70-6192-11e2-88b5-c89cdca4785c} => key not found. 
HKCR\CLSID\{156d3e70-6192-11e2-88b5-c89cdca4785c} => key not found. 
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{394af56d-0c65-11e2-90a7-7a8020000200} => key not found. 
HKCR\CLSID\{394af56d-0c65-11e2-90a7-7a8020000200} => key not found. 
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4dc2df49-7c42-11e1-9142-806e6f6e6963} => key removed successfully
HKCR\CLSID\{4dc2df49-7c42-11e1-9142-806e6f6e6963} => key not found. 
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{880b8740-f010-11e2-ac8f-806e6f6e6963} => key not found. 
HKCR\CLSID\{880b8740-f010-11e2-ac8f-806e6f6e6963} => key not found. 
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cc70b41-f85a-11e2-beb6-806e6f6e6963} => key not found. 
HKCR\CLSID\{8cc70b41-f85a-11e2-beb6-806e6f6e6963} => key not found. 
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c98f28ea-b11a-11e4-8844-c89cdca4785c} => key not found. 
HKCR\CLSID\{c98f28ea-b11a-11e4-8844-c89cdca4785c} => key not found. 
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1c46f6e-a9d9-11e4-8012-c89cdca4785c} => key not found. 
HKCR\CLSID\{f1c46f6e-a9d9-11e4-8012-c89cdca4785c} => key not found. 
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1c46fa9-a9d9-11e4-8012-c89cdca4785c} => key not found. 
HKCR\CLSID\{f1c46fa9-a9d9-11e4-8012-c89cdca4785c} => key not found. 
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-43797885-4047640243-3447395773-1000\User" => not found.
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5 000000000005\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)
Winsock: Catalog5-x64 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5-x64 000000000005\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.


#14 teresachristy5

teresachristy5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 27 May 2017 - 06:40 PM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2017
Ran by bill (administrator) on CHRISTY-PC (27-05-2017 19:23:19)
Running from C:\Users\bill\Desktop
Loaded Profiles: bill (Available Profiles: Teresa & bill & diablo)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [270912 2015-06-17] (CANON INC.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5296416 2017-04-11] (IObit)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\Policies\Explorer: [HideSCAHealth] 1
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{274CD07B-E536-4377-85DD-CA653E3D3CF9}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{D6AAC21F-A3C6-4CFF-81C3-42552D287C5D}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131397850551111443&GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {9B250290-2C8E-42E2-8BA0-1FEB920DBCB0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {9B250290-2C8E-42E2-8BA0-1FEB920DBCB0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL = hxxp://fastestwebsearch.com/search?q={searchterms}
SearchScopes: HKU\S-1-5-21-43797885-4047640243-3447395773-1001 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = 
SearchScopes: HKU\S-1-5-21-43797885-4047640243-3447395773-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={2C41CACA-65C8-4956-BABC-46118C03EE35}&mid=85ae249d753c47d0ad1e19d59a4091af-a79cbb5dcdb1e31c5dd9b01c280237268f8e7523&lang=en&ds=AVG&coid=avgtbavg&cmpid=0117tb&pr=fr&d=2015-09-10 19:54:42&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-43797885-4047640243-3447395773-1001 -> {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL = hxxp://fastestwebsearch.com/search?q={searchterms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO-x32: FBDownloader BHO -> {553318DA-D010-469E-84B1-496563CAE1BF} -> C:\Program Files (x86)\HTTO Group, Ltd\FBDownloader IE Add-on\FBDownloader.dll [2012-05-25] (HTTO Group, Ltd)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2016-12-22] (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll [2016-12-22] (IObit)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [fbdownloader@KMcore] - C:\Program Files (x86)\SDIV 2.0\Lib\xpi
FF Extension: (fbdownloader) - C:\Program Files (x86)\SDIV 2.0\Lib\xpi [2012-05-25] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-43797885-4047640243-3447395773-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\bill\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-30] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-43797885-4047640243-3447395773-1001: @us-w1.rockmelt.com/RockMelt Update;version=8 -> C:\Users\bill\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll [No File]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default [2017-05-27]
CHR Extension: (Google Drive) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
CHR Extension: (Google Search) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Spelunky) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogggnbbinagpdjpnmfihhgdlogfdmdko [2016-09-29]
CHR Extension: (Gmail) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
CHR HKLM-x32\...\Chrome\Extension: [dlopielgodpjhkbapdlbbicpiefpaack] - C:\Users\bill\AppData\Local\Shopping Sidekick Plugin\Chrome\Shopping Sidekick Plugin.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [pollkeobaahnbmpcgombjfibedabcddd] - C:\Program Files (x86)\SDIV 2.0\Lib\FBDownloader.crx [2012-05-24]
StartMenuInternet: Google Chrome.Teresa - C:\Users\Teresa\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1764640 2017-04-11] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
S2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [X]
S2 avgsvc; "C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe" [X]
S2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360400 2015-05-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [204704 2015-07-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [249296 2015-05-26] (AVG Technologies CZ, s.r.o.)
S3 hitmanpro36; C:\Windows\system32\drivers\hitmanpro36.sys [30496 2012-11-07] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-25] (REALiX™)
R1 IMFCameraProtect; C:\Windows\system32\drivers\IMFCameraProtect.sys [26272 2017-03-29] (IObit.com)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFDownProtect.sys [21360 2017-03-08] (IObit.com)
R3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [22440 2016-12-22] (IObit)
R3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFForceDelete.sys [16216 2017-03-29] (IObit.com)
S3 PTDUBus; C:\Windows\System32\DRIVERS\PTDUBus.sys [70672 2009-08-12] (DEVGURU Co., LTD.)
S3 PTDUMdm; C:\Windows\System32\DRIVERS\PTDUMdm.sys [173456 2009-08-12] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTDUVsp; C:\Windows\System32\DRIVERS\PTDUVsp.sys [173456 2009-08-12] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTDUWFLT; C:\Windows\System32\DRIVERS\PTDUWFLT.sys [12688 2009-08-12] (DEVGURU Co., LTD.)
S3 PTDUWWAN; C:\Windows\System32\DRIVERS\PTDUWWAN.sys [141840 2009-08-12] (DEVGURU Co., LTD.)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34752 2016-11-03] (IObit.com)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-27 19:23 - 2017-05-27 19:24 - 00015905 _____ C:\Users\bill\Desktop\FRST.txt
2017-05-26 18:55 - 2017-05-27 15:16 - 00011137 _____ C:\Users\bill\Desktop\Fixlog.txt
2017-05-26 18:55 - 2017-05-26 18:55 - 00000000 ____D C:\Users\bill\Desktop\FRST-OlderVersion
2017-05-26 16:19 - 2017-05-26 16:20 - 00007332 _____ C:\Users\bill\Desktop\fixlist.txt
2017-05-20 18:55 - 2017-05-20 18:56 - 00039767 _____ C:\Users\bill\Downloads\Addition.txt
2017-05-20 18:54 - 2017-05-27 15:16 - 00000000 ____D C:\FRST
2017-05-20 18:54 - 2017-05-20 18:56 - 00062383 _____ C:\Users\bill\Downloads\FRST.txt
2017-05-20 18:53 - 2017-05-26 18:55 - 02429952 _____ (Farbar) C:\Users\bill\Desktop\FRST64.exe
2017-05-20 18:30 - 2017-05-20 19:00 - 00003192 _____ C:\Users\bill\Desktop\Rkill.txt
2017-05-20 18:01 - 2017-05-20 18:15 - 152426840 _____ C:\Users\bill\Downloads\l8k4dykk.exe
2017-05-20 17:59 - 2017-05-20 17:59 - 00000000 ____D C:\Users\bill\Doctor Web
2017-05-20 17:32 - 2017-05-20 17:59 - 149014104 _____ C:\Users\bill\Downloads\cureit.exe
2017-05-20 17:28 - 2017-05-20 17:29 - 16778594 _____ C:\Users\bill\Downloads\drweb-11.1.1-ss-android.apk
2017-05-20 17:16 - 2017-05-20 17:16 - 00448512 _____ (OldTimer Tools) C:\Users\bill\Downloads\TFC.exe
2017-05-20 16:58 - 2017-05-20 16:58 - 00002910 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_diablo
2017-05-20 16:58 - 2017-05-20 16:58 - 00000000 ____D C:\Users\diablo\AppData\LocalLow\IObit
2017-05-20 16:36 - 2017-05-20 16:36 - 00000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-05-20 16:17 - 2017-05-20 16:17 - 00001049 _____ C:\Users\diablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-05-20 16:17 - 2017-05-20 16:17 - 00001049 _____ C:\Users\bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-05-20 15:59 - 2017-05-20 15:59 - 00000000 ____D C:\Users\bill\AppData\Local\AvgSetupLog
2017-05-20 14:43 - 2017-05-20 14:43 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\bill\Desktop\rkill.exe
2017-05-20 14:23 - 2017-05-20 15:36 - 00280360 _____ C:\Windows\ntbtlog.txt
2017-05-18 20:21 - 2017-05-18 20:22 - 00003168 _____ C:\Windows\System32\Tasks\SmartDefrag_AutoAnalyze
2017-05-18 20:21 - 2017-05-18 20:21 - 00003016 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup
2017-05-18 20:21 - 2017-05-18 20:21 - 00003014 _____ C:\Windows\System32\Tasks\SmartDefrag_Update
2017-05-18 19:53 - 2017-05-18 19:53 - 00000000 ____H C:\asc_rdflag
2017-05-18 16:25 - 2017-05-18 16:25 - 00001180 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2017-05-18 16:25 - 2017-05-18 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2017-05-18 16:25 - 2017-03-29 18:05 - 00026272 _____ (IObit.com) C:\Windows\system32\Drivers\IMFCameraProtect.sys
2017-05-18 16:24 - 2017-05-18 16:24 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2017-05-16 00:23 - 2017-05-16 00:23 - 00000000 ____D C:\Users\bill\AppData\Roaming\Google
2017-05-12 21:44 - 2017-05-12 21:44 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-05-12 21:44 - 2017-05-12 21:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-05-12 21:44 - 2017-05-12 21:44 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-12 21:44 - 2017-05-12 21:44 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-12 21:44 - 2017-05-12 21:44 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-12 21:44 - 2017-05-12 21:44 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-12 21:44 - 2017-05-12 21:44 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-05-12 21:44 - 2017-05-12 21:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-05-12 21:44 - 2017-05-12 21:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-12 21:44 - 2017-05-12 21:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-12 21:44 - 2017-05-12 21:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-12 21:44 - 2017-05-12 21:44 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-12 21:44 - 2017-05-12 21:44 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-12 21:44 - 2017-05-12 21:44 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-12 21:44 - 2017-05-12 21:44 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-06 05:10 - 2017-05-06 05:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-27 19:19 - 2012-04-04 13:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-27 18:41 - 2012-07-27 16:36 - 00000924 _____ C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-43797885-4047640243-3447395773-1001UA.job
2017-05-27 18:27 - 2012-04-17 20:00 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-43797885-4047640243-3447395773-1000UA.job
2017-05-27 18:00 - 2013-01-07 13:33 - 00000478 _____ C:\Windows\Tasks\PC Utility Kit Registration3.job
2017-05-27 17:19 - 2012-12-04 20:31 - 00000386 _____ C:\Windows\Tasks\update-sys.job
2017-05-27 17:08 - 2012-12-04 20:31 - 00000386 _____ C:\Windows\Tasks\update-S-1-5-21-43797885-4047640243-3447395773-1001.job
2017-05-27 16:41 - 2012-07-27 16:36 - 00000872 _____ C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-43797885-4047640243-3447395773-1001Core.job
2017-05-27 14:27 - 2012-04-17 20:00 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-43797885-4047640243-3447395773-1000Core.job
2017-05-26 19:49 - 2013-08-14 13:03 - 00000008 __RSH C:\Users\bill\ntuser.pol
2017-05-26 19:49 - 2012-04-01 20:49 - 00000000 ____D C:\Users\bill
2017-05-26 19:40 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-05-26 18:55 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-05-26 18:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-05-26 17:16 - 2012-05-09 23:55 - 00000000 ____D C:\Users\bill\AppData\Local\ElevatedDiagnostics
2017-05-26 16:36 - 2009-07-14 00:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-26 16:36 - 2009-07-14 00:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-26 16:32 - 2016-01-12 23:42 - 00002906 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_bill
2017-05-26 16:31 - 2017-01-23 11:54 - 00002876 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (bill)
2017-05-26 16:28 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-26 16:23 - 2013-12-24 18:43 - 00000000 ____D C:\Users\diablo
2017-05-26 16:23 - 2012-04-01 16:34 - 00000000 ____D C:\Users\Teresa
2017-05-25 18:19 - 2013-01-07 13:33 - 00000444 _____ C:\Windows\Tasks\PC Utility Kit Update3.job
2017-05-22 18:32 - 2015-09-10 19:55 - 00000351 _____ C:\prefs.js
2017-05-22 18:31 - 2014-07-31 15:06 - 00000000 ____D C:\ProgramData\ProductData
2017-05-21 01:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-05-20 18:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Resources
2017-05-20 18:11 - 2016-09-18 14:52 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-20 17:23 - 2013-01-07 13:43 - 00000000 ____D C:\ProgramData\IObit
2017-05-20 17:02 - 2013-01-24 22:48 - 00000000 ____D C:\Users\Teresa\AppData\Roaming\IObit
2017-05-20 17:00 - 2013-08-23 18:11 - 00597236 __RSH C:\Users\Teresa\ntuser.pol
2017-05-20 16:58 - 2017-02-24 10:51 - 00000000 ____D C:\Users\diablo\AppData\Roaming\ProductData
2017-05-20 16:58 - 2014-02-07 22:57 - 00000000 ____D C:\Users\diablo\AppData\Roaming\IObit
2017-05-20 16:56 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2017-05-20 16:36 - 2016-01-12 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2017-05-20 16:24 - 2014-05-04 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-05-20 16:24 - 2012-11-24 21:54 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2017-05-20 16:21 - 2012-06-17 21:06 - 00000000 ____D C:\Program Files (x86)\The Weather Channel
2017-05-20 16:20 - 2012-05-22 23:41 - 00000000 ____D C:\Users\bill\AppData\Local\The Weather Channel
2017-05-20 16:01 - 2012-12-16 21:56 - 00000000 __HDC C:\ProgramData\~0
2017-05-20 16:00 - 2012-12-10 20:19 - 00000000 ____D C:\Program Files (x86)\AVG
2017-05-20 15:52 - 2012-12-10 19:57 - 00000000 ____D C:\ProgramData\MFAData
2017-05-20 15:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help
2017-05-20 13:36 - 2016-09-20 05:31 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-05-18 20:21 - 2016-12-05 19:12 - 00001163 _____ C:\Users\Public\Desktop\Smart Defrag 5.lnk
2017-05-18 20:21 - 2016-12-05 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2017-05-18 20:07 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-18 19:53 - 2014-09-04 19:56 - 79970304 _____ C:\Windows\system32\config\software.iodefrag.bak
2017-05-18 19:53 - 2014-09-04 19:56 - 00286720 _____ C:\Windows\system32\config\default.iodefrag.bak
2017-05-18 19:53 - 2014-09-04 19:56 - 00135168 _____ C:\Windows\system32\config\sam.iodefrag.bak
2017-05-18 19:53 - 2014-09-04 19:56 - 00032768 _____ C:\Windows\system32\config\security.iodefrag.bak
2017-05-18 16:25 - 2013-01-07 13:43 - 00000000 ____D C:\Program Files (x86)\IObit
2017-05-15 18:29 - 2014-02-08 00:14 - 00002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-15 18:29 - 2014-02-08 00:14 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-14 22:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-05-14 18:05 - 2009-07-14 00:45 - 00269128 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-14 18:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-10 22:49 - 2017-03-18 13:09 - 00004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-10 22:49 - 2017-02-28 21:14 - 00004452 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-05-10 22:49 - 2012-04-04 13:15 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-10 22:49 - 2012-04-04 13:15 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-10 22:49 - 2012-04-04 13:15 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-06 05:10 - 2012-12-04 20:31 - 00003258 _____ C:\Windows\System32\Tasks\update-S-1-5-21-43797885-4047640243-3447395773-1001
2017-05-06 05:10 - 2012-12-04 20:31 - 00000658 _____ C:\Users\bill\AppData\Local\UserProducts.xml
2017-04-27 17:53 - 2012-04-04 13:16 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-27 17:53 - 2012-04-04 13:16 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2014-02-13 23:27 - 2016-07-11 15:40 - 0009728 _____ () C:\Users\bill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-04 20:31 - 2012-12-04 20:31 - 0000003 _____ () C:\Users\bill\AppData\Local\updater.log
2012-12-04 20:31 - 2017-05-06 05:10 - 0000658 _____ () C:\Users\bill\AppData\Local\UserProducts.xml
2012-05-26 17:06 - 2012-05-26 17:06 - 0000000 _____ () C:\ProgramData\ca4d06f6f1583e6102664de7caa3e4bc_c
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$934f382ee646b1119c9c88b5c1e746e9
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-23 10:14
 
==================== End of FRST.txt ============================

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017
Ran by bill (27-05-2017 19:24:25)
Running from C:\Users\bill\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-04-01 20:34:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-43797885-4047640243-3447395773-500 - Administrator - Disabled)
bill (S-1-5-21-43797885-4047640243-3447395773-1001 - Administrator - Enabled) => C:\Users\bill
diablo (S-1-5-21-43797885-4047640243-3447395773-1002 - Administrator - Enabled) => C:\Users\diablo
Guest (S-1-5-21-43797885-4047640243-3447395773-501 - Limited - Enabled)
Teresa (S-1-5-21-43797885-4047640243-3447395773-1000 - Limited - Enabled) => C:\Users\Teresa
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (x32 Version: 2.6.2.4 - Intel) Hidden
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.3.0 - IObit)
AVG 2013 (Version: 13.0.3544 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4460 - AVG Technologies) Hidden
AVG Zen (Version: 1.116.2 - AVG Technologies) Hidden
Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}) (Version: 1.0.0.10 - Belkin)
Belkin USB Wireless Adaptor (x32 Version: 1.0.0.10 - Belkin) Hidden
Bucksbee Loyalty Plugin - Guppy Media (HKLM-x32\...\Bucksbee Loyalty Plugin - Guppy Media) (Version:  - )
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.0.19 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.3.1.4 - Canon Inc.)
Canon MG3000 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3000_series) (Version: 1.01 - Canon Inc.)
Canon MG3000 series User Registration (HKLM-x32\...\Canon MG3000 series User Registration) (Version:  - ‭Canon Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Booster 3.4 (HKLM-x32\...\Driver Booster_is1) (Version: 3.4 - IObit)
FBDownloader IE Add-on (x32 Version: 1.0.3 - HTTO Group, Ltd) Hidden
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4101 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{66307462-7d19-4f1a-af82-aa04b6017f05}) (Version: 2.6.2.4 - Intel)
IObit Malware Fighter 5 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 5.0 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.4.0.125 - IObit)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PANTECH UM175 Driver (HKLM\...\{C13AF9C7-8E06-4354-B629-DF6192CE4A66}) (Version: 3.3.3524.918 - PANTECH CO.,LTD)
RCA easyRip 2.6.0.0 (HKLM-x32\...\RCA easyRip_is1) (Version:  - RCA)
RCA Updater 2.1.7.1 (HKLM-x32\...\RCA Updater_is1) (Version:  - RCA)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6343 - Realtek Semiconductor Corp.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.5.1 - IObit)
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
Unity Web Player (HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
World of Warships (HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0012C555-49CD-40E3-9AB2-C810BD1BBED5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {0127C7DD-F199-4302-9CEE-788A46958CDE} - System32\Tasks\1015tbUpdateInfo => C:\ProgramData\Avg_Update_1015tb\1015tb_{9FB0CA23-2589-4B35-97EB-75C63D5ABAEA}.exe 
Task: {024DCAF0-FB51-4C9E-A9E9-850A690F8956} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-06-24] (IObit)
Task: {07EAF0A5-C9FB-40AC-988B-3535BDD490C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {08B66CC8-CD58-48A4-8BB5-F9BEB7AD8AE9} - System32\Tasks\RockMeltUpdateTaskUserS-1-5-21-43797885-4047640243-3447395773-1001Core => C:\Users\bill\AppData\Local\RockMelt\Update\RockMeltUpdate.exe 
Task: {0A9C92C5-B7F3-4C15-B398-623476B49F8F} - System32\Tasks\PC Utility Kit Update3 => C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe  <==== ATTENTION
Task: {0E516633-5C76-4C9E-A0EC-5DC5013E4DE2} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {1E4539FE-4EAA-4846-B014-A2221D2C812C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {20F26BEE-8B0B-47AB-B0A6-E25A63AE64F6} - \ASC10_SkipUac_bill -> No File <==== ATTENTION
Task: {31CA30AF-A841-4B9A-A321-BE251E4817D9} - System32\Tasks\0316tbUpdateInfo => C:\ProgramData\Avg_Update_0316tb\0316tb_{3FEA5212-BB66-4A71-81F6-598B1676F577}.exe 
Task: {4692EE4D-4999-4741-94EB-7EB2127309DD} - System32\Tasks\update-S-1-5-21-43797885-4047640243-3447395773-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {568119CB-0425-4001-A727-75F7C111D1C3} - System32\Tasks\PC Utility Kit Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\UUS3.dll" RunUns
Task: {5B546A18-B88F-4B6A-A741-5EFDD7C50E66} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe 
Task: {5C44A1B8-6730-4F2F-AD10-E1FE8B35AADC} - System32\Tasks\0915tbUpdateInfo => C:\ProgramData\Avg_Update_0915tb\0915tb_{58240CDA-FA6C-4C84-8CFF-68E1E0CD430C}.exe 
Task: {5D9C7239-F1FC-4303-B538-706CB2E3E2A6} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-05-18] (IObit)
Task: {6240FFA4-AE38-49EE-845A-32518462A7F0} - System32\Tasks\Driver Booster SkipUAC (bill) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-05-23] (IObit)
Task: {65C54B0A-C49C-487B-9497-D5192F283EC0} - System32\Tasks\{B74B29C1-C857-4104-816C-02D248040AC2} => pcalua.exe -a "C:\Program Files\InterActual\InterActual Player\inuninst.exe"
Task: {73EB2F14-2C3B-48A6-BC54-727518A002D1} - \ASC10_PerformanceMonitor -> No File <==== ATTENTION
Task: {85E59929-84EF-472A-9ADF-D628EEFF559A} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {8A4FCB0B-5326-4B2F-8589-CF75B3066F46} - System32\Tasks\Uninstaller_SkipUac_diablo => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-06-24] (IObit)
Task: {8BC5C048-7E0C-4DE0-ADB2-44A6D4760FC1} - System32\Tasks\RockMeltUpdateTaskUserS-1-5-21-43797885-4047640243-3447395773-1001UA => C:\Users\bill\AppData\Local\RockMelt\Update\RockMeltUpdate.exe 
Task: {9032052D-8F7A-4046-8D3E-78693DF594F0} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {9A0DD0CE-307C-4997-B11C-04F9AA4569E5} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {9A6E2F8A-9456-49B2-B1E6-C295EAED8A0D} - System32\Tasks\{1A479979-8E7C-4E29-A8D3-E4A0DDD5E061} => pcalua.exe -a "C:\Users\bill\Downloads\dxwebsetup (1).exe" -d C:\Users\bill\Downloads
Task: {AE58190F-CF49-4A44-84C5-385F24A28A5C} - System32\Tasks\Uninstaller_SkipUac_bill => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-06-24] (IObit)
Task: {B9AF8CF7-9EF1-4C44-88EE-65BF376AD34D} - \DTReg -> No File <==== ATTENTION
Task: {BC3C0994-727E-4FCA-80F9-4AD5A7BC2B1A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-43797885-4047640243-3447395773-1000Core => C:\Users\Teresa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04] (Google Inc.)
Task: {C4F6D7AC-181C-47CA-B4CD-CE99689D4599} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-04-10] (IObit)
Task: {C93D21A3-BD71-4C00-A01E-795202254036} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {DB3E8635-BCF0-409F-992F-095B089D7634} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2017-04-19] (IObit)
Task: {EE362EE3-EDA7-40E4-ADEC-8C707902589E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-43797885-4047640243-3447395773-1000UA => C:\Users\Teresa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04] (Google Inc.)
Task: {F4546EF6-69DD-4460-9976-E32BC819C8C1} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {F64E14F2-6CDD-4730-AD87-035118085587} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\0316tbUpdateInfo.job => C:\ProgramData\Avg_Update_0316tb\0316tb_{3FEA5212-BB66-4A71-81F6-598B1676F577}.exe
Task: C:\Windows\Tasks\0915tbUpdateInfo.job => C:\ProgramData\Avg_Update_0915tb\0915tb_{58240CDA-FA6C-4C84-8CFF-68E1E0CD430C}.exe
Task: C:\Windows\Tasks\1015tbUpdateInfo.job => C:\ProgramData\Avg_Update_1015tb\1015tb_{9FB0CA23-2589-4B35-97EB-75C63D5ABAEA}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-43797885-4047640243-3447395773-1000Core.job => C:\Users\Teresa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-43797885-4047640243-3447395773-1000UA.job => C:\Users\Teresa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PC Utility Kit Registration3.job => rundll32.exe   C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\UUS3.dll <==== ATTENTION
Task: C:\Windows\Tasks\PC Utility Kit Update3.job => C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-43797885-4047640243-3447395773-1001Core.job => C:\Users\bill\AppData\Local\RockMelt\Update\RockMeltUpdate.exe
Task: C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-43797885-4047640243-3447395773-1001UA.job => C:\Users\bill\AppData\Local\RockMelt\Update\RockMeltUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-43797885-4047640243-3447395773-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Spelunky.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ogggnbbinagpdjpnmfihhgdlogfdmdko
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-05-15 18:29 - 2017-05-09 05:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-15 18:29 - 2017-05-09 05:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-43797885-4047640243-3447395773-1001\...\100sexlinks.com -> 100sexlinks.com
 
There are 4789 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-43797885-4047640243-3447395773-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\bill\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: Easy Dock => C:\Users\bill\Documents\RCA easyRip\EZDock.exe
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: Otshot => c:\program files\otshot\otshot.exe -minimize
MSCONFIG\startupreg: RockMelt Update => "C:\Users\bill\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
MSCONFIG\startupreg: Spotify => "C:\Users\bill\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\bill\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{62C3D466-7BBB-428A-B823-8B5D961B81D1}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{3DAE6F8E-2B2D-401D-A676-9F183F771DE5}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{60B05A5C-C781-42CB-90AF-33AB4B61AD03}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{87EC2E14-4A61-456B-938B-62E65D336666}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{31F3E0F7-2961-4708-AA7B-02240263FEEF}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{3120CD14-43E0-45F7-8FD7-C4D00A24C459}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{06E17815-D02D-4526-AF21-C51375AF80C8}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{0E2183D0-AC25-4B2B-9E51-01A985726629}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{66CED165-DEEC-4566-9899-30E6BB9898A3}] => (Allow) C:\Users\diablo\AppData\Local\Torch\Application\torch.exe
FirewallRules: [{CD68F8B6-F0C4-4DFC-8E7F-BB51250CE5FC}] => (Allow) C:\Users\diablo\AppData\Local\Torch\Application\torch.exe
FirewallRules: [{28AECDB9-5B83-4046-9337-D19C12C994D7}] => (Allow) C:\Users\diablo\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe
FirewallRules: [{8AAD7FBC-46D9-4771-86E3-54EC1D1CBE00}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1195D5E3-F5E8-4BB0-A8E4-8FD2B27D4538}] => (Block) LPort=445
FirewallRules: [{874FE36D-5ABB-4300-92EF-697213B33B35}] => (Block) LPort=445
FirewallRules: [{435C1483-570F-4616-9E2F-6521412B3085}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{366F0214-7ADD-4E47-8255-62FC4B18A59D}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{0B72A8FC-F1B4-49D7-B005-DAC63359C54B}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{2D4E455B-D9A7-4BE2-8EF9-ACEE51333246}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
 
==================== Restore Points =========================
 
25-05-2017 15:26:28 Scheduled Checkpoint
26-05-2017 06:35:04 Windows Update
26-05-2017 16:21:41 Removed BabylonObjectInstaller
26-05-2017 18:55:36 Restore Point Created by FRST
27-05-2017 13:26:05 Restore Point Created by FRST
27-05-2017 13:49:08 Restore Point Created by FRST
27-05-2017 15:16:00 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/27/2017 06:24:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 24.5.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e2c
 
Start Time: 01d2d71daba67a7d
 
Termination Time: 0
 
Application Path: C:\Users\bill\Desktop\FRST64.exe
 
Report Id:
 
Error: (05/27/2017 03:10:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 24.5.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c94
 
Start Time: 01d2d711890052f0
 
Termination Time: 0
 
Application Path: C:\Users\bill\Desktop\FRST64.exe
 
Report Id:
 
Error: (05/27/2017 01:48:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 24.5.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a7c
 
Start Time: 01d2d70e4e9775cb
 
Termination Time: 16
 
Application Path: C:\Users\bill\Desktop\FRST64.exe
 
Report Id:
 
Error: (05/27/2017 12:23:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 24.5.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1720
 
Start Time: 01d2d6732b4526d6
 
Termination Time: 0
 
Application Path: C:\Users\bill\Desktop\FRST64.exe
 
Report Id:
 
Error: (05/26/2017 06:55:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c0e2a1cd-e93c-4de7-b200-cc9ef5c2c584}
 
Error: (05/26/2017 04:29:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/22/2017 06:32:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/20/2017 06:29:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/20/2017 05:22:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/20/2017 04:41:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1a1c
 
Start Time: 01d2d1a952b3404f
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 
Report Id: b804fd08-3d9c-11e7-911c-c89cdca4785c
 
 
System errors:
=============
Error: (05/27/2017 03:16:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (05/27/2017 03:16:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (05/27/2017 01:49:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (05/27/2017 01:49:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (05/27/2017 01:49:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (05/27/2017 01:49:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (05/27/2017 01:49:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (05/27/2017 01:26:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/27/2017 01:26:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/27/2017 01:26:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G620 @ 2.60GHz
Percentage of memory in use: 55%
Total physical RAM: 4040.01 MB
Available physical RAM: 1792.63 MB
Total Virtual: 8078.21 MB
Available Virtual: 5821.93 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:931.31 GB) (Free:841.09 GB) NTFS
Drive d: (CANON_IJ) (CDROM) (Total:0.48 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C4E69C05)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#15 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 AM

Posted 27 May 2017 - 07:22 PM

Hello :)

Ok, I want to run a small FRST fix to deal with the Zero Access infection, then 2 other tools to clean some other entries out. After that, let's get some fresh FRST logs to see what remains. :thumbup2:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable it after you have completed the steps.

Step 1: Fix with FRST

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.

    Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Start:
CreateRestorePoint:
CloseProcesses:
C:\$Recycle.Bin\S-1-5-18\$934f382ee646b1119c9c88b5c1e746e9
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
Emptytemp:
End:



Step 2: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


iO5EZayK_zpsdklakbrn.png
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
  • Please Check the following options:
    • Reset Proxy Settings
    • Reset Winsock Settings
    • Reset TCP/IP Settings
    • Reset Firewall Settings
    • Reset IPSec Settings
    • Reset BITS Queue
    • Reset Internet Explorer Policies
    • Reset Chrome Policies
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\Adwcleaner
Step 3: Junkware Removal Tool

junkware-removal-tool_zpspjolgpuh.png Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: Fresh FRST Logs
  • Start Farbar's Recovery Scan Tool, place a check in the Addition.txt box and press the Scan button.
  • FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST.txt Log

Fresh Addition.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.








0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users