Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent Gen-Renamer, Virus.Renamer, Win.Virus.Gnamer-1


  • This topic is locked This topic is locked
13 replies to this topic

#1 patch18AT

patch18AT

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:00 AM

Posted 01 June 2017 - 01:05 PM

Hello, 

 

Let me start by providing some background context. I ran a virus scan (using ClamAV which came with the NAS) on my NAS and the results showed that I had files infected with Win.Virus.Gnamer-1. I deleted whatever infected files I had and ran scans again until it reported the NAS was clean.

 

I noticed these files were ones that I had copied from my laptop so I ran a full scan on my laptop.

 

Lo and behold both Malwarebytes and SuperAntiSpyware showed that I had been infected with Trojan.Agent Gen-Renamer and Virus.Renamer. I deleted/quarantined the infected files and ran scans again until both Malwarebytes and SuperAntiSpyware reported the laptop was clean.

 

I noticed when I went to turn off my computer I got a pop-up from Windows warning me that if I shut down the computer 'all users will be logged off'. I thought this is strange as my profile is the only user on this laptop.

 

To be extra sure I also booted from USB into Kaspersky Rescue Disk and ran full scans of my laptop. Kaspersky reported back that some of my USB driver files were infected with Win.Renamer so I deleted/quarantined whatever was dirty. I ran Kaspersky about 2-3 times until it reported no viruses found. I saw in the results of Kaspersky that it had deleted a few exes from the Guest user account. So I went to look in C:\User\Guest\Desktop folder and there was an exe called DoNotPowerOff.exe and a couple exes that I did not recognise - I deleted them.

 

I then booted into Safe mode and ran deep scans using Malwarebytes, SuperAntiSpyware and Microsoft Security Essentials.

 

All reported that my computer was clean.

 

My question is - how do I know that I am actually clean without doing a format of my computer?

 

Thank you for your time.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-05-2017
Ran by barely broke (administrator) on BARELYBROKE-PC (01-06-2017 22:31:52)
Running from C:\Users\barely broke\Desktop
Loaded Profiles: barely broke (Available Profiles: barely broke & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Trend Micro Inc.) C:\Users\barely broke\Desktop\HijackThis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3206816 2010-08-04] (Dell Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7666392 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-15] (Synaptics Incorporated)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] ()
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-02] (UltimateOutsider)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [282624 2016-05-27] (Apple Computer, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKU\S-1-5-21-1535247676-259750934-2603864087-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1535247676-259750934-2603864087-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-1535247676-259750934-2603864087-1000\...\MountPoints2: {1b97dca8-2616-11e6-9c06-f04da269a6f1} - E:\AutoRun.exe
HKU\S-1-5-21-1535247676-259750934-2603864087-1000\...\MountPoints2: {1eb46f23-6f0f-11e5-ab3e-f04da269a6f1} - E:\startme.exe
HKU\S-1-5-21-1535247676-259750934-2603864087-1000\...\MountPoints2: {25e7ba1c-b4d3-11e4-a939-f04da269a6f1} - E:\startme.exe
HKU\S-1-5-21-1535247676-259750934-2603864087-1000\...\MountPoints2: {89247db2-88bd-11e4-b14b-806e6f6e6963} - D:\autoRcd.exe
HKU\S-1-5-21-1535247676-259750934-2603864087-1000\...\MountPoints2: {d3b84e4c-882b-11e4-94b7-806e6f6e6963} - D:\autoRcd.exe
HKU\S-1-5-21-1535247676-259750934-2603864087-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SYSTEM32\AcSignIcon.dll [2014-04-15] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2017-05-31]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\barely broke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar899.lnk [2017-05-31]
ShortcutTarget: Sidebar899.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-1535247676-259750934-2603864087-1000] => localhost:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{08AC4C24-D7CB-4BE0-AF01-99E8FE78E58E}: [DhcpNameServer] 54.93.169.181 212.71.249.225
Tcpip\..\Interfaces\{0E0F1096-DB0D-49CB-9873-AC1E9D9C602F}: [NameServer] 54.252.183.4,54.252.183.5
Tcpip\..\Interfaces\{0E0F1096-DB0D-49CB-9873-AC1E9D9C602F}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5CD01A13-24A1-4A54-8FC0-B6325FB78091}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{72DBA0FE-04F3-4D2A-ABF6-461B54287A5D}: [DhcpNameServer] 192.168.8.1 192.168.8.1
 
Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1535247676-259750934-2603864087-1000 -> DefaultScope {30B63421-98A8-4AE4-87CC-0CDA25543D26} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1535247676-259750934-2603864087-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1535247676-259750934-2603864087-1000 -> {30B63421-98A8-4AE4-87CC-0CDA25543D26} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-11] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-11] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-12-30] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1535247676-259750934-2603864087-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-05-29] (Sony Network Entertainment International LLC)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default [2017-06-01]
CHR Extension: (Google Slides) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-23]
CHR Extension: (Google Docs) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-23]
CHR Extension: (Google Drive) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-23]
CHR Extension: (YouTube) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-23]
CHR Extension: (Tampermonkey) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-01-26]
CHR Extension: (Google Sheets) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-23]
CHR Extension: (Google Docs Offline) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-23]
CHR Extension: (AdBlock) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-05-10]
CHR Extension: (New Tab Reloaded) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jliilhbdldnjbdbpajaakhpjpahnopbn [2016-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Gmail) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-23]
CHR Extension: (Chrome Media Router) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-17]
CHR Profile: C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-05-31]
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-26] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37504 2016-05-10] (The OpenVPN Project)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3764472 2016-09-08] (Paramount Software UK Ltd)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-12-11] (Realtek Semiconductor)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-18] (TeamViewer GmbH)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307064 2015-07-31] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-10-05] (Sony Mobile Communications)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NETw5s64; C:\Windows\System32\DRIVERS\NETw5s64.sys [7689216 2010-05-31] (Intel Corporation) [File not signed]
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11532704 2015-01-10] (Intel Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-05-28] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-01 22:31 - 2017-06-01 22:32 - 00022091 _____ C:\Users\barely broke\Desktop\FRST.txt
2017-06-01 22:31 - 2017-06-01 22:31 - 02431488 _____ (Farbar) C:\Users\barely broke\Desktop\FRST64.exe
2017-06-01 22:31 - 2017-06-01 22:31 - 00000000 ____D C:\FRST
2017-06-01 22:25 - 2017-06-01 22:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\barely broke\Desktop\HijackThis.exe
2017-06-01 14:41 - 2017-06-02 08:17 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2017-06-01 00:04 - 2017-06-01 00:04 - 00000000 ____D C:\ProgramData\WindowsTask
2017-06-01 00:04 - 2017-06-01 00:04 - 00000000 ____D C:\ProgramData\System32
2017-06-01 00:02 - 2017-06-01 00:02 - 00000000 ____D C:\Users\Guest\AppData\Local\CrashDumps
2017-06-01 00:01 - 2017-06-01 00:01 - 00117392 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-01 00:01 - 2017-06-01 00:01 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Intel Corporation
2017-06-01 00:01 - 2017-06-01 00:01 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Apple Computer
2017-06-01 00:01 - 2017-06-01 00:01 - 00000000 ____D C:\Users\Guest\AppData\Local\Adobe
2017-06-01 00:00 - 2017-06-01 00:01 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2017-06-01 00:00 - 2017-06-01 00:00 - 00002255 _____ C:\Users\Guest\Desktop\Google Chrome.lnk
2017-06-01 00:00 - 2017-06-01 00:00 - 00001413 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-06-01 00:00 - 2017-06-01 00:00 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2017-05-31 23:59 - 2017-05-31 23:59 - 00000020 ___SH C:\Users\Guest\ntuser.ini
2017-05-31 23:59 - 2017-05-31 23:59 - 00000000 _SHDL C:\Users\Guest\My Documents
2017-05-31 23:59 - 2017-05-31 23:59 - 00000000 _SHDL C:\Users\Guest\Documents\My Videos
2017-05-31 23:59 - 2017-05-31 23:59 - 00000000 _SHDL C:\Users\Guest\Documents\My Pictures
2017-05-31 23:59 - 2017-05-31 23:59 - 00000000 _SHDL C:\Users\Guest\Documents\My Music
2017-05-31 23:59 - 2017-05-31 23:59 - 00000000 ____D C:\Users\Guest
2017-05-31 23:59 - 2015-07-26 01:53 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2017-05-31 23:59 - 2015-03-22 23:25 - 00000000 ____D C:\Users\Guest\AppData\Roaming\TuneUp Software
2017-05-31 23:59 - 2009-07-14 17:45 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Media Center Programs
2017-05-31 03:59 - 2017-05-31 04:00 - 00000000 ____D C:\Program Files (x86)\DVDFab 10
2017-05-31 03:59 - 2017-05-31 03:59 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDFab 10
2017-05-31 03:59 - 2017-05-31 03:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 10
2017-05-30 21:25 - 2017-05-30 21:25 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\995
2017-05-30 20:29 - 2017-05-30 20:29 - 00000000 ____D C:\Users\barely broke\Documents\DVDFab9
2017-05-30 20:29 - 2017-05-30 20:29 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\DVDFab9
2017-05-30 20:28 - 2017-05-31 04:01 - 00000000 ____D C:\Program Files (x86)\DVDFab 9
2017-05-29 22:00 - 2017-05-29 22:00 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\20455
2017-05-28 07:09 - 2017-05-28 08:17 - 00049152 _____ C:\Windows\SysWOW64\(null)VTS_05_0.IFO
2017-05-28 06:25 - 2017-05-28 08:17 - 00049152 _____ C:\Windows\SysWOW64\(null)VTS_04_0.IFO
2017-05-28 06:25 - 2017-05-28 08:17 - 00049152 _____ C:\Windows\SysWOW64\(null)VTS_03_0.IFO
2017-05-28 06:25 - 2017-05-28 08:17 - 00049152 _____ C:\Windows\SysWOW64\(null)VTS_02_0.IFO
2017-05-28 06:25 - 2017-05-28 08:17 - 00014336 _____ C:\Windows\SysWOW64\(null)VTS_01_0.IFO
2017-05-28 06:25 - 2017-05-28 08:17 - 00010240 _____ C:\Windows\SysWOW64\(null)VIDEO_TS.IFO
2017-05-28 05:20 - 2017-05-28 05:40 - 00000000 ____D C:\Users\barely broke\Desktop\Output
2017-05-28 05:19 - 2017-05-31 06:31 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2017-05-28 05:19 - 2017-05-31 06:30 - 00000000 ____D C:\Program Files\HandBrake
2017-05-28 05:19 - 2017-05-28 05:21 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\HandBrake
2017-05-28 05:19 - 2017-05-28 05:19 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\HandBrake Team
2017-05-28 04:38 - 2017-05-30 22:34 - 00000000 ____D C:\Users\barely broke\Desktop\Emperor
2017-05-28 04:37 - 2017-05-31 04:01 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\DVDFab10
2017-05-28 04:37 - 2017-05-28 04:37 - 00000087 _____ C:\Users\barely broke\AppData\Roaming\1de0de73-de3e-46c6-81b0-f6455f081644
2017-05-28 04:36 - 2017-05-28 04:37 - 00000000 ____D C:\Users\barely broke\Documents\DVDFab10
2017-05-26 06:48 - 2017-05-26 06:48 - 00012156 _____ C:\Users\barely broke\Desktop\Book1.xlsx
2017-05-18 18:19 - 2017-05-18 18:19 - 00046741 _____ C:\Users\barely broke\Desktop\Newport.pdf
2017-05-10 21:23 - 2017-04-28 11:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-10 21:23 - 2017-04-28 11:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-10 21:23 - 2017-04-28 11:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-10 21:23 - 2017-04-28 11:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-10 21:23 - 2017-04-28 11:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-10 21:23 - 2017-04-28 11:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-10 21:23 - 2017-04-28 10:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-10 21:23 - 2017-04-28 10:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:19 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-10 21:23 - 2017-04-28 10:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-10 21:23 - 2017-04-28 10:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-10 21:23 - 2017-04-28 10:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-10 21:23 - 2017-04-28 10:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-10 21:23 - 2017-04-28 10:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-10 21:23 - 2017-04-28 10:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-10 21:23 - 2017-04-28 10:11 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-10 21:23 - 2017-04-28 10:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-10 21:23 - 2017-04-28 10:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-10 21:23 - 2017-04-28 10:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-10 21:23 - 2017-04-28 10:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-10 21:23 - 2017-04-28 10:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-10 21:23 - 2017-04-28 10:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-10 21:23 - 2017-04-28 10:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-10 21:23 - 2017-04-28 10:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-10 21:23 - 2017-04-28 10:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-10 21:23 - 2017-04-28 10:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-10 21:23 - 2017-04-27 00:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-10 21:23 - 2017-04-22 01:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-10 21:23 - 2017-04-22 01:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-05-10 21:23 - 2017-04-18 01:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-10 21:23 - 2017-04-18 01:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-10 21:23 - 2017-04-18 01:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-10 21:23 - 2017-04-18 01:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-10 21:23 - 2017-04-18 01:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-10 21:23 - 2017-04-18 01:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-10 21:23 - 2017-04-18 01:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-10 21:23 - 2017-04-18 01:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-05-10 21:23 - 2017-04-18 00:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-05-10 21:23 - 2017-04-13 01:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-10 21:23 - 2017-04-13 01:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-10 21:23 - 2017-04-13 01:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-10 21:23 - 2017-04-13 01:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-10 21:23 - 2017-04-13 01:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-10 21:23 - 2017-04-13 01:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-10 21:23 - 2017-04-13 01:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-10 21:23 - 2017-04-13 01:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-10 21:23 - 2017-04-08 01:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-10 21:23 - 2017-04-08 01:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-10 21:23 - 2017-04-08 01:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-10 21:23 - 2017-04-08 01:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-10 21:23 - 2017-04-08 01:22 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-10 21:23 - 2017-04-06 00:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-10 21:23 - 2017-04-06 00:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-10 21:23 - 2017-04-06 00:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-10 21:23 - 2017-04-05 01:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-10 21:23 - 2017-04-05 01:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-10 21:23 - 2017-04-05 01:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-10 21:23 - 2017-04-05 00:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-10 21:23 - 2017-04-05 00:53 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-10 21:14 - 2017-03-23 01:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-05-10 21:14 - 2017-03-23 01:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-05-10 21:14 - 2017-03-23 01:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-05-10 21:14 - 2017-03-23 01:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-05-10 21:14 - 2017-03-23 01:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-05-10 21:14 - 2017-03-23 01:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-05-10 21:14 - 2017-03-23 01:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-05-10 21:14 - 2017-03-23 01:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-05-10 21:14 - 2017-03-23 01:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-05-10 21:14 - 2017-03-23 01:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-05-10 21:14 - 2017-03-23 01:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-05-10 21:14 - 2017-03-23 01:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-05-10 21:14 - 2017-03-23 01:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-05-10 21:14 - 2017-03-23 01:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-05-10 21:14 - 2017-03-23 01:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-05-10 21:14 - 2017-03-23 01:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-05-10 21:14 - 2017-03-11 02:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-05-10 21:14 - 2017-03-11 02:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-05-10 21:14 - 2017-03-11 02:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-05-10 21:14 - 2017-03-11 02:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-05-10 21:14 - 2017-03-11 02:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-05-10 21:14 - 2017-03-11 02:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-05-10 21:14 - 2017-03-11 02:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-05-10 21:14 - 2017-03-11 02:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-05-10 21:14 - 2017-03-11 02:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-05-10 21:14 - 2017-03-11 01:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-05-10 21:14 - 2017-03-08 02:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-05-10 21:14 - 2017-03-08 02:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-05-10 21:14 - 2017-03-08 00:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-05-10 21:14 - 2017-03-04 11:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-05-10 21:14 - 2017-03-04 11:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-05-10 21:14 - 2017-03-04 11:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-05-10 21:14 - 2017-03-04 11:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-05-10 21:14 - 2016-03-24 08:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-05-10 21:14 - 2016-03-24 08:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-05-10 21:06 - 2017-02-10 02:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-05-10 21:06 - 2017-02-10 02:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-05-10 21:06 - 2017-02-10 02:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-05-10 21:06 - 2017-02-10 02:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-05-10 21:06 - 2017-01-14 04:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-05-10 21:06 - 2017-01-14 03:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-05-10 21:06 - 2017-01-12 04:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-05-10 21:06 - 2017-01-12 03:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-05-10 21:05 - 2017-02-11 02:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-05-10 21:05 - 2017-02-11 02:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-05-10 21:05 - 2017-02-11 00:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-05-10 21:05 - 2017-02-10 02:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-05-10 21:05 - 2017-02-10 01:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-05-10 21:05 - 2017-02-10 00:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-05-10 21:05 - 2017-02-10 00:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-05-10 21:05 - 2017-02-07 02:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-05-10 21:05 - 2017-01-14 04:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-05-10 21:05 - 2017-01-14 03:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-05-10 21:05 - 2017-01-12 04:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-05-10 21:05 - 2017-01-12 03:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-05-10 21:05 - 2016-10-08 23:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-01 22:29 - 2009-07-14 14:45 - 00025616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-01 22:29 - 2009-07-14 14:45 - 00025616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-01 22:26 - 2009-07-14 15:13 - 00784286 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-01 22:26 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\inf
2017-06-01 22:22 - 2017-02-26 02:24 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
2017-06-01 22:22 - 2017-02-26 02:24 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2017-06-01 22:22 - 2014-12-20 18:44 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-01 22:22 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-01 22:20 - 2014-12-29 00:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-01 00:05 - 2009-07-14 15:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-05-31 08:48 - 2017-03-25 00:04 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-05-31 08:48 - 2017-02-04 01:12 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-05-31 08:48 - 2017-02-03 23:36 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-05-31 08:48 - 2016-05-23 12:32 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-31 08:48 - 2015-07-27 02:02 - 00001530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2017-05-31 08:48 - 2015-07-26 01:53 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2017-05-31 08:48 - 2015-01-18 23:41 - 00001877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2017-05-31 08:48 - 2014-12-31 04:11 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Problem Report.lnk
2017-05-31 08:48 - 2014-12-29 00:27 - 00002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2017-05-31 08:48 - 2014-12-29 00:27 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2017-05-31 08:48 - 2014-12-28 22:39 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2017-05-31 08:48 - 2014-12-21 13:02 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2017-05-31 08:48 - 2014-12-21 13:02 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2017-05-31 08:48 - 2014-12-20 18:12 - 00001389 _____ C:\Users\barely broke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-05-31 08:48 - 2009-07-14 14:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-05-31 08:48 - 2009-07-14 14:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2017-05-31 08:48 - 2009-07-14 14:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2017-05-31 08:48 - 2009-07-14 14:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2017-05-31 08:47 - 2009-07-14 15:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2017-05-31 08:47 - 2009-07-14 14:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2017-05-31 08:45 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\Globalization
2017-05-31 06:31 - 2017-02-26 01:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriversCloud.com
2017-05-31 06:31 - 2016-09-13 07:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard
2017-05-31 06:31 - 2016-09-01 22:32 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2017-05-31 06:31 - 2016-08-19 18:45 - 00000000 ____D C:\php
2017-05-31 06:31 - 2016-05-25 02:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2017-05-31 06:31 - 2016-01-08 02:33 - 00000000 ____D C:\Users\barely broke\.flashTool
2017-05-31 06:31 - 2016-01-08 02:32 - 00000000 ____D C:\Flashtool
2017-05-31 06:31 - 2015-07-26 01:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2017-05-31 06:31 - 2015-01-24 01:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creevity Mp3 Cover Downloader
2017-05-31 06:30 - 2017-03-25 00:05 - 00000000 ____D C:\Program Files\iTunes
2017-05-31 06:30 - 2016-09-10 02:06 - 00000000 ____D C:\adb
2017-05-31 06:30 - 2016-07-13 01:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-05-31 06:30 - 2016-05-25 02:04 - 00000000 ____D C:\Program Files\TAP-Windows
2017-05-31 06:30 - 2016-05-25 02:04 - 00000000 ____D C:\Program Files\OpenVPN
2017-05-31 06:30 - 2015-09-29 15:47 - 00000000 ____D C:\Program Files\DriversCloud.com
2017-05-31 06:30 - 2015-08-15 01:33 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2017-05-31 06:30 - 2015-01-24 01:33 - 00000000 ____D C:\Program Files\Creevity Mp3 Cover Downloader
2017-05-31 06:30 - 2014-12-29 00:32 - 00000000 ____D C:\Program Files\CCleaner
2017-05-31 06:30 - 2014-12-29 00:01 - 00000000 ____D C:\Program Files\PowerISO
2017-05-31 06:30 - 2014-12-20 18:44 - 00000000 ____D C:\Program Files\WinRAR
2017-05-31 06:18 - 2014-12-10 16:47 - 00000000 ____D C:\Users\barely broke\Documents\Registry Backups
2017-05-31 06:17 - 2014-12-29 00:49 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\uTorrent
2017-05-31 06:10 - 2015-04-09 15:22 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-05-31 06:05 - 2017-02-04 01:12 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-05-30 22:33 - 2014-12-29 00:37 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\vlc
2017-05-30 20:27 - 2016-07-27 14:03 - 00000000 ____D C:\Users\barely broke\Documents\Receipts
2017-05-30 18:06 - 2015-02-10 01:58 - 00000000 ____D C:\Users\barely broke\AppData\Local\ElevatedDiagnostics
2017-05-29 22:21 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\NDF
2017-05-29 21:35 - 2015-06-29 22:33 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-05-17 05:50 - 2015-06-29 22:50 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\TeamViewer
2017-05-17 05:50 - 2015-02-13 16:20 - 00000000 ____D C:\Users\barely broke\AppData\Local\CrashDumps
2017-05-16 22:09 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2017-05-14 21:40 - 2015-01-21 13:39 - 05039280 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-10 22:36 - 2009-07-14 15:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-05-10 21:40 - 2015-07-19 18:10 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-10 21:40 - 2015-07-19 18:10 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-10 21:40 - 2015-07-19 18:10 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-10 21:40 - 2015-07-19 18:10 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-10 21:40 - 2015-07-19 18:10 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-10 21:01 - 2016-05-23 12:31 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-10 21:01 - 2016-05-23 12:31 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2017-05-28 04:37 - 2017-05-28 04:37 - 0000087 _____ () C:\Users\barely broke\AppData\Roaming\1de0de73-de3e-46c6-81b0-f6455f081644
2015-10-22 23:36 - 2015-10-23 12:49 - 0000132 _____ () C:\Users\barely broke\AppData\Roaming\Adobe BMP Format CS6 Prefs
2015-07-26 11:41 - 2016-09-03 03:15 - 0000132 _____ () C:\Users\barely broke\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-11-05 13:12 - 2015-11-05 13:12 - 0000014 _____ () C:\Users\barely broke\AppData\Roaming\Network Meter_Usage.ini
2014-12-30 02:35 - 2015-11-05 12:48 - 0000435 _____ () C:\Users\barely broke\AppData\Roaming\Weather Meter_Settings.ini
2015-11-05 13:07 - 2015-11-05 13:09 - 0000490 _____ () C:\Users\barely broke\AppData\Roaming\Weather Monitor_Settings.ini
2015-03-04 02:16 - 2016-09-01 18:31 - 45700992 _____ (Sony) C:\Users\barely broke\AppData\Local\pcc.exe
2016-12-20 10:57 - 2016-12-20 11:05 - 0007666 _____ () C:\Users\barely broke\AppData\Local\Resmon.ResmonCfg
 
Files to move or delete:
====================
C:\Users\barely broke\IP_Log_Data.js
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-24 22:31
 
==================== End of FRST.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:00 PM

Posted 02 June 2017 - 09:06 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1535247676-259750934-2603864087-1000\...\Run: [AdobeBridge] => [X]
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Tampermonkey) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-01-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Chrome Media Router) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-17]
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please include for my review the Addition.txt file that was created by the Farbar program.


Let me know if any issues with this computer.
===

#3 patch18AT

patch18AT
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:00 AM

Posted 02 June 2017 - 09:22 AM

Hi nasdaq,
 
Thank you for giving me your time - I'm most grateful.
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 01-06-2017
Ran by barely broke (03-06-2017 00:16:14) Run:1
Running from C:\Users\barely broke\Desktop
Loaded Profiles: barely broke (Available Profiles: barely broke & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1535247676-259750934-2603864087-1000\...\Run: [AdobeBridge] => [X]
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Tampermonkey) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-01-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Chrome Media Router) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-17]
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-1535247676-259750934-2603864087-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"C:\Windows\system32\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo => moved successfully
C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihenkjeihefokohmemphikjnjbmegdik => key removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10090172 B
Java, Flash, Steam htmlcache => 343 B
Windows/system/drivers => 938932 B
Edge => 0 B
Chrome => 454231659 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83519 B
systemprofile32 => 66788 B
LocalService => 132244 B
NetworkService => 1536452 B
barely broke => 22435651 B
Guest => 76143 B
 
RecycleBin => 436853979 B
EmptyTemp: => 891.5 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 00:16:30 ====



#4 patch18AT

patch18AT
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:00 AM

Posted 02 June 2017 - 09:23 AM

I couldn't find a way to attach the Addition.txt file so I have pasted it below here.

 

I am a little concerned though as I had left the Addition.txt file on my desktop from when I first ran FBAR when I first posted. I don't know if there was a new one that was created?

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-05-2017
Ran by barely broke (01-06-2017 22:32:21)
Running from C:\Users\barely broke\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-12-20 08:12:24)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1535247676-259750934-2603864087-500 - Administrator - Disabled)
barely broke (S-1-5-21-1535247676-259750934-2603864087-1000 - Administrator - Enabled) => C:\Users\barely broke
Guest (S-1-5-21-1535247676-259750934-2603864087-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1535247676-259750934-2603864087-1008 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.15 - STMicroelectronics)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.2 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ArchiCAD 11 INT (HKLM-x32\...\001FFFFFFF11FF00FF0701F02F02F000-R1) (Version:  - )
AutoCAD 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 Help - English (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 Language Pack - English (Version: 20.0.51.0 - Autodesk) Hidden
Autodesk AutoCAD 2015 - English (HKLM\...\AutoCAD 2015 - English) (Version: 20.0.51.0 - Autodesk)
Autodesk AutoCAD 2015 Help - English (HKLM\...\AutoCAD 2015 Help - English) (Version: 20.0.51.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Creevity Mp3 Cover Downloader (HKLM\...\Mp3 Cover Downloader_is1) (Version: 1.4.0 - Diego Alicata)
DriversCloud.com (64 bits) (HKLM\...\{7F704A24-8DA3-4255-BD8A-6D2E3EB4193E}) (Version: 10.0.3.0 - Cybelsoft)
DVDFab 10.0.3.9 (16/05/2017) (HKLM-x32\...\DVDFab 10) (Version: 10.0.3.9 - Fengtao Software Inc.)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.22.3 - Androxyde)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{164600BE-9CEC-44E6-9B38-2B12D5FE2342}) (Version: 12.6.0.100 - Apple Inc.)
iViewRipper 2.2 {27th July 2016} (HKLM-x32\...\iViewRipper) (Version: 2.2 {27th July 2016} - iViewRipper)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java™ SE Runtime Environment 6 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.41.2 - JMicron Technology Corp.)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.1.1311 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Media Go (HKLM-x32\...\{1CBCA994-0290-49AD-98D3-9013A0F102E6}) (Version: 2.9.406 - Sony)
Media Go Network Downloader (HKLM-x32\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony)
Media Go Video Playback Engine 2.16.106.12020 (HKLM-x32\...\{DB6F4DEE-AA55-27F5-EC63-774047889DB5}) (Version: 2.16.106.12020 - Sony)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mp3tag v2.71 (HKLM-x32\...\Mp3tag) (Version: v2.71 - Florian Heidenreich)
Nero 11 Mini Repack (HKLM-x32\...\NMMS11) (Version:  - )
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
NVIDIA 3D Vision Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenVPN 2.3.11-I601  (HKLM\...\OpenVPN) (Version: 2.3.11-I601 - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.8.5 - Dell Inc.)
QuickTime (HKLM-x32\...\InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}) (Version: 7.1 - Apple Computer, Inc.)
QuickTime (x32 Version: 7.1 - Apple Computer, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.104.1223.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
RT 7 Lite (64-Bit) (HKU\S-1-5-21-1535247676-259750934-2603864087-1000\...\RT 7 Lite x64) (Version: 2.6.0 - Rockers Team)
RT 7 Lite x64 (Version: 2.6.0 - Rockers Team) Hidden
SBSRipper 1.25 {23rd Feb 2017} (HKLM-x32\...\SBSRipper) (Version: 1.25 {23rd Feb 2017} - SBSRipper)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SketchUp 2016 (HKLM\...\{E2B66CF6-ABA0-4E5F-B426-7478B18301AE}) (Version: 16.1.1449 - Trimble Navigation Limited)
SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.16.12.201608221014 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.4.0 - Synaptics Incorporated)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.75813 - TeamViewer)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WD Quick View (HKLM-x32\...\{D0A3A97D-7918-4B0B-B91E-775E00C36122}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5800 - Broadcom Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Xperia Companion (HKLM-x32\...\{8f4f39fa-087f-4e5c-84f3-1433ac7389e9}) (Version: 1.2.8.0 - Sony)
Xperia Companion (x32 Version: 1.2.8.0 - Sony) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1535247676-259750934-2603864087-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1535247676-259750934-2603864087-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-1535247676-259750934-2603864087-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll (Autodesk, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {45C43BAD-9306-41BF-870B-0B4266E383EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-23] (Google Inc.)
Task: {56C1B640-43BE-4EB4-8B7F-65202B82540A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-02-26] ()
Task: {5A58A414-4EAC-4347-9D22-F1D579343B91} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe 
Task: {8F561748-70FC-47F5-BEF4-30EF1CC5D704} - System32\Tasks\{F2B2899D-5BF0-433D-8ED2-4123CABDA1AF} => pcalua.exe -a "C:\Users\barely broke\Desktop\USB\usb3drvinst-msi_USB3-Host-10180b.exe" -d "C:\Users\barely broke\Desktop\USB"
Task: {9D8867F0-8FFC-4F5A-873E-F3BBB783DD6B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe 
Task: {D07C77FB-8F2D-4DE3-A880-C7CDBFCA186D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {F16DC10C-5E9B-476C-BD93-B82C42BC03FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-23] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\barely broke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDFab 10\DVDFab Online.lnk -> hxxp://www.dvdfab.cn/
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-12-20 18:44 - 2017-02-10 08:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-16 15:08 - 2017-03-16 15:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-16 15:08 - 2017-03-16 15:08 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-29 04:07 - 2016-03-29 04:07 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-12-20 19:46 - 2010-09-24 09:21 - 00727664 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2017-03-22 17:14 - 2017-03-22 17:14 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-03-22 17:14 - 2017-03-22 17:14 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-05-17 11:49 - 2017-05-09 19:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-17 11:49 - 2017-05-09 19:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-02-26 01:21 - 2017-02-26 01:21 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5d3fdf7962e3a154830b603096be4216\IsdiInterop.ni.dll
2017-02-26 01:21 - 2010-03-03 19:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68 [175]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-1535247676-259750934-2603864087-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1535247676-259750934-2603864087-1000\...\dell.com -> dell.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 12:34 - 2016-06-27 18:16 - 00001878 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
172.1.6.9 www.iphonebackupextractor.com
127.0.0.1 campaign.avg.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1535247676-259750934-2603864087-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\barely broke\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 54.252.183.4 - 54.252.183.5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{7257F78D-8BA8-4331-B0C8-C98FF838894B}] => (Allow) LPort=48113
FirewallRules: [{BB4874A1-B328-4393-98F6-B1C16465DB7F}] => (Allow) LPort=48114
FirewallRules: [TCP Query User{6D361D0E-46BA-4A0F-BB2A-0B3DE1AC0949}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{94D5130A-BDC5-483A-8D38-640FBE182E27}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{D0265E92-39B2-46AD-97C8-6E205B0CBE43}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{408F81FF-6192-44B5-8C15-4AB5EF36709E}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{4306E08A-966F-4B42-BC0D-BB6A1178CFBF}C:\program files (x86)\graphisoft\archicad 11\archicad.exe] => (Block) C:\program files (x86)\graphisoft\archicad 11\archicad.exe
FirewallRules: [UDP Query User{BB80A6AD-C0A8-44A2-8AD6-3241DA0EE6DE}C:\program files (x86)\graphisoft\archicad 11\archicad.exe] => (Block) C:\program files (x86)\graphisoft\archicad 11\archicad.exe
FirewallRules: [TCP Query User{F3C9CAD7-C1F9-4A07-B6F2-EAE601C087D1}C:\program files (x86)\graphisoft\archicad 11\archicad.exe] => (Allow) C:\program files (x86)\graphisoft\archicad 11\archicad.exe
FirewallRules: [UDP Query User{CF92727F-D764-4EBB-8AE4-A1A88FEBEEF0}C:\program files (x86)\graphisoft\archicad 11\archicad.exe] => (Allow) C:\program files (x86)\graphisoft\archicad 11\archicad.exe
FirewallRules: [{D450B9AA-32A0-4C97-B141-AC223F36B6BF}] => (Allow) LPort=5353
FirewallRules: [{54A36238-7425-497B-9C14-03E26AAD8850}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{5DAA4190-93C3-4549-872C-C6C9190F2F94}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{5A64462C-A00C-4B5D-BF4E-706F75A9B0D6}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{D6CB45EE-D78E-44FE-898F-3EC7080052A8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B3C5A1AA-456A-411F-BDE9-1AECAD4B6652}] => (Allow) C:\Program Files\DriversCloud.com\DriversCloud.exe
FirewallRules: [{1356E0A0-4117-484E-8044-74A20CE45C3D}] => (Allow) C:\Program Files\DriversCloud.com\DriversCloud.exe
FirewallRules: [{C04AB77D-258B-46BF-A428-66EFF4492C45}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3BA79643-6FEA-4DC9-8E94-0CBC09EDD7A8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{81301A4A-D952-4C9A-B238-5E1B45F254AC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{94D4E8EC-98C5-4523-B922-098B52009C03}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2CD614DA-D9E0-4E2A-81B8-BB316BB69870}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7EF7AA19-407F-43AB-ABC0-FBF49890B824}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{46E797F8-586B-42F7-BEA9-3DBEED256B61}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CA0CDAAD-ACE8-40AD-8A09-2F74E8D0F507}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B6260B35-E134-40F0-9282-3F513B733239}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{20DB9EB5-5461-4403-8E54-97EE654AE468}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{DC625BD1-B6F4-4719-AA0A-92FFB7DFB037}C:\program files (x86)\dvdfab 10\dvdfab.exe] => (Allow) C:\program files (x86)\dvdfab 10\dvdfab.exe
FirewallRules: [UDP Query User{28B8120E-0C6E-48EF-8123-409161FE4751}C:\program files (x86)\dvdfab 10\dvdfab.exe] => (Allow) C:\program files (x86)\dvdfab 10\dvdfab.exe
FirewallRules: [TCP Query User{A8389768-207E-496D-AF53-A6360983ED74}C:\program files (x86)\dvdfab 10\dvdfab.exe] => (Block) C:\program files (x86)\dvdfab 10\dvdfab.exe
FirewallRules: [UDP Query User{B1C6BF48-6935-423F-9FB1-3623A69BE40E}C:\program files (x86)\dvdfab 10\dvdfab.exe] => (Block) C:\program files (x86)\dvdfab 10\dvdfab.exe
 
==================== Restore Points =========================
 
29-03-2017 19:27:23 Windows Update
04-04-2017 18:16:17 Windows Update
19-04-2017 21:27:01 Windows Update
10-05-2017 21:05:44 Windows Update
10-05-2017 21:14:14 Windows Update
10-05-2017 21:22:56 Windows Update
16-05-2017 17:06:18 Windows Update
19-05-2017 21:27:06 Windows Update
23-05-2017 21:29:19 Windows Update
28-05-2017 04:44:36 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom BCM2070 Bluetooth 3.0 USB Device
Description: Broadcom BCM2070 Bluetooth 3.0 USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/31/2017 08:47:29 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/31/2017 08:47:29 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/31/2017 08:47:29 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/31/2017 08:47:29 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (05/31/2017 08:47:29 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/31/2017 08:47:29 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (05/31/2017 08:47:29 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/31/2017 08:47:29 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/31/2017 08:47:29 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
Details:
0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
 
Error: (05/31/2017 08:47:29 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (3648) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0011C.log.
 
 
System errors:
=============
Error: (06/01/2017 04:21:49 AM) (Source: TermDD) (EventID: 56) (User: )
Description: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
Client IP: 91.218.192.234.
 
Error: (06/01/2017 03:21:43 AM) (Source: TermDD) (EventID: 56) (User: )
Description: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
Client IP: 91.218.192.234.
 
Error: (06/01/2017 02:21:12 AM) (Source: TermDD) (EventID: 56) (User: )
Description: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
Client IP: 91.218.192.234.
 
Error: (06/01/2017 01:20:49 AM) (Source: TermDD) (EventID: 56) (User: )
Description: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
Client IP: 91.218.192.234.
 
Error: (06/01/2017 12:20:42 AM) (Source: TermDD) (EventID: 56) (User: )
Description: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
Client IP: 91.218.192.234.
 
Error: (06/01/2017 12:04:22 AM) (Source: DCOM) (EventID: 10016) (User: barelybroke-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user barelybroke-PC\Guest SID (S-1-5-21-1535247676-259750934-2603864087-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/01/2017 12:04:21 AM) (Source: DCOM) (EventID: 10016) (User: barelybroke-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user barelybroke-PC\Guest SID (S-1-5-21-1535247676-259750934-2603864087-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/01/2017 12:01:16 AM) (Source: DCOM) (EventID: 10016) (User: barelybroke-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user barelybroke-PC\Guest SID (S-1-5-21-1535247676-259750934-2603864087-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/01/2017 12:00:54 AM) (Source: DCOM) (EventID: 10016) (User: barelybroke-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user barelybroke-PC\Guest SID (S-1-5-21-1535247676-259750934-2603864087-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/31/2017 11:50:09 PM) (Source: TermDD) (EventID: 56) (User: )
Description: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
Client IP: 91.218.192.234.
 
 
CodeIntegrity:
===================================
  Date: 2017-06-01 00:00:14.242
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-14 06:23:50.744
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\barely broke\Desktop\TEMP\RT_Mount\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23250_none_c020e6d81669811a\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-14 06:23:50.586
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\barely broke\Desktop\TEMP\RT_Mount\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23250_none_c020e6d81669811a\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-14 06:23:50.428
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\barely broke\Desktop\TEMP\RT_Mount\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23250_none_c020e6d81669811a\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-14 06:23:50.282
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\barely broke\Desktop\TEMP\RT_Mount\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23250_none_c020e6d81669811a\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-13 19:08:57.849
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\barely broke\Desktop\TEMP\RT_Mount\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23392_none_bff7a9a2168820b3\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-13 19:08:57.691
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\barely broke\Desktop\TEMP\RT_Mount\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23392_none_bff7a9a2168820b3\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-13 19:08:57.541
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\barely broke\Desktop\TEMP\RT_Mount\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23392_none_bff7a9a2168820b3\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-13 19:08:57.393
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\barely broke\Desktop\TEMP\RT_Mount\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23392_none_bff7a9a2168820b3\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-13 19:08:57.130
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\barely broke\Desktop\TEMP\RT_Mount\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23392_none_b5a2ff4fe2275eb8\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU Q 840 @ 1.87GHz
Percentage of memory in use: 37%
Total physical RAM: 8124.38 MB
Available physical RAM: 5070.7 MB
Total Virtual: 16246.94 MB
Available Virtual: 12863.96 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.79 GB) (Free:86.78 GB) NTFS
Drive e: (YODA) (Removable) (Total:7.48 GB) (Free:7.15 GB) FAT32
Drive z: (Multimedia) (Network) (Total:5511.04 GB) (Free:2897.99 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 5FE250AB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 275E50C0)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)
 
==================== End of Addition.txt ============================


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:00 PM

Posted 02 June 2017 - 12:29 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The Addition.txt file was created on June 1. It's ok with me.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:


CustomCLSID: HKU\S-1-5-21-1535247676-259750934-2603864087-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1535247676-259750934-2603864087-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe => No File
Task: {56C1B640-43BE-4EB4-8B7F-65202B82540A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-02-26] ()
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68 [175]
C:\Windows\System32\Tasks\AutoKMS
C:\Windows\AutoKMS
C:\Windows\Tasks\AutoKMS.job

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java SE Runtime Environment 6 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)


Any remaining issues with this computer?

#6 patch18AT

patch18AT
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:00 AM

Posted 03 June 2017 - 11:25 AM

Hello nasdaq,

 

here is the log you requested:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-05-2017
Ran by barely broke (administrator) on BARELYBROKE-PC (01-06-2017 22:31:52)
Running from C:\Users\barely broke\Desktop
Loaded Profiles: barely broke (Available Profiles: barely broke & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Trend Micro Inc.) C:\Users\barely broke\Desktop\HijackThis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3206816 2010-08-04] (Dell Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7666392 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-15] (Synaptics Incorporated)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] ()
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-02] (UltimateOutsider)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [282624 2016-05-27] (Apple Computer, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKU\S-1-5-21-1535247676-259750934-2603864087-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1535247676-259750934-2603864087-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-1535247676-259750934-2603864087-1000\...\MountPoints2: {1b97dca8-2616-11e6-9c06-f04da269a6f1} - E:\AutoRun.exe
HKU\S-1-5-21-1535247676-259750934-2603864087-1000\...\MountPoints2: {1eb46f23-6f0f-11e5-ab3e-f04da269a6f1} - E:\startme.exe
HKU\S-1-5-21-1535247676-259750934-2603864087-1000\...\MountPoints2: {25e7ba1c-b4d3-11e4-a939-f04da269a6f1} - E:\startme.exe
HKU\S-1-5-21-1535247676-259750934-2603864087-1000\...\MountPoints2: {89247db2-88bd-11e4-b14b-806e6f6e6963} - D:\autoRcd.exe
HKU\S-1-5-21-1535247676-259750934-2603864087-1000\...\MountPoints2: {d3b84e4c-882b-11e4-94b7-806e6f6e6963} - D:\autoRcd.exe
HKU\S-1-5-21-1535247676-259750934-2603864087-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SYSTEM32\AcSignIcon.dll [2014-04-15] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2017-05-31]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\barely broke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar899.lnk [2017-05-31]
ShortcutTarget: Sidebar899.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-1535247676-259750934-2603864087-1000] => localhost:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{08AC4C24-D7CB-4BE0-AF01-99E8FE78E58E}: [DhcpNameServer] 54.93.169.181 212.71.249.225
Tcpip\..\Interfaces\{0E0F1096-DB0D-49CB-9873-AC1E9D9C602F}: [NameServer] 54.252.183.4,54.252.183.5
Tcpip\..\Interfaces\{0E0F1096-DB0D-49CB-9873-AC1E9D9C602F}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5CD01A13-24A1-4A54-8FC0-B6325FB78091}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{72DBA0FE-04F3-4D2A-ABF6-461B54287A5D}: [DhcpNameServer] 192.168.8.1 192.168.8.1
 
Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1535247676-259750934-2603864087-1000 -> DefaultScope {30B63421-98A8-4AE4-87CC-0CDA25543D26} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1535247676-259750934-2603864087-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1535247676-259750934-2603864087-1000 -> {30B63421-98A8-4AE4-87CC-0CDA25543D26} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-11] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-11] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-12-30] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1535247676-259750934-2603864087-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-05-29] (Sony Network Entertainment International LLC)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default [2017-06-01]
CHR Extension: (Google Slides) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-23]
CHR Extension: (Google Docs) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-23]
CHR Extension: (Google Drive) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-23]
CHR Extension: (YouTube) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-23]
CHR Extension: (Tampermonkey) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-01-26]
CHR Extension: (Google Sheets) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-23]
CHR Extension: (Google Docs Offline) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-23]
CHR Extension: (AdBlock) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-05-10]
CHR Extension: (New Tab Reloaded) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jliilhbdldnjbdbpajaakhpjpahnopbn [2016-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Gmail) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-23]
CHR Extension: (Chrome Media Router) - C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-17]
CHR Profile: C:\Users\barely broke\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-05-31]
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-26] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37504 2016-05-10] (The OpenVPN Project)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3764472 2016-09-08] (Paramount Software UK Ltd)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-12-11] (Realtek Semiconductor)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-18] (TeamViewer GmbH)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307064 2015-07-31] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-10-05] (Sony Mobile Communications)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NETw5s64; C:\Windows\System32\DRIVERS\NETw5s64.sys [7689216 2010-05-31] (Intel Corporation) [File not signed]
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11532704 2015-01-10] (Intel Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-05-28] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-01 22:31 - 2017-06-01 22:32 - 00022091 _____ C:\Users\barely broke\Desktop\FRST.txt
2017-06-01 22:31 - 2017-06-01 22:31 - 02431488 _____ (Farbar) C:\Users\barely broke\Desktop\FRST64.exe
2017-06-01 22:31 - 2017-06-01 22:31 - 00000000 ____D C:\FRST
2017-06-01 22:25 - 2017-06-01 22:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\barely broke\Desktop\HijackThis.exe
2017-06-01 14:41 - 2017-06-02 08:17 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2017-06-01 00:04 - 2017-06-01 00:04 - 00000000 ____D C:\ProgramData\WindowsTask
2017-06-01 00:04 - 2017-06-01 00:04 - 00000000 ____D C:\ProgramData\System32
2017-06-01 00:02 - 2017-06-01 00:02 - 00000000 ____D C:\Users\Guest\AppData\Local\CrashDumps
2017-06-01 00:01 - 2017-06-01 00:01 - 00117392 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-01 00:01 - 2017-06-01 00:01 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Intel Corporation
2017-06-01 00:01 - 2017-06-01 00:01 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Apple Computer
2017-06-01 00:01 - 2017-06-01 00:01 - 00000000 ____D C:\Users\Guest\AppData\Local\Adobe
2017-06-01 00:00 - 2017-06-01 00:01 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2017-06-01 00:00 - 2017-06-01 00:00 - 00002255 _____ C:\Users\Guest\Desktop\Google Chrome.lnk
2017-06-01 00:00 - 2017-06-01 00:00 - 00001413 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-06-01 00:00 - 2017-06-01 00:00 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2017-05-31 23:59 - 2017-05-31 23:59 - 00000020 ___SH C:\Users\Guest\ntuser.ini
2017-05-31 23:59 - 2017-05-31 23:59 - 00000000 _SHDL C:\Users\Guest\My Documents
2017-05-31 23:59 - 2017-05-31 23:59 - 00000000 _SHDL C:\Users\Guest\Documents\My Videos
2017-05-31 23:59 - 2017-05-31 23:59 - 00000000 _SHDL C:\Users\Guest\Documents\My Pictures
2017-05-31 23:59 - 2017-05-31 23:59 - 00000000 _SHDL C:\Users\Guest\Documents\My Music
2017-05-31 23:59 - 2017-05-31 23:59 - 00000000 ____D C:\Users\Guest
2017-05-31 23:59 - 2015-07-26 01:53 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2017-05-31 23:59 - 2015-03-22 23:25 - 00000000 ____D C:\Users\Guest\AppData\Roaming\TuneUp Software
2017-05-31 23:59 - 2009-07-14 17:45 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Media Center Programs
2017-05-31 03:59 - 2017-05-31 04:00 - 00000000 ____D C:\Program Files (x86)\DVDFab 10
2017-05-31 03:59 - 2017-05-31 03:59 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDFab 10
2017-05-31 03:59 - 2017-05-31 03:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 10
2017-05-30 21:25 - 2017-05-30 21:25 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\995
2017-05-30 20:29 - 2017-05-30 20:29 - 00000000 ____D C:\Users\barely broke\Documents\DVDFab9
2017-05-30 20:29 - 2017-05-30 20:29 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\DVDFab9
2017-05-30 20:28 - 2017-05-31 04:01 - 00000000 ____D C:\Program Files (x86)\DVDFab 9
2017-05-29 22:00 - 2017-05-29 22:00 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\20455
2017-05-28 07:09 - 2017-05-28 08:17 - 00049152 _____ C:\Windows\SysWOW64\(null)VTS_05_0.IFO
2017-05-28 06:25 - 2017-05-28 08:17 - 00049152 _____ C:\Windows\SysWOW64\(null)VTS_04_0.IFO
2017-05-28 06:25 - 2017-05-28 08:17 - 00049152 _____ C:\Windows\SysWOW64\(null)VTS_03_0.IFO
2017-05-28 06:25 - 2017-05-28 08:17 - 00049152 _____ C:\Windows\SysWOW64\(null)VTS_02_0.IFO
2017-05-28 06:25 - 2017-05-28 08:17 - 00014336 _____ C:\Windows\SysWOW64\(null)VTS_01_0.IFO
2017-05-28 06:25 - 2017-05-28 08:17 - 00010240 _____ C:\Windows\SysWOW64\(null)VIDEO_TS.IFO
2017-05-28 05:20 - 2017-05-28 05:40 - 00000000 ____D C:\Users\barely broke\Desktop\Output
2017-05-28 05:19 - 2017-05-31 06:31 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2017-05-28 05:19 - 2017-05-31 06:30 - 00000000 ____D C:\Program Files\HandBrake
2017-05-28 05:19 - 2017-05-28 05:21 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\HandBrake
2017-05-28 05:19 - 2017-05-28 05:19 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\HandBrake Team
2017-05-28 04:38 - 2017-05-30 22:34 - 00000000 ____D C:\Users\barely broke\Desktop\Emperor
2017-05-28 04:37 - 2017-05-31 04:01 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\DVDFab10
2017-05-28 04:37 - 2017-05-28 04:37 - 00000087 _____ C:\Users\barely broke\AppData\Roaming\1de0de73-de3e-46c6-81b0-f6455f081644
2017-05-28 04:36 - 2017-05-28 04:37 - 00000000 ____D C:\Users\barely broke\Documents\DVDFab10
2017-05-26 06:48 - 2017-05-26 06:48 - 00012156 _____ C:\Users\barely broke\Desktop\Book1.xlsx
2017-05-18 18:19 - 2017-05-18 18:19 - 00046741 _____ C:\Users\barely broke\Desktop\Newport.pdf
2017-05-10 21:23 - 2017-04-28 11:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-10 21:23 - 2017-04-28 11:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-10 21:23 - 2017-04-28 11:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-10 21:23 - 2017-04-28 11:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-10 21:23 - 2017-04-28 11:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-10 21:23 - 2017-04-28 11:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-10 21:23 - 2017-04-28 11:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 11:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-10 21:23 - 2017-04-28 10:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-10 21:23 - 2017-04-28 10:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:19 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-10 21:23 - 2017-04-28 10:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-10 21:23 - 2017-04-28 10:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-10 21:23 - 2017-04-28 10:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-10 21:23 - 2017-04-28 10:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-10 21:23 - 2017-04-28 10:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-10 21:23 - 2017-04-28 10:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-10 21:23 - 2017-04-28 10:11 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-10 21:23 - 2017-04-28 10:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-10 21:23 - 2017-04-28 10:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-10 21:23 - 2017-04-28 10:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-10 21:23 - 2017-04-28 10:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-10 21:23 - 2017-04-28 10:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-10 21:23 - 2017-04-28 10:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-10 21:23 - 2017-04-28 10:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-10 21:23 - 2017-04-28 10:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-10 21:23 - 2017-04-28 10:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-10 21:23 - 2017-04-28 10:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 21:23 - 2017-04-28 10:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-10 21:23 - 2017-04-27 00:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-10 21:23 - 2017-04-22 01:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-10 21:23 - 2017-04-22 01:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-05-10 21:23 - 2017-04-18 01:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-10 21:23 - 2017-04-18 01:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-10 21:23 - 2017-04-18 01:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-10 21:23 - 2017-04-18 01:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-10 21:23 - 2017-04-18 01:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-10 21:23 - 2017-04-18 01:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-10 21:23 - 2017-04-18 01:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-10 21:23 - 2017-04-18 01:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-05-10 21:23 - 2017-04-18 00:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-05-10 21:23 - 2017-04-13 01:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-10 21:23 - 2017-04-13 01:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-10 21:23 - 2017-04-13 01:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-10 21:23 - 2017-04-13 01:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-10 21:23 - 2017-04-13 01:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-10 21:23 - 2017-04-13 01:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-10 21:23 - 2017-04-13 01:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-10 21:23 - 2017-04-13 01:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-10 21:23 - 2017-04-08 01:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-10 21:23 - 2017-04-08 01:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-10 21:23 - 2017-04-08 01:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-10 21:23 - 2017-04-08 01:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-10 21:23 - 2017-04-08 01:22 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-10 21:23 - 2017-04-06 00:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-10 21:23 - 2017-04-06 00:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-10 21:23 - 2017-04-06 00:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-10 21:23 - 2017-04-05 01:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-10 21:23 - 2017-04-05 01:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-10 21:23 - 2017-04-05 01:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-10 21:23 - 2017-04-05 00:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-10 21:23 - 2017-04-05 00:53 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-10 21:14 - 2017-03-23 01:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-05-10 21:14 - 2017-03-23 01:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-05-10 21:14 - 2017-03-23 01:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-05-10 21:14 - 2017-03-23 01:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-05-10 21:14 - 2017-03-23 01:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-05-10 21:14 - 2017-03-23 01:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-05-10 21:14 - 2017-03-23 01:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-05-10 21:14 - 2017-03-23 01:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-05-10 21:14 - 2017-03-23 01:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-05-10 21:14 - 2017-03-23 01:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-05-10 21:14 - 2017-03-23 01:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-05-10 21:14 - 2017-03-23 01:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-05-10 21:14 - 2017-03-23 01:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-05-10 21:14 - 2017-03-23 01:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-05-10 21:14 - 2017-03-23 01:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-05-10 21:14 - 2017-03-23 01:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-05-10 21:14 - 2017-03-11 02:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-05-10 21:14 - 2017-03-11 02:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-05-10 21:14 - 2017-03-11 02:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-05-10 21:14 - 2017-03-11 02:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-05-10 21:14 - 2017-03-11 02:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-05-10 21:14 - 2017-03-11 02:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-05-10 21:14 - 2017-03-11 02:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-05-10 21:14 - 2017-03-11 02:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-05-10 21:14 - 2017-03-11 02:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-05-10 21:14 - 2017-03-11 01:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-05-10 21:14 - 2017-03-08 02:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-05-10 21:14 - 2017-03-08 02:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-05-10 21:14 - 2017-03-08 00:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-05-10 21:14 - 2017-03-04 11:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-05-10 21:14 - 2017-03-04 11:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-05-10 21:14 - 2017-03-04 11:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-05-10 21:14 - 2017-03-04 11:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-05-10 21:14 - 2016-03-24 08:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-05-10 21:14 - 2016-03-24 08:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-05-10 21:06 - 2017-02-10 02:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-05-10 21:06 - 2017-02-10 02:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-05-10 21:06 - 2017-02-10 02:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-05-10 21:06 - 2017-02-10 02:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-05-10 21:06 - 2017-01-14 04:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-05-10 21:06 - 2017-01-14 03:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-05-10 21:06 - 2017-01-12 04:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-05-10 21:06 - 2017-01-12 03:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-05-10 21:05 - 2017-02-11 02:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-05-10 21:05 - 2017-02-11 02:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-05-10 21:05 - 2017-02-11 00:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-05-10 21:05 - 2017-02-10 02:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-05-10 21:05 - 2017-02-10 01:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-05-10 21:05 - 2017-02-10 00:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-05-10 21:05 - 2017-02-10 00:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-05-10 21:05 - 2017-02-07 02:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-05-10 21:05 - 2017-01-14 04:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-05-10 21:05 - 2017-01-14 03:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-05-10 21:05 - 2017-01-12 04:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-05-10 21:05 - 2017-01-12 03:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-05-10 21:05 - 2016-10-08 23:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-01 22:29 - 2009-07-14 14:45 - 00025616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-01 22:29 - 2009-07-14 14:45 - 00025616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-01 22:26 - 2009-07-14 15:13 - 00784286 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-01 22:26 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\inf
2017-06-01 22:22 - 2017-02-26 02:24 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
2017-06-01 22:22 - 2017-02-26 02:24 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2017-06-01 22:22 - 2014-12-20 18:44 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-01 22:22 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-01 22:20 - 2014-12-29 00:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-01 00:05 - 2009-07-14 15:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-05-31 08:48 - 2017-03-25 00:04 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-05-31 08:48 - 2017-02-04 01:12 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-05-31 08:48 - 2017-02-03 23:36 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-05-31 08:48 - 2016-05-23 12:32 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-31 08:48 - 2015-07-27 02:02 - 00001530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2017-05-31 08:48 - 2015-07-26 01:53 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2017-05-31 08:48 - 2015-01-18 23:41 - 00001877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2017-05-31 08:48 - 2014-12-31 04:11 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Problem Report.lnk
2017-05-31 08:48 - 2014-12-29 00:27 - 00002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2017-05-31 08:48 - 2014-12-29 00:27 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2017-05-31 08:48 - 2014-12-28 22:39 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2017-05-31 08:48 - 2014-12-21 13:02 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2017-05-31 08:48 - 2014-12-21 13:02 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2017-05-31 08:48 - 2014-12-20 18:12 - 00001389 _____ C:\Users\barely broke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-05-31 08:48 - 2009-07-14 14:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-05-31 08:48 - 2009-07-14 14:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2017-05-31 08:48 - 2009-07-14 14:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2017-05-31 08:48 - 2009-07-14 14:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2017-05-31 08:47 - 2009-07-14 15:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2017-05-31 08:47 - 2009-07-14 14:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2017-05-31 08:45 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\Globalization
2017-05-31 06:31 - 2017-02-26 01:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriversCloud.com
2017-05-31 06:31 - 2016-09-13 07:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard
2017-05-31 06:31 - 2016-09-01 22:32 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2017-05-31 06:31 - 2016-08-19 18:45 - 00000000 ____D C:\php
2017-05-31 06:31 - 2016-05-25 02:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2017-05-31 06:31 - 2016-01-08 02:33 - 00000000 ____D C:\Users\barely broke\.flashTool
2017-05-31 06:31 - 2016-01-08 02:32 - 00000000 ____D C:\Flashtool
2017-05-31 06:31 - 2015-07-26 01:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2017-05-31 06:31 - 2015-01-24 01:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creevity Mp3 Cover Downloader
2017-05-31 06:30 - 2017-03-25 00:05 - 00000000 ____D C:\Program Files\iTunes
2017-05-31 06:30 - 2016-09-10 02:06 - 00000000 ____D C:\adb
2017-05-31 06:30 - 2016-07-13 01:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-05-31 06:30 - 2016-05-25 02:04 - 00000000 ____D C:\Program Files\TAP-Windows
2017-05-31 06:30 - 2016-05-25 02:04 - 00000000 ____D C:\Program Files\OpenVPN
2017-05-31 06:30 - 2015-09-29 15:47 - 00000000 ____D C:\Program Files\DriversCloud.com
2017-05-31 06:30 - 2015-08-15 01:33 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2017-05-31 06:30 - 2015-01-24 01:33 - 00000000 ____D C:\Program Files\Creevity Mp3 Cover Downloader
2017-05-31 06:30 - 2014-12-29 00:32 - 00000000 ____D C:\Program Files\CCleaner
2017-05-31 06:30 - 2014-12-29 00:01 - 00000000 ____D C:\Program Files\PowerISO
2017-05-31 06:30 - 2014-12-20 18:44 - 00000000 ____D C:\Program Files\WinRAR
2017-05-31 06:18 - 2014-12-10 16:47 - 00000000 ____D C:\Users\barely broke\Documents\Registry Backups
2017-05-31 06:17 - 2014-12-29 00:49 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\uTorrent
2017-05-31 06:10 - 2015-04-09 15:22 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-05-31 06:05 - 2017-02-04 01:12 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-05-30 22:33 - 2014-12-29 00:37 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\vlc
2017-05-30 20:27 - 2016-07-27 14:03 - 00000000 ____D C:\Users\barely broke\Documents\Receipts
2017-05-30 18:06 - 2015-02-10 01:58 - 00000000 ____D C:\Users\barely broke\AppData\Local\ElevatedDiagnostics
2017-05-29 22:21 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\NDF
2017-05-29 21:35 - 2015-06-29 22:33 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-05-17 05:50 - 2015-06-29 22:50 - 00000000 ____D C:\Users\barely broke\AppData\Roaming\TeamViewer
2017-05-17 05:50 - 2015-02-13 16:20 - 00000000 ____D C:\Users\barely broke\AppData\Local\CrashDumps
2017-05-16 22:09 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2017-05-14 21:40 - 2015-01-21 13:39 - 05039280 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-10 22:36 - 2009-07-14 15:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-05-10 21:40 - 2015-07-19 18:10 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-10 21:40 - 2015-07-19 18:10 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-10 21:40 - 2015-07-19 18:10 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-10 21:40 - 2015-07-19 18:10 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-10 21:40 - 2015-07-19 18:10 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-10 21:01 - 2016-05-23 12:31 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-10 21:01 - 2016-05-23 12:31 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2017-05-28 04:37 - 2017-05-28 04:37 - 0000087 _____ () C:\Users\barely broke\AppData\Roaming\1de0de73-de3e-46c6-81b0-f6455f081644
2015-10-22 23:36 - 2015-10-23 12:49 - 0000132 _____ () C:\Users\barely broke\AppData\Roaming\Adobe BMP Format CS6 Prefs
2015-07-26 11:41 - 2016-09-03 03:15 - 0000132 _____ () C:\Users\barely broke\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-11-05 13:12 - 2015-11-05 13:12 - 0000014 _____ () C:\Users\barely broke\AppData\Roaming\Network Meter_Usage.ini
2014-12-30 02:35 - 2015-11-05 12:48 - 0000435 _____ () C:\Users\barely broke\AppData\Roaming\Weather Meter_Settings.ini
2015-11-05 13:07 - 2015-11-05 13:09 - 0000490 _____ () C:\Users\barely broke\AppData\Roaming\Weather Monitor_Settings.ini
2015-03-04 02:16 - 2016-09-01 18:31 - 45700992 _____ (Sony) C:\Users\barely broke\AppData\Local\pcc.exe
2016-12-20 10:57 - 2016-12-20 11:05 - 0007666 _____ () C:\Users\barely broke\AppData\Local\Resmon.ResmonCfg
 
Files to move or delete:
====================
C:\Users\barely broke\IP_Log_Data.js
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-24 22:31
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
I have uninstalled the old versions of Java as per your instructions also. My main browser is Chrome so I had to use Internet Explorer to get the latest Java. I have read the blog you gave me about Java malware - scary really! This is a bit of a silly question, but how do I know if I need Java or not? I just use Chrome to surf the net. I don't run any business apps or anything like that.
 
So far I do not think I have any issues, however I did notice that my Tampermonkey extension no longer works - no big loss though.
 
Thank you for your help so far.

Edited by patch18AT, 03 June 2017 - 11:55 AM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:00 PM

Posted 03 June 2017 - 01:39 PM

how do I know if I need Java or not? I just use Chrome to surf the net. I don't run any business apps or anything like that.

Disable it via the TaskManager.

If prompted and it says you need Java enable it.
===
 

I did notice that my Tampermonkey extension no longer works - no big loss though.


It has the same Chrome ID (dhdgffkkebhmkfjojejmpbldmpobfkfo) as FileTour bundler a browser hijacker found here.

https://forums.malwarebytes.com/topic/200945-removal-instructions-for-filetour-bundler/

===

Tampermonkey looks clean.
https://chrome.google.com/webstore/detail/tampermonkey/dhdgffkkebhmkfjojejmpbldmpobfkfo/reviews?hl=en

Reinstall it on Chrome.

Firefox has it's own.
https://addons.mozilla.org/en-US/firefox/addon/tampermonkey/
====

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#8 patch18AT

patch18AT
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:00 AM

Posted 04 June 2017 - 02:53 PM

Hi nasdaq,

 

Judging from the logs I have posted for you, does this mean my computer is now clean?

 

If so, do I need to keep all the things (fixlist and FBAR) somewhere or can I just delete them?

 

 

 

Disable it via the TaskManager.

If prompted and it says you need Java enable it.

 

Sorry for the silly question, but do you mean the Windows Task manager where you press ctrl alt del, or somewhere else? I did a Google search on how to disable Java in the latest version of Chrome, but all the links I find refer to an older version of Chrome that allows you to tweak plugins.

 

 

Thank you for all your help so far.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:00 PM

Posted 05 June 2017 - 06:44 AM

do you mean the Windows Task manager where you press ctrl alt del

Yes.

===

I did a Google search on how to disable Java in the latest version of Chrome, but all the links I find refer to an older version of Chrome that allows you to tweak plugins.

Leave that alone. Just disable Java via the Windows Task Manager.

===

Yes you logs are clean.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#10 patch18AT

patch18AT
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:00 AM

Posted 05 June 2017 - 07:04 AM

 

 

Just disable Java via the Windows Task Manager.

 

The only place I found Java was under the Processes tab - jushed.exe. Under description it says Java Update Scheduler. There is no disable option, only end process.

 

Sorry, I am not sure how else to disable it. I have windows 7 if that makes a difference.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:00 PM

Posted 05 June 2017 - 07:13 AM

Lets play safe Remove Java Completely.


If you ever need it you can install the latest version.

#12 patch18AT

patch18AT
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:00 AM

Posted 06 June 2017 - 01:08 PM

Hello nasdaq,

 

I will remove it as per your suggestion.

 

Given my computer is now clean, can I delete all those files we used?



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:00 PM

Posted 07 June 2017 - 07:22 AM

Download Delfix from this site.
https://www.bleepingcomputer.com/download/delfix/

DelFix is a tool developed by Xplode, the makers of AdwCleaner, which can remove all portable virus cleaning and disinfection tools you’ve ever used. It will also reset the restore points of your computer systems making it even safer.

The program makes some other adjustments to your PC too which include:

Activate UAC: It activates the user account control after cleaning the log files and the unnecessary clutter in your PC.
Remove disinfection tools: Removes the tool you’ve ever used to disinfect your PC.
Create registry backup: The program creates a registry backup and stores it under % windir% \ ERUNT \ DelFix.
Purge system restore: Deletes all your older restore points and creates a fresh one.
Reset system settings: It resets the system settings after the removal process is completed.


Just download the program and run it on your computer system.
There is a default check-mark on feature ‘Remove disinfection tools’ and you need to check other feature manually before running the program should you wish to.
Wait for a few minutes and your computer system will be free of all unnecessary files.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#14 patch18AT

patch18AT
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:00 AM

Posted 08 June 2017 - 06:09 AM

Hello nasdaq,

 

I ran Delfix and it removed the files we used during the clean up process.

 

I have since installed the new Malwarebytes too as suggested by the articles you linked to me.

 

Thank you so much for your help and patience with all of this.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users