Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Sathurbot.e


  • This topic is locked This topic is locked
8 replies to this topic

#1 MAZACOTE71

MAZACOTE71

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 28 June 2017 - 07:35 PM

I got a prompt from Malwarebytes saying it found and removed Trojan Sathurbot.e

What else should I do? Running Windows 7 64



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:53 AM

Posted 29 June 2017 - 08:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs.

Let me know what problems you are having with this computer.
==============================

#3 MAZACOTE71

MAZACOTE71
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 29 June 2017 - 07:19 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs.

Let me know what problems you are having with this computer.
==============================

 

 

 

Thank you.

 

 

# AdwCleaner v6.047 - Logfile created 29/06/2017 at 19:00:11
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-29.3 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : bleibow - CARLOS-PC2
# Running from : C:\Users\bleibow\Downloads\adwcleaner_6.047.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\bleibow\AppData\Local\avg web tuneup
[-] Folder deleted: C:\Users\bleibow\AppData\Roaming\Enigma Software Group
[-] Folder deleted: C:\Users\bleibow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\spyhunter
[-] Folder deleted: C:\Users\bleibow\Documents\Transfer
[-] Folder deleted: C:\Program Files\Enigma Software Group
[-] Folder deleted: C:\sh4ldr
[-] Folder deleted: C:\ProgramData\avg web tuneup
[#] Folder deleted on reboot: C:\ProgramData\Application Data\avg web tuneup
[-] Folder deleted: C:\Program Files (x86)\GreenTree Applications
[-] Folder deleted: C:\Program Files (x86)\avg web tuneup
[-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder deleted: C:\Users\bleibow\AppData\Roaming\Mozilla\Firefox\Profiles\vc9vsk79.default-1473454314129\extensions\anttoolbar@ant.com


***** [ Files ] *****

[-] File deleted: C:\Users\bleibow\Desktop\SpyHunter.lnk
[-] File deleted: C:\Users\bleibow\AppData\Roaming\Mozilla\Firefox\Profiles\vc9vsk79.default-1473454314129\searchplugins\avg-secure-search.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2282 Bytes] - [29/06/2017 19:00:11]
C:\AdwCleaner\AdwCleaner[S0].txt - [2467 Bytes] - [29/06/2017 18:58:20]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2428 Bytes] ##########
 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2017
Ran by bleibow (administrator) on CARLOS-PC2 (29-06-2017 19:09:58)
Running from C:\Users\bleibow\Downloads
Loaded Profiles: bleibow (Available Profiles: bleibow & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normala
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(3Dconnexion) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\Mgl3DCtlrRPCService.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
() C:\Windows\SysWOW64\srvany.exe
(Dell Inc.) C:\Program Files\Dell\PPO\poaService.exe
(TODO: <公司名>) C:\Windows\SysWOW64\SDIOAssist.exe
(Dell Inc.) C:\Program Files\Dell\PPO\poaSmSrv.exe
(Dell Inc.) C:\Program Files\Dell\PPO\poaTaServ.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft) C:\Program Files (x86)\Dell Wireless\DW1601\ConnectionManager.WBEService.exe
(Wilocity) C:\Program Files (x86)\Dell Wireless\DW1601\Monitor\Monitor.Service.exe
(Wilocity) C:\Program Files (x86)\Dell Wireless\DW1601\SupplicantService\wpasvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\PPO\DellPoaEvents.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\AthBtTray.exe
(Qualcomm Atheros Inc.) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiCMgr.exe
(Qualcomm Atheros Inc.) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AWiCDiag.exe
(3Dconnexion, INC) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3DxService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Dell Wireless\DW1601\D5000WirelessDock.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(3Dconnexion) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3dxpiemenus.exe
(Qualcomm Atheros Inc.) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiC.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Qualcomm Atheros Inc.) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\DirectConnect\DirectDisplay.exe
(Qualcomm Atheros Inc.) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\DirectConnect\DCWpaSupplicant.exe
(Qualcomm Atheros Inc.) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\DirectConnect\DCDhcpService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
() C:\Program Files (x86)\Dell Wireless\DW1601\UpdateService\WilocityUpdate.Service.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [DellPoaEvents] => C:\Program Files\Dell\PPO\DellPoaEvents.exe [274936 2013-07-19] (Dell Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\btvstack.exe [1023104 2013-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\athbttray.exe [801920 2013-03-13] (Atheros Commnucations)
HKLM\...\Run: [AWiCMgr] => C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\AWiC\AWiCMgr.exe [189056 2013-03-26] (Qualcomm Atheros Inc.)
HKLM\...\Run: [AWiCDiag] => C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AWiCDiag.exe [2783360 2013-03-26] (Qualcomm Atheros Inc.)
HKLM\...\Run: [wcct] => C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\wcct.exe [1073792 2013-03-26] (Qualcomm Atheros Inc.)
HKLM\...\Run: [3DxWare Service] => C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3DxService.exe [1708416 2014-03-03] (3Dconnexion, INC)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-09-05] (Intel Corporation)
HKLM-x32\...\Run: [FLxHCIm64] => c:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [55976 2013-02-26] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-20] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKU\S-1-5-21-12945545-553147684-2850558854-1001\...\Run: [Google Update] => C:\Users\bleibow\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-06-15] (Google Inc.)
HKU\S-1-5-21-12945545-553147684-2850558854-1001\...\Policies\Explorer: []
HKU\S-1-5-21-12945545-553147684-2850558854-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\PUERTO~1.SCR [76995725 2015-06-13] (Goldshell Digital Media)
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\D5000 Wireless Dock.lnk [2013-11-29]
ShortcutTarget: D5000 Wireless Dock.lnk -> C:\Program Files (x86)\Dell Wireless\DW1601\D5000WirelessDock.exe ()
Startup: C:\Users\bleibow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2014-03-04]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk /r \??\y:autocheck autochk /r \??\y:autocheck autochk *
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46
Tcpip\..\Interfaces\{5425CF91-1B81-496D-9ACB-D7183ED74B62}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E603ADE2-45BA-4F87-9B02-F1EFA94BF192}: [DhcpNameServer] 208.59.247.45 208.59.247.46

Internet Explorer:
==================
HKU\S-1-5-21-12945545-553147684-2850558854-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
HKU\S-1-5-21-12945545-553147684-2850558854-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-03] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-26] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\IEPlugIn.dll => No File
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-26] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-12945545-553147684-2850558854-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: WSWSVCUchrome - No CLSID Value
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\bleibow\AppData\Roaming\Mozilla\Firefox\Profiles\vc9vsk79.default-1473454314129 [2017-06-29]
FF Homepage: Mozilla\Firefox\Profiles\vc9vsk79.default-1473454314129 -> hxxps://mg.mail.yahoo.com/d/folders/1
FF Extension: (Spanish (Spain) Dictionary) - C:\Users\bleibow\AppData\Roaming\Mozilla\Firefox\Profiles\vc9vsk79.default-1473454314129\Extensions\es-es@dictionaries.addons.mozilla.org [2017-01-27]
FF Extension: (Password Exporter) - C:\Users\bleibow\AppData\Roaming\Mozilla\Firefox\Profiles\vc9vsk79.default-1473454314129\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2017-03-13]
FF Extension: (Adblock Plus) - C:\Users\bleibow\AppData\Roaming\Mozilla\Firefox\Profiles\vc9vsk79.default-1473454314129\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - c:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - c:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-08-25] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-08-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-08-04] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> c:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-12945545-553147684-2850558854-1001: @citrixonline.com/appdetectorplugin -> C:\Users\bleibow\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-09-23] (Citrix Online)
FF Plugin HKU\S-1-5-21-12945545-553147684-2850558854-1001: @tools.google.com/Google Update;version=3 -> C:\Users\bleibow\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-12945545-553147684-2850558854-1001: @tools.google.com/Google Update;version=9 -> C:\Users\bleibow\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\bleibow\AppData\Local\Google\Chrome\User Data\Default [2017-02-03]
CHR Extension: (Docs) - C:\Users\bleibow\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-03]
CHR Extension: (Google Drive) - C:\Users\bleibow\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-03]
CHR Extension: (YouTube) - C:\Users\bleibow\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-03]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\bleibow\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-03]
CHR Extension: (Google Sheets) - C:\Users\bleibow\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bleibow\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-03]
CHR Extension: (Gmail) - C:\Users\bleibow\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - c:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5020520 2015-03-23] (Emsisoft GmbH)
R2 AtherosSvc; C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\adminservice.exe [204928 2013-03-13] (Atheros Commnucations) [File not signed]
S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R3 DCDhcpService; C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\DirectConnect\DCDhcpService.exe [198272 2013-03-26] (Qualcomm Atheros Inc.) [File not signed]
S3 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2486272 2013-04-30] (Dell Inc.) [File not signed]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8998800 2013-05-08] (DisplayLink Corp.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2010-01-11] (Stardock Corporation) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 Mgl3DCtlrRPCService; C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\Mgl3DCtlrRPCService.exe [30208 2014-03-03] (3Dconnexion) [File not signed]
S4 mi-raysat_3dsmax2014_64; C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-14] () [File not signed]
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [416432 2017-06-20] ()
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2694432 2014-08-04] ()
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2014-03-07] (BayHubTech/O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2012-03-09] () [File not signed]
R2 poaService; C:\Program Files\Dell\PPO\poaService.exe [641232 2013-07-19] (Dell Inc.)
R2 PoaSMSrv; C:\Program Files\Dell\PPO\poaSmSrv.exe [277712 2013-07-19] (Dell Inc.)
R2 poaTaServ; C:\Program Files\Dell\PPO\poaTaServ.exe [516304 2013-07-19] (Dell Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] ()
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16120 2017-05-10] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143560 2017-05-10] (Seagate Technology LLC)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2013-11-21] (SoftThinks SAS)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 tcsd_win32.exe; C:\Program Files\Dell\Dell Data Protection\TSS\bin\tcsd_win32.exe [1636352 2012-12-10] (Security Innovation, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757040 2017-04-06] (TeamViewer GmbH)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [44760 2015-08-04] (AVG Technologies)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [36568 2015-08-04] (AVG Technologies)
R2 WBEService; C:\Program Files (x86)\Dell Wireless\DW1601\ConnectionManager.WBEService.exe [16384 2013-07-03] (Microsoft) [File not signed]
R2 WilocityMonitorService; C:\Program Files (x86)\Dell Wireless\DW1601\Monitor\Monitor.Service.exe [38912 2013-05-30] (Wilocity) [File not signed]
R2 WilocityUpdate; C:\Program Files (x86)\Dell Wireless\DW1601\UpdateService\WilocityUpdate.Service.exe [10240 2013-07-03] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-11-29] (Microsoft Corporation)
R2 WPASupplicantService; C:\Program Files (x86)\Dell Wireless\DW1601\SupplicantService\wpasvc.exe [254464 2013-07-03] (Wilocity) [File not signed]
R2 Dell.PowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{AB749DDD-EB3C-4A65-8E2F-CFBEB5028111}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 3dxhid; C:\Windows\System32\DRIVERS\3dxhid.sys [36624 2014-03-03] (3Dconnexion SAM)
R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Inc.)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2013-04-29] (Dell Computer Corporation)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [489752 2014-08-14] (Intel Corporation)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-23] (Emsisoft GmbH)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-28] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2261464 2013-08-27] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] ()
R3 KMJHidMini; C:\Windows\System32\DRIVERS\3dxkmj.sys [18944 2014-03-03] (3Dconnextion Inc.)
R3 KMJShim; C:\Windows\System32\DRIVERS\3dxshim.sys [7168 2014-03-03] (3Dconnextion Inc.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-29] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation)
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [210592 2014-05-14] (BayHubTech/O2Micro )
R3 POADrvr; C:\Windows\System32\drivers\POADrvr.sys [21264 2013-07-19] (Dell Computer Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] ()
R3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [89312 2013-03-27] (STMicroelectronics)
R3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [75088 2017-03-29] (The OpenVPN Project)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
R0 wPCI; C:\Windows\System32\DRIVERS\wPci.sys [67224 2013-07-03] (Wilocity Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-29 19:09 - 2017-06-29 19:11 - 00034232 _____ C:\Users\bleibow\Downloads\FRST.txt
2017-06-29 19:09 - 2017-06-29 19:09 - 00000000 ____D C:\FRST
2017-06-29 19:08 - 2017-06-29 19:08 - 02440704 _____ (Farbar) C:\Users\bleibow\Downloads\FRST64.exe
2017-06-29 19:07 - 2017-06-29 19:07 - 01779712 _____ (Farbar) C:\Users\bleibow\Downloads\FRST.exe
2017-06-29 19:03 - 2017-06-29 19:03 - 00000000 ___RD C:\Users\bleibow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2017-06-29 18:56 - 2017-06-29 19:00 - 00000000 ____D C:\AdwCleaner
2017-06-29 18:55 - 2017-06-29 18:56 - 04110280 _____ C:\Users\bleibow\Downloads\adwcleaner_6.047.exe
2017-06-29 18:54 - 2017-06-29 19:02 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-29 18:54 - 2017-06-29 18:54 - 00001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-29 18:54 - 2017-06-29 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-29 18:54 - 2017-06-29 18:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-29 18:54 - 2017-06-29 18:54 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-29 18:54 - 2017-05-25 11:58 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-06-29 18:31 - 2017-06-29 18:31 - 00000000 _____ C:\Windows\SysWOW64\last.dump
2017-06-29 18:30 - 2017-03-21 18:16 - 00548928 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4738.tmp
2017-06-29 18:30 - 2017-03-14 18:59 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4842.tmp
2017-06-29 18:30 - 2017-03-05 01:49 - 00993608 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3FA4.tmp
2017-06-29 18:30 - 2017-03-05 01:49 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4B9D.tmp
2017-06-29 18:30 - 2017-03-05 01:49 - 00126600 _____ (AVAST Software) C:\Windows\system32\Drivers\asw460D.tmp
2017-06-29 18:30 - 2017-03-05 01:49 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\asw415A.tmp
2017-06-29 18:30 - 2017-03-05 01:49 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\asw46AA.tmp
2017-06-29 18:30 - 2017-03-05 01:49 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4570.tmp
2017-06-29 18:30 - 2017-02-03 15:00 - 00028312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswAEE2.tmp
2017-06-29 18:29 - 2017-03-05 01:49 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3E7B.tmp
2017-06-29 18:29 - 2017-03-05 01:48 - 00461640 _____ (AVAST Software) C:\Windows\system32\Drivers\asw30C0.tmp
2017-06-29 18:29 - 2017-03-05 01:48 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\asw3507.tmp
2017-06-29 18:29 - 2017-03-05 01:48 - 00309272 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\asw3266.tmp
2017-06-29 18:29 - 2017-03-05 01:48 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\asw33AF.tmp
2017-06-29 18:29 - 2017-03-05 01:48 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\asw365F.tmp
2017-06-28 23:48 - 2017-06-28 23:48 - 64232976 _____ (Malwarebytes ) C:\Users\bleibow\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe
2017-06-28 21:52 - 2017-06-29 18:45 - 00000000 ____D C:\Users\bleibow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegHunter
2017-06-28 21:52 - 2017-06-28 21:52 - 00001084 _____ C:\Users\bleibow\Desktop\RegHunter.lnk
2017-06-28 19:58 - 2017-06-28 20:02 - 00000000 ____D C:\Users\bleibow\Documents\Mixmeister Mixes
2017-06-28 19:48 - 2017-06-29 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixMeister
2017-06-28 19:47 - 2017-06-29 18:45 - 00000000 ____D C:\Program Files (x86)\MixMeister Fusion
2017-06-28 19:43 - 2017-06-28 19:49 - 00000000 ____D C:\Users\bleibow\AppData\Roaming\MixMeister Technology
2017-06-28 19:41 - 2017-06-28 19:41 - 00001209 _____ C:\Users\bleibow\Downloads\MixMeister.Fusion.v7.4.2-AiR - Shortcut.lnk
2017-06-28 19:38 - 2017-06-28 19:38 - 00000000 _____ C:\autoexec.bat
2017-06-28 19:36 - 2017-06-28 19:36 - 02755584 _____ C:\Users\bleibow\Downloads\SH-Alt-Install.exe
2017-06-28 18:54 - 2017-06-29 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO Opener
2017-06-28 18:54 - 2017-06-29 18:45 - 00000000 ____D C:\Program Files (x86)\ISO Opener
2017-06-28 18:54 - 2017-06-28 18:54 - 00000956 _____ C:\Users\Public\Desktop\ISO Opener.lnk
2017-06-28 18:50 - 2017-06-28 18:50 - 00850067 _____ (www.isoopener.com ) C:\Users\bleibow\Downloads\isoopener_setup.exe
2017-06-28 18:35 - 2017-06-29 18:45 - 00000000 ____D C:\Users\bleibow\Downloads\MixMeister.Fusion.v7.4.2-AiR
2017-06-20 19:25 - 2017-06-20 19:25 - 00003360 _____ C:\Windows\System32\Tasks\NordVPN
2017-06-20 19:25 - 2017-06-20 19:25 - 00001915 _____ C:\Users\Public\Desktop\NordVPN.lnk
2017-06-20 19:25 - 2017-06-20 19:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2017-06-15 20:12 - 2017-06-15 20:13 - 01130328 _____ (Google Inc.) C:\Users\bleibow\Downloads\musicmanagerinstaller(1).exe
2017-06-15 19:58 - 2017-06-15 19:59 - 72219074 _____ C:\Users\bleibow\Downloads\Roy Brown & Varios - 2005 - Yo protesto Homenaje a Roy Brown.rar
2017-06-13 21:23 - 2017-06-02 03:28 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-13 21:23 - 2017-06-02 03:28 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-13 21:23 - 2017-06-02 03:28 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-06-13 21:23 - 2017-06-02 03:28 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-06-13 21:23 - 2017-06-02 03:28 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-06-13 21:23 - 2017-06-02 03:28 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-06-13 21:23 - 2017-06-02 03:28 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-06-13 21:23 - 2017-06-02 03:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-06-13 21:23 - 2017-06-02 03:28 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-06-13 21:23 - 2017-06-02 03:11 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-13 21:23 - 2017-06-02 03:11 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-06-13 21:23 - 2017-06-02 03:10 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-13 21:23 - 2017-06-02 03:10 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-06-13 21:23 - 2017-06-02 03:09 - 01549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-13 21:23 - 2017-06-02 03:09 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-13 21:23 - 2017-06-02 03:09 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-06-13 21:23 - 2017-06-02 03:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-06-13 21:23 - 2017-06-02 03:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-06-13 21:23 - 2017-06-02 03:09 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-06-13 21:23 - 2017-06-02 03:09 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-06-13 21:23 - 2017-06-02 03:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-06-13 21:23 - 2017-06-02 02:58 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-13 21:23 - 2017-06-02 02:58 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-06-13 21:23 - 2017-06-02 02:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-06-13 21:23 - 2017-06-02 02:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-06-13 21:23 - 2017-05-20 23:28 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-06-13 21:23 - 2017-05-20 23:28 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-06-13 21:23 - 2017-05-20 23:24 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-13 21:23 - 2017-05-20 23:24 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-06-13 21:23 - 2017-05-20 23:24 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-06-13 21:23 - 2017-05-20 23:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-06-13 21:23 - 2017-05-20 23:24 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-06-13 21:23 - 2017-05-20 23:24 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-06-13 21:23 - 2017-05-20 23:24 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-06-13 21:23 - 2017-05-20 23:24 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-06-13 21:23 - 2017-05-20 23:24 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-06-13 21:23 - 2017-05-20 23:24 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-06-13 21:23 - 2017-05-20 23:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-06-13 21:23 - 2017-05-20 23:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-06-13 21:23 - 2017-05-20 23:24 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-06-13 21:23 - 2017-05-20 23:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-06-13 21:23 - 2017-05-20 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-06-13 21:23 - 2017-05-20 23:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-06-13 21:23 - 2017-05-20 23:24 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-06-13 21:23 - 2017-05-20 23:24 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-06-13 21:23 - 2017-05-20 23:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-06-13 21:23 - 2017-05-20 23:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-06-13 21:23 - 2017-05-20 23:06 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-06-13 21:23 - 2017-05-20 23:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-06-13 21:23 - 2017-05-20 23:06 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-06-13 21:23 - 2017-05-20 23:06 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-06-13 21:23 - 2017-05-20 23:06 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-06-13 21:23 - 2017-05-20 23:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-06-13 21:23 - 2017-05-20 23:06 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-06-13 21:23 - 2017-05-20 23:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-06-13 21:23 - 2017-05-20 23:06 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-06-13 21:23 - 2017-05-20 23:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-06-13 21:23 - 2017-05-20 23:06 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-06-13 21:23 - 2017-05-20 23:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-06-13 21:23 - 2017-05-20 23:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-06-13 21:23 - 2017-05-20 23:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-06-13 21:23 - 2017-05-20 23:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-06-13 21:23 - 2017-05-20 22:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-06-13 21:23 - 2017-05-20 22:48 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-06-13 21:23 - 2017-05-20 22:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-06-13 21:23 - 2017-05-20 22:48 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-06-13 21:23 - 2017-05-20 22:47 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-06-13 21:23 - 2017-05-20 22:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-06-13 21:23 - 2017-05-20 22:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-06-13 21:23 - 2017-05-16 13:19 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-06-13 21:23 - 2017-05-16 12:35 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-06-13 21:23 - 2017-05-14 15:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-06-13 21:23 - 2017-05-14 15:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-06-13 21:23 - 2017-05-14 15:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-06-13 21:23 - 2017-05-14 15:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-06-13 21:23 - 2017-05-14 15:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-06-13 21:23 - 2017-05-14 15:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-06-13 21:23 - 2017-05-14 15:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-06-13 21:23 - 2017-05-14 15:24 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-06-13 21:23 - 2017-05-14 15:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-13 21:23 - 2017-05-14 15:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-06-13 21:23 - 2017-05-14 15:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-06-13 21:23 - 2017-05-14 15:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-06-13 21:23 - 2017-05-14 15:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-06-13 21:23 - 2017-05-14 15:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-06-13 21:23 - 2017-05-14 15:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-06-13 21:23 - 2017-05-14 15:10 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-06-13 21:23 - 2017-05-14 15:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-06-13 21:23 - 2017-05-14 14:57 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-06-13 21:23 - 2017-05-14 14:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-13 21:23 - 2017-05-14 14:48 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-06-13 21:23 - 2017-05-14 14:47 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-06-13 21:23 - 2017-05-14 14:46 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-06-13 21:23 - 2017-05-14 14:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-06-13 21:23 - 2017-05-14 14:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-06-13 21:23 - 2017-05-14 14:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-06-13 21:23 - 2017-05-14 14:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-06-13 21:23 - 2017-05-14 14:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-06-13 21:23 - 2017-05-14 14:23 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-06-13 21:23 - 2017-05-14 14:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-06-13 21:23 - 2017-05-14 14:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-06-13 21:23 - 2017-05-14 14:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-06-13 21:23 - 2017-05-14 14:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-06-13 21:23 - 2017-05-14 14:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-06-13 21:23 - 2017-05-14 14:20 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-06-13 21:23 - 2017-05-14 14:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-06-13 21:23 - 2017-05-14 14:18 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-06-13 21:23 - 2017-05-14 14:17 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-06-13 21:23 - 2017-05-14 14:16 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-06-13 21:23 - 2017-05-14 14:15 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-06-13 21:23 - 2017-05-14 14:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-06-13 21:23 - 2017-05-14 14:12 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-06-13 21:23 - 2017-05-14 14:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-13 21:23 - 2017-05-14 14:11 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-06-13 21:23 - 2017-05-14 14:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-06-13 21:23 - 2017-05-14 14:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-06-13 21:23 - 2017-05-14 14:02 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-06-13 21:23 - 2017-05-14 13:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-06-13 21:23 - 2017-05-14 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-06-13 21:23 - 2017-05-14 13:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-06-13 21:23 - 2017-05-14 13:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-13 21:23 - 2017-05-14 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-06-13 21:23 - 2017-05-14 13:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-06-13 21:23 - 2017-05-14 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-06-13 21:23 - 2017-05-14 13:50 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-06-13 21:23 - 2017-05-14 13:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-06-13 21:23 - 2017-05-14 13:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-13 21:23 - 2017-05-14 13:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-06-13 21:23 - 2017-05-14 13:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-06-13 21:23 - 2017-05-14 13:39 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-06-13 21:23 - 2017-05-14 13:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-06-13 21:23 - 2017-05-14 13:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-06-13 21:23 - 2017-05-14 13:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-13 21:23 - 2017-05-14 13:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-06-13 21:23 - 2017-05-14 13:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-06-13 21:23 - 2017-05-14 13:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-06-13 21:23 - 2017-05-14 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-06-13 21:23 - 2017-05-12 13:27 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-06-13 21:23 - 2017-05-12 13:26 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-13 21:23 - 2017-05-12 13:26 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-06-13 21:23 - 2017-05-12 13:26 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-13 21:23 - 2017-05-12 13:24 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:07 - 04001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-06-13 21:23 - 2017-05-12 13:07 - 03945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-06-13 21:23 - 2017-05-12 13:07 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-13 21:23 - 2017-05-12 13:04 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 12:55 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-06-13 21:23 - 2017-05-12 12:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-06-13 21:23 - 2017-05-12 12:54 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-06-13 21:23 - 2017-05-12 12:52 - 03222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-06-13 21:23 - 2017-05-12 12:51 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-06-13 21:23 - 2017-05-12 12:50 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-06-13 21:23 - 2017-05-12 12:46 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-06-13 21:23 - 2017-05-12 12:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-13 21:23 - 2017-05-12 12:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-06-13 21:23 - 2017-05-12 12:41 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-06-13 21:23 - 2017-05-12 12:41 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-06-13 21:23 - 2017-05-12 12:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-06-13 21:23 - 2017-05-12 12:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 12:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 12:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 12:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-06-13 21:23 - 2017-05-12 11:25 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-13 21:23 - 2017-05-12 10:58 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-13 21:23 - 2017-05-12 10:58 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-13 21:23 - 2017-05-10 10:33 - 00091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
2017-06-13 21:23 - 2017-05-10 10:29 - 14183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-13 21:23 - 2017-05-10 10:29 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-13 21:23 - 2017-05-10 10:29 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-06-13 21:23 - 2017-05-10 10:29 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-13 21:23 - 2017-05-10 10:29 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-13 21:23 - 2017-05-10 10:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-06-13 21:23 - 2017-05-10 10:16 - 00091368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe
2017-06-13 21:23 - 2017-05-10 10:14 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-13 21:23 - 2017-05-10 10:13 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-13 21:23 - 2017-05-10 10:13 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-13 21:23 - 2017-05-10 10:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-06-13 21:23 - 2017-05-10 10:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-13 21:23 - 2017-05-10 10:13 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-06-13 21:23 - 2017-05-10 10:13 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-06-13 21:23 - 2017-05-10 10:12 - 12880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-13 21:23 - 2017-05-10 10:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-06-13 21:23 - 2017-05-10 10:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-06-13 21:23 - 2017-05-10 10:00 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-06-13 21:23 - 2017-05-10 10:00 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-06-13 21:23 - 2017-05-10 10:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-06-13 21:23 - 2017-05-10 10:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-06-13 21:23 - 2017-05-10 09:52 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-13 21:23 - 2017-05-09 10:30 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-13 21:23 - 2017-05-09 10:29 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-13 21:23 - 2017-05-09 10:15 - 00071680 _____ C:\Windows\system32\PrintBrmUi.exe
2017-06-13 21:23 - 2017-05-09 10:11 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-06-13 21:23 - 2017-05-07 10:33 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-13 21:23 - 2017-05-07 10:29 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-06-13 21:23 - 2017-04-27 17:50 - 03550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-06-13 21:23 - 2017-04-12 08:05 - 04296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-06-13 21:23 - 2017-03-30 10:03 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
2017-06-13 21:23 - 2017-03-30 09:58 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
2017-06-04 13:01 - 2017-06-04 13:01 - 00000000 ____D C:\Users\bleibow\My Online Documents
2017-05-30 20:09 - 2017-05-30 22:57 - 00000000 ____D C:\Program Files\TAP-NordVPN

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-29 19:10 - 2013-11-29 22:06 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2017-06-29 19:07 - 2017-01-26 17:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-29 19:06 - 2015-09-23 18:55 - 00000574 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-12945545-553147684-2850558854-1001.job
2017-06-29 19:05 - 2016-11-18 20:01 - 00000000 ____D C:\Users\bleibow\AppData\LocalLow\Mozilla
2017-06-29 19:05 - 2013-12-29 18:54 - 00000000 ____D C:\Users\bleibow\AppData\Local\CrashDumps
2017-06-29 19:02 - 2015-03-01 11:50 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2017-06-29 19:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2017-06-29 19:01 - 2016-04-06 21:59 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2017-06-29 19:01 - 2013-11-29 21:39 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-29 19:01 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-29 18:57 - 2009-07-13 23:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-29 18:57 - 2009-07-13 23:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-29 18:45 - 2017-02-03 15:01 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-06-29 18:45 - 2015-09-13 13:32 - 00000000 ____D C:\Users\bleibow\Downloads\Microsoft Office 2010 Professional Plus SP2 x86 x64
2017-06-29 18:45 - 2014-03-06 22:50 - 00000000 ____D C:\Users\bleibow\AppData\Roaming\uTorrent
2017-06-29 18:45 - 2014-03-04 20:18 - 00000000 ____D C:\Users\bleibow\AppData\Local\3Dconnexion
2017-06-29 18:45 - 2013-12-28 15:47 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-06-29 18:45 - 2013-12-22 16:47 - 00000000 ____D C:\ProgramData\Atheros
2017-06-29 18:45 - 2013-12-22 16:45 - 00000000 ____D C:\Users\bleibow
2017-06-29 18:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Msdtc
2017-06-29 18:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-06-29 18:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\tracing
2017-06-29 18:32 - 2017-02-03 14:59 - 00000000 ____D C:\ProgramData\AVAST Software
2017-06-29 18:31 - 2015-09-23 18:55 - 00000670 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-12945545-553147684-2850558854-1001.job
2017-06-29 18:07 - 2015-05-11 22:11 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-06-28 23:51 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2017-06-28 21:47 - 2014-10-02 20:08 - 00000000 ____D C:\Users\bleibow\Documents\Recibos
2017-06-28 19:49 - 2013-11-29 21:35 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-28 18:23 - 2009-07-14 00:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-28 18:18 - 2013-12-22 18:02 - 00000000 ____D C:\Users\bleibow\AppData\Local\Adobe
2017-06-22 21:47 - 2015-05-29 17:46 - 00000000 ____D C:\Users\bleibow\Documents\Outlook Files
2017-06-21 23:10 - 2014-03-21 14:28 - 00002346 ____H C:\Users\bleibow\Documents\Default.rdp
2017-06-21 21:29 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-06-20 19:25 - 2017-03-01 22:19 - 00000000 ____D C:\Program Files (x86)\NordVPN
2017-06-20 19:22 - 2017-02-03 20:43 - 00000000 ____D C:\Users\bleibow\AppData\Roaming\NordVPN
2017-06-20 19:08 - 2009-07-14 00:08 - 00032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-06-17 11:01 - 2017-01-27 00:01 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-17 11:01 - 2017-01-27 00:01 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-17 11:01 - 2017-01-27 00:01 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-06-17 11:01 - 2013-11-29 21:35 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-15 20:13 - 2015-05-23 12:46 - 00003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-12945545-553147684-2850558854-1001UA
2017-06-15 20:13 - 2015-05-23 12:46 - 00003234 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-12945545-553147684-2850558854-1001Core
2017-06-15 19:18 - 2014-09-30 19:35 - 00000000 ____D C:\Users\bleibow\AppData\Roaming\vlc
2017-06-14 17:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-06-14 15:44 - 2014-03-25 20:43 - 00000000 ___RD C:\Users\bleibow\Virtual Machines
2017-06-14 15:41 - 2009-07-13 23:45 - 05130256 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-14 15:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2017-06-14 15:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\migwiz
2017-06-14 00:30 - 2014-03-12 23:18 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-06-14 00:24 - 2016-09-09 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-14 00:24 - 2016-09-09 15:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-14 00:24 - 2016-09-09 15:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 00:23 - 2013-12-28 15:39 - 00000000 ____D C:\Windows\system32\MRT
2017-06-14 00:19 - 2013-12-28 15:39 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-14 00:16 - 2009-07-13 21:34 - 00000510 _____ C:\Windows\win.ini
2017-06-13 22:51 - 2015-09-23 18:55 - 00003704 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-12945545-553147684-2850558854-1001
2017-06-13 22:51 - 2015-09-23 18:55 - 00003608 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-12945545-553147684-2850558854-1001
2017-06-13 21:12 - 2014-03-04 21:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-04 14:05 - 2017-02-18 00:57 - 00002107 _____ C:\Users\Public\Desktop\Seagate Dashboard.lnk
2017-06-04 14:05 - 2017-02-18 00:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard

==================== Files in the root of some directories =======

2015-04-03 14:35 - 2015-04-03 14:35 - 0000093 _____ () C:\Users\bleibow\AppData\Roaming\ARCompanion.log
2014-03-21 12:05 - 2014-03-26 20:05 - 0000081 _____ () C:\Users\bleibow\AppData\Roaming\WB.CFG
2016-04-24 00:43 - 2016-04-24 00:43 - 0007609 _____ () C:\Users\bleibow\AppData\Local\Resmon.ResmonCfg
2014-03-05 21:13 - 2014-03-05 21:13 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:
====================
2017-06-04 14:02 - 2017-06-04 14:02 - 97404904 _____ (Seagate) C:\Users\bleibow\AppData\Local\Temp\a2046aa7-6e3e-4ec9-9450-c4eb9f9ec7f3.setup.exe
2017-04-18 19:59 - 2017-04-18 19:59 - 0739904 _____ (Oracle Corporation) C:\Users\bleibow\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-06-04 13:43 - 2017-06-04 13:43 - 97404904 _____ (Seagate) C:\Users\bleibow\AppData\Local\Temp\setup.exe

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-24 16:59

==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:53 AM

Posted 30 June 2017 - 08:22 AM

Hi,

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-12945545-553147684-2850558854-1001\...\Policies\Explorer: []
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  -> No File
GroupPolicy: Restriction <==== ATTENTION
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\IEPlugIn.dll => No File
Toolbar: HKU\S-1-5-21-12945545-553147684-2850558854-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: WSWSVCUchrome - No CLSID Value
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bleibow\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-03]
CustomCLSID: HKU\S-1-5-21-12945545-553147684-2850558854-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\bleibow\AppData\Local\Citrix\GoToMeeting\3277\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-12945545-553147684-2850558854-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\bleibow\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
Task: {3473F6F3-ACB7-4AB2-8E9C-463AEEBAE493} - System32\Tasks\{9E6FEC46-440C-408D-BE69-45238C1D9DBC} => pcalua.exe -a C:\Users\bleibow\Downloads\HijackThis.exe -d C:\Users\bleibow\Downloads
Task: {ED6F8E98-3AE0-4079-87CF-A2A28009B99B} - System32\Tasks\{22FCF55A-6463-479A-B93E-E8E4C9A7C41C} => pcalua.exe -a C:\Users\bleibow\Downloads\HijackThis(1).exe -d C:\Users\bleibow\Downloads
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3204 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3255 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3356 [0]
AlternateDataStreams: C:\Users\bleibow\AppData\Local:DgiwLx5JvjpUEV0aIaEmLd6l [2236]
AlternateDataStreams: C:\Users\bleibow\AppData\Local:UUXRBbyQkhO5DJAnPo [1998]
AlternateDataStreams: C:\Users\bleibow\AppData\Local\3zeUSyFRRwQE:KSKvvEq8umnfbmt1c0pKa7o [2178]
AlternateDataStreams: C:\Users\bleibow\AppData\Local\Application Data:DgiwLx5JvjpUEV0aIaEmLd6l [2236]
AlternateDataStreams: C:\Users\bleibow\AppData\Local\Application Data:UUXRBbyQkhO5DJAnPo [1998]
AlternateDataStreams: C:\Users\bleibow\AppData\Local\YsTpkJMI4QbFrW:vLSENdVm2uchbbIDnOKwyfWX [2078]
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
---

Reset the browsers that you use and have been compromised.

How To:
https://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/
---

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
===

Please let me know what problem persists with this computer.

#5 MAZACOTE71

MAZACOTE71
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 30 June 2017 - 06:36 PM

Hi,

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 

Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-12945545-553147684-2850558854-1001\...\Policies\Explorer: []
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  -> No File
GroupPolicy: Restriction <==== ATTENTION
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\IEPlugIn.dll => No File
Toolbar: HKU\S-1-5-21-12945545-553147684-2850558854-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: WSWSVCUchrome - No CLSID Value
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bleibow\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-03]
CustomCLSID: HKU\S-1-5-21-12945545-553147684-2850558854-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\bleibow\AppData\Local\Citrix\GoToMeeting\3277\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-12945545-553147684-2850558854-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\bleibow\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
Task: {3473F6F3-ACB7-4AB2-8E9C-463AEEBAE493} - System32\Tasks\{9E6FEC46-440C-408D-BE69-45238C1D9DBC} => pcalua.exe -a C:\Users\bleibow\Downloads\HijackThis.exe -d C:\Users\bleibow\Downloads
Task: {ED6F8E98-3AE0-4079-87CF-A2A28009B99B} - System32\Tasks\{22FCF55A-6463-479A-B93E-E8E4C9A7C41C} => pcalua.exe -a C:\Users\bleibow\Downloads\HijackThis(1).exe -d C:\Users\bleibow\Downloads
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3204 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3255 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3356 [0]
AlternateDataStreams: C:\Users\bleibow\AppData\Local:DgiwLx5JvjpUEV0aIaEmLd6l [2236]
AlternateDataStreams: C:\Users\bleibow\AppData\Local:UUXRBbyQkhO5DJAnPo [1998]
AlternateDataStreams: C:\Users\bleibow\AppData\Local\3zeUSyFRRwQE:KSKvvEq8umnfbmt1c0pKa7o [2178]
AlternateDataStreams: C:\Users\bleibow\AppData\Local\Application Data:DgiwLx5JvjpUEV0aIaEmLd6l [2236]
AlternateDataStreams: C:\Users\bleibow\AppData\Local\Application Data:UUXRBbyQkhO5DJAnPo [1998]
AlternateDataStreams: C:\Users\bleibow\AppData\Local\YsTpkJMI4QbFrW:vLSENdVm2uchbbIDnOKwyfWX [2078]
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
---

Reset the browsers that you use and have been compromised.

How To:
https://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/
---

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
===

Please let me know what problem persists with this computer.

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by bleibow (30-06-2017 18:21:22) Run:1
Running from C:\Users\bleibow\Downloads
Loaded Profiles: bleibow (Available Profiles: bleibow & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-12945545-553147684-2850558854-1001\...\Policies\Explorer: []
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  -> No File
GroupPolicy: Restriction <==== ATTENTION
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\IEPlugIn.dll => No File
Toolbar: HKU\S-1-5-21-12945545-553147684-2850558854-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: WSWSVCUchrome - No CLSID Value
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bleibow\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-03]
CustomCLSID: HKU\S-1-5-21-12945545-553147684-2850558854-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\bleibow\AppData\Local\Citrix\GoToMeeting\3277\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-12945545-553147684-2850558854-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\bleibow\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
Task: {3473F6F3-ACB7-4AB2-8E9C-463AEEBAE493} - System32\Tasks\{9E6FEC46-440C-408D-BE69-45238C1D9DBC} => pcalua.exe -a C:\Users\bleibow\Downloads\HijackThis.exe -d C:\Users\bleibow\Downloads
Task: {ED6F8E98-3AE0-4079-87CF-A2A28009B99B} - System32\Tasks\{22FCF55A-6463-479A-B93E-E8E4C9A7C41C} => pcalua.exe -a C:\Users\bleibow\Downloads\HijackThis(1).exe -d C:\Users\bleibow\Downloads
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3204 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3255 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3356 [0]
AlternateDataStreams: C:\Users\bleibow\AppData\Local:DgiwLx5JvjpUEV0aIaEmLd6l [2236]
AlternateDataStreams: C:\Users\bleibow\AppData\Local:UUXRBbyQkhO5DJAnPo [1998]
AlternateDataStreams: C:\Users\bleibow\AppData\Local\3zeUSyFRRwQE:KSKvvEq8umnfbmt1c0pKa7o [2178]
AlternateDataStreams: C:\Users\bleibow\AppData\Local\Application Data:DgiwLx5JvjpUEV0aIaEmLd6l [2236]
AlternateDataStreams: C:\Users\bleibow\AppData\Local\Application Data:UUXRBbyQkhO5DJAnPo [1998]
AlternateDataStreams: C:\Users\bleibow\AppData\Local\YsTpkJMI4QbFrW:vLSENdVm2uchbbIDnOKwyfWX [2078]
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll


End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-12945545-553147684-2850558854-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0PerformanceMonitor => key removed successfully
HKLM\Software\Classes\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} => key removed successfully
HKU\S-1-5-21-12945545-553147684-2850558854-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
HKLM\Software\Classes\PROTOCOLS\Handler\WSWSVCUchrome => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
C:\Users\bleibow\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
HKU\S-1-5-21-12945545-553147684-2850558854-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309} => key removed successfully
HKU\S-1-5-21-12945545-553147684-2850558854-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3473F6F3-ACB7-4AB2-8E9C-463AEEBAE493} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3473F6F3-ACB7-4AB2-8E9C-463AEEBAE493} => key removed successfully
C:\Windows\System32\Tasks\{9E6FEC46-440C-408D-BE69-45238C1D9DBC} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9E6FEC46-440C-408D-BE69-45238C1D9DBC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED6F8E98-3AE0-4079-87CF-A2A28009B99B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED6F8E98-3AE0-4079-87CF-A2A28009B99B} => key removed successfully
C:\Windows\System32\Tasks\{22FCF55A-6463-479A-B93E-E8E4C9A7C41C} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{22FCF55A-6463-479A-B93E-E8E4C9A7C41C} => key removed successfully
C:\Windows\SysWOW64\MSIHANDLE => ":3204" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":3255" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":3356" ADS removed successfully.
C:\Users\bleibow\AppData\Local => ":DgiwLx5JvjpUEV0aIaEmLd6l" ADS removed successfully.
C:\Users\bleibow\AppData\Local => ":UUXRBbyQkhO5DJAnPo" ADS removed successfully.
C:\Users\bleibow\AppData\Local\3zeUSyFRRwQE => ":KSKvvEq8umnfbmt1c0pKa7o" ADS removed successfully.
"C:\Users\bleibow\AppData\Local\Application Data" => ":DgiwLx5JvjpUEV0aIaEmLd6l" ADS not found.
"C:\Users\bleibow\AppData\Local\Application Data" => ":UUXRBbyQkhO5DJAnPo" ADS not found.
C:\Users\bleibow\AppData\Local\YsTpkJMI4QbFrW => ":vLSENdVm2uchbbIDnOKwyfWX" ADS removed successfully.
C:\Windows\SysWOW64\dlumd10.dll => moved successfully
C:\Windows\SysWOW64\dlumd11.dll => moved successfully
C:\Windows\SysWOW64\dlumd9.dll => moved successfully
C:\Windows\System32\dlumd10.dll => moved successfully
C:\Windows\System32\dlumd11.dll => moved successfully
C:\Windows\System32\dlumd9.dll => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39793356 B
Java, Flash, Steam htmlcache => 265035 B
Windows/system/drivers => 437702888 B
Edge => 0 B
Chrome => 11818643 B
Firefox => 416552800 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 74242 B
LocalService => 0 B
NetworkService => 132306 B
bleibow => 552214609 B
Guest => 6241588 B

RecycleBin => 293974515 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:24:38 ====



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:53 AM

Posted 01 July 2017 - 06:47 AM

Has your problem been solved?

#7 MAZACOTE71

MAZACOTE71
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 01 July 2017 - 04:27 PM

Has your problem been solved?


From what I can tell. Malwarebytes quarantined the infection before it even took hold. Everything seems to be fine. Unless you noticed anything on the logs that I should be concerned with. Thank you!

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:53 AM

Posted 02 July 2017 - 07:00 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#9 MAZACOTE71

MAZACOTE71
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 02 July 2017 - 09:43 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

 

 

Thanks again!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users