Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Machine got really slow, mwb, sas, found nothing

Slow

  • Please log in to reply

#1
bhzendner

bhzendner

    Member

  • Member
  • PipPipPip
  • 219 posts

Not sure what happened, got really slow, very slow. Ran Malwarebytes nothing found, ran Superantispyware only cookies found, what next, what could make the whole this super slow?


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by administrator (administrator) on DOCSTAR (17-09-2015 20:51:04)
Running from C:\Users\administrator.HWBINS\Desktop
Loaded Profiles: administrator (Available Profiles: Administrator & Chuck & administrator)
Platform: Windows Server ® 2008 Standard Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(APC) C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe
(APC) C:\Program Files (x86)\APC\PowerChute Business Edition\server\pbeserver.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
() C:\DOCSTAR\ImagingServiceHost.exe
() C:\DOCSTAR\DSHostService.exe
(EMC Corporation) C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe
(DocSTAR) C:\DOCSTAR\DSHost.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(EMC Corporation) C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebToolkitHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Insight Software Solutions) C:\Program Files (x86)\Macro Express3\MacExp.exe
(PFU LIMITED) C:\Windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Kodak Alaris Inc.) C:\Program Files (x86)\Kodak\Document Imaging\kds_i2900\Smart Touch\KSSCFG.exe
(Kodak Alaris Inc.) C:\Program Files (x86)\Kodak\Document Imaging\kds_i2900\Smart Touch\KSSE.exe
(Kodak Alaris Inc.) C:\Program Files (x86)\Kodak\Document Imaging\kds_i2900\Smart Touch\KSSOutput.exe
() C:\Program Files (x86)\IDriveWindows\cmd_util\idwutil_600.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2mainh.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2host.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2audioh.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2printh.exe
() C:\Program Files (x86)\IDriveWindows\cmd_util\idwutil_600.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2008-12-04] (Intel Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [OfficeScanNT Monitor] =>  -HideWindow
HKLM-x32\...\Run: [FtLnSOP_setup] => C:\Windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe [212992 2007-03-07] (PFU LIMITED)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [67104 2014-12-08] (Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1964064 2014-12-08] (Prosoftnet)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Smart Touch i2900] => C:\Program Files (x86)\Kodak\Document Imaging\kds_i2900\Smart Touch\KSSCFG.exe [715264 2014-06-16] (Kodak Alaris Inc.)
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
Lsa: [Notification Packages] scecli RASSFM
ShellIconOverlayIdentifiers: [0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2014-12-08] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2014-12-08] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2014-12-08] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
Startup: C:\Users\administrator.HWBINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Macro Express 3.lnk [2009-10-19]
ShortcutTarget: Macro Express 3.lnk -> C:\Program Files (x86)\Macro Express3\MacExp.exe (Insight Software Solutions)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2012-12-27]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{23AE342C-E3B8-4057-B0C2-4DA165125AC4}: [NameServer] 192.168.1.50

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2860578506-4265885347-367632480-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hwbins.com/HWB_Website/HOME.html
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
DPF: HKLM-x32 {03A89EFD-E023-A200-A22D-45F77558EB4C} hxxps://content10.ilinc.com/download/AXCltInstall.dll
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T29L10NSP7EP2-4/support/ieatgpc1.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll [2010-05-05] (Belarc, Inc.)

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-09-17] (SUPERAntiSpyware.com)
S2 AdaptecStorageManagerAgent; C:\Program Files\Adaptec\Adaptec Storage Manager\StorServ.exe [119296 2007-09-21] (Adaptec Incorporated) [File not signed]
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 APCPBEAgent; C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe [35960 2012-12-05] (APC)
R2 APCPBEServer; C:\Program Files (x86)\APC\PowerChute Business Edition\server\pbeserver.exe [56520 2012-12-05] (APC)
R2 docSTAR Imaging; C:\DOCSTAR\ImagingServiceHost.exe [7680 2012-02-27] () [File not signed]
S2 DSClientService; C:\DOCSTAR\DSClientService.exe [14336 2010-10-15] () [File not signed]
R2 DSHostService; C:\DOCSTAR\DSHostService.exe [11264 2009-11-09] () [File not signed]
R2 Emc.Captiva.WebCaptureService; C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe [46400 2013-03-25] (EMC Corporation)
S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [26112 2008-01-19] (Microsoft Corporation)
S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [51168 2009-09-23] (NOS Microsystems Ltd.)
R2 hasplms; C:\Windows\system32\hasplms.exe [4609928 2013-08-09] (SafeNet Inc.)
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [97824 2014-12-08] (Prosoftnet)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2008-01-19] (Microsoft Corporation)
R2 MSSQLSERVER; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-04-11] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2008-01-19] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [427008 2010-04-21] (Microsoft Corporation)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-19] (Microsoft Corporation)
S3 WMSvc; C:\Windows\system32\inetsrv\wmsvc.exe [12288 2008-01-19] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-03-15] (SafeNet Inc.)
R3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2013-03-15] (SafeNet Inc.)
R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-09] (SafeNet Inc.)
R3 G200e; C:\Windows\System32\DRIVERS\G200em.sys [237576 2009-02-09] (Matrox Graphics Inc.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331328 2013-08-09] (SafeNet Inc.)
S4 ioatdma; C:\Windows\system32\drivers\qd260x64.sys [35328 2008-01-19] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2008-01-18] (Microsoft Corporation)
R2 monblanking; C:\Windows\System32\DRIVERS\monblanking.sys [37112 2015-03-20] (Citrix Systems)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [167424 2008-01-19] (Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [103992 2008-01-19] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 scsiscan; C:\Windows\System32\DRIVERS\scsiscan.sys [17920 2008-01-19] (Microsoft Corporation)
S4 BTHMODEM; \SystemRoot\system32\drivers\bthmodem.sys [X]
S4 s3cap; \SystemRoot\system32\drivers\s3cap.sys [X]
S4 storflt; system32\drivers\storflt.sys [X]
U3 tmpfw; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-17 20:51 - 2015-09-17 20:54 - 00016571 _____ C:\Users\administrator.HWBINS\Desktop\FRST.txt
2015-09-17 20:49 - 2015-09-17 20:51 - 00000000 ____D C:\FRST
2015-09-17 20:47 - 2015-09-17 20:47 - 02191360 _____ (Farbar) C:\Users\administrator.HWBINS\Desktop\FRST64.exe
2015-09-17 19:24 - 2015-09-17 20:54 - 00000000 ____D C:\Users\administrator.HWBINS\AppData\Local\Temp\1
2015-09-17 18:49 - 2015-09-17 18:49 - 00016384 _____ C:\Users\administrator.HWBINS\AppData\Local\Temp\~DF53E3.tmp
2015-09-17 18:14 - 2015-09-17 18:16 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-17 18:06 - 2015-09-17 18:06 - 00000969 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-17 18:06 - 2015-09-17 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-17 18:04 - 2015-09-17 18:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-17 18:04 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-17 18:04 - 2015-06-18 08:41 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-17 18:01 - 2015-09-17 18:01 - 00032768 _____ C:\Users\administrator.HWBINS\AppData\Local\Temp\~DF7336.tmp
2015-09-17 18:01 - 2015-09-17 18:01 - 00016384 _____ C:\Users\administrator.HWBINS\AppData\Local\Temp\~DF18F4.tmp
2015-09-17 16:58 - 2015-09-17 18:48 - 00004856 _____ C:\Windows\PFRO.log
2015-09-17 16:10 - 2015-09-17 18:46 - 00002744 _____ C:\ClientStat09-17-2015.Log
2015-09-17 14:19 - 2015-09-17 14:21 - 00000000 ____D C:\LOG
2015-09-17 14:17 - 2015-09-17 14:18 - 00000000 ____D C:\OCR
2015-09-17 13:59 - 2015-09-17 14:53 - 1393462539 _____ C:\Users\administrator.HWBINS\Downloads\v3.14.4.FULL.exe
2015-09-17 12:33 - 2015-09-17 12:33 - 00001603 _____ C:\Users\administrator.HWBINS\Desktop\services.lnk
2015-09-17 12:27 - 2015-07-18 06:14 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00015200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00015200 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-17 12:27 - 2015-07-18 06:14 - 00011104 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-10 01:06 - 2015-08-13 07:36 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-09-10 01:06 - 2015-08-13 07:36 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-09-10 01:06 - 2015-08-05 08:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-10 01:02 - 2015-07-10 07:31 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-10 01:02 - 2015-07-10 07:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-10 01:01 - 2015-09-02 14:26 - 01875968 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-10 01:01 - 2015-09-02 14:26 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-10 01:01 - 2015-09-02 14:26 - 01402368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-10 01:01 - 2015-09-02 14:26 - 01253376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-10 01:01 - 2015-08-10 09:04 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2015-09-10 01:01 - 2015-08-10 08:41 - 00660480 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2015-09-10 01:01 - 2014-01-30 03:11 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2015-09-10 01:00 - 2015-09-02 14:26 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-10 01:00 - 2015-09-02 14:25 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-10 01:00 - 2015-09-02 13:17 - 02797056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-10 01:00 - 2015-09-02 13:16 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-10 01:00 - 2015-09-02 12:54 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-09 04:36 - 2015-08-17 10:56 - 17890304 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 04:36 - 2015-08-17 10:53 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 04:36 - 2015-08-17 10:49 - 10936832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 04:36 - 2015-08-17 10:48 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 04:36 - 2015-08-17 10:47 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 04:36 - 2015-08-17 10:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 04:36 - 2015-08-17 10:47 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 04:36 - 2015-08-17 10:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 04:36 - 2015-08-17 10:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 04:36 - 2015-08-17 10:46 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 04:36 - 2015-08-17 10:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 04:36 - 2015-08-17 10:46 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 04:36 - 2015-08-17 10:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 04:36 - 2015-08-17 10:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 04:36 - 2015-08-17 10:46 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 04:36 - 2015-08-17 10:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-09-09 04:36 - 2015-08-17 10:46 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 04:36 - 2015-08-17 10:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 04:36 - 2015-08-17 10:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 04:36 - 2015-08-17 10:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-09-09 04:36 - 2015-08-17 10:46 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-09-09 04:36 - 2015-08-17 10:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-09-09 04:36 - 2015-08-17 10:18 - 01814016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 04:36 - 2015-08-17 10:17 - 12388352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 04:36 - 2015-08-17 10:14 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-09 04:36 - 2015-08-17 10:13 - 09751040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 04:36 - 2015-08-17 10:12 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 04:36 - 2015-08-17 10:12 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 04:36 - 2015-08-17 10:11 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 04:36 - 2015-08-17 10:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 04:36 - 2015-08-17 10:10 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 04:36 - 2015-08-17 10:10 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 04:36 - 2015-08-17 10:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 04:36 - 2015-08-17 10:10 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-09 04:36 - 2015-08-17 10:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-09-09 04:36 - 2015-08-17 10:10 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-09 04:36 - 2015-08-17 10:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-09 04:36 - 2015-08-17 10:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-09 04:36 - 2015-08-17 10:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-09 04:36 - 2015-08-17 10:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-09 04:36 - 2015-08-17 10:10 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-09-09 04:36 - 2015-08-17 10:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-09-09 04:36 - 2015-08-17 10:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-09-09 04:36 - 2015-08-17 10:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-17 20:56 - 2012-08-15 10:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-17 20:54 - 2009-10-14 14:41 - 00000120 _____ C:\Windows\system32\config\netlogon.ftl
2015-09-17 20:48 - 2008-01-19 07:08 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-17 20:48 - 2008-01-19 07:08 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-17 20:06 - 2014-12-10 16:16 - 00000000 ____D C:\ProgramData\IDrive
2015-09-17 19:29 - 2010-07-21 14:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-09-17 19:00 - 2008-01-19 07:12 - 01452312 _____ C:\Windows\WindowsUpdate.log
2015-09-17 18:49 - 2009-10-15 13:05 - 00000000 ____D C:\Users\administrator.HWBINS\AppData\Roaming\.oit
2015-09-17 18:48 - 2008-01-19 07:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-17 18:46 - 2008-01-19 07:23 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-17 18:06 - 2010-07-21 15:00 - 00000000 ____D C:\Users\administrator.HWBINS\AppData\Roaming\Malwarebytes
2015-09-17 18:04 - 2010-07-21 15:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-17 18:01 - 2009-10-14 09:35 - 00000000 ____D C:\DOCSTAR
2015-09-17 17:59 - 2012-10-05 17:18 - 00000539 _____ C:\Users\Public\Desktop\Disk Duplicator.lnk
2015-09-17 17:59 - 2012-01-09 18:26 - 00000539 _____ C:\Users\Public\Desktop\docSTAR 3.12.lnk
2015-09-17 17:59 - 2012-01-09 18:26 - 00000532 _____ C:\Users\Public\Desktop\Administration.lnk
2015-09-17 17:59 - 2009-10-14 09:37 - 00000465 _____ C:\Windows\ODBC.INI
2015-09-17 17:59 - 2009-10-14 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\docSTAR
2015-09-17 14:14 - 2009-10-13 21:05 - 00000000 ____D C:\Admin
2015-09-17 13:03 - 2014-08-01 14:18 - 00001684 _____ C:\Users\Public\Desktop\Defraggler.lnk
2015-09-17 13:03 - 2010-04-14 10:23 - 00000000 ____D C:\Program Files\Defraggler
2015-09-17 12:25 - 2011-04-22 08:10 - 00003710 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B57E739C-B080-44F5-A7DA-AAC77AC7BD48}
2015-09-17 11:39 - 2009-10-23 10:57 - 00014081 _____ C:\Windows\DSSCAN.INI
2015-09-10 01:42 - 2008-01-19 03:11 - 00000000 ____D C:\Windows\rescache
2015-09-10 01:26 - 2008-01-19 07:07 - 00363296 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-10 01:23 - 2008-01-19 03:11 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-10 01:06 - 2013-08-01 01:00 - 00000000 ____D C:\Windows\system32\MRT
2015-08-26 18:37 - 2008-01-19 02:33 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======

2009-10-16 11:37 - 2015-04-27 16:53 - 0000680 _____ () C:\Users\administrator.HWBINS\AppData\Local\d3d9caps.dat
2009-10-14 15:01 - 2015-09-17 19:24 - 0000732 _____ () C:\Users\administrator.HWBINS\AppData\Local\d3d9caps64.dat
2013-11-01 14:39 - 2013-11-01 14:40 - 0435360 _____ () C:\Users\administrator.HWBINS\AppData\Local\dd_vcredistMSI4037.txt
2013-11-01 14:39 - 2013-11-01 14:40 - 0011474 _____ () C:\Users\administrator.HWBINS\AppData\Local\dd_vcredistUI4037.txt
2010-02-02 17:17 - 2010-02-02 17:17 - 0000108 _____ () C:\Users\administrator.HWBINS\AppData\Local\fusioncache.dat
2011-04-22 08:24 - 2011-04-22 08:46 - 0000036 _____ () C:\Users\administrator.HWBINS\AppData\Local\housecall.guid.cache

Files to move or delete:
====================
C:\Users\administrator.HWBINS\en_res.dll
C:\Users\administrator.HWBINS\es_res.dll
C:\Users\administrator.HWBINS\fr_res.dll
C:\Users\administrator.HWBINS\grm_res.dll
C:\Users\administrator.HWBINS\it_res.dll
C:\Users\administrator.HWBINS\jp_res.dll
C:\Users\administrator.HWBINS\mfc80u.dll
C:\Users\administrator.HWBINS\msvcr80.dll
C:\Users\administrator.HWBINS\PCPE Setup.exe
C:\Users\administrator.HWBINS\pt_res.dll
C:\Users\administrator.HWBINS\ResourceReader.dll
C:\Users\administrator.HWBINS\ru_res.dll
C:\Users\administrator.HWBINS\zh_res.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-17 19:11

==================== End of FRST.txt ============================


  • 0

#4
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by administrator (2015-09-17 21:21:57)
Running from C:\Users\administrator.HWBINS\Desktop
Windows Server ® 2008 Standard Service Pack 2 (X64) (2009-10-08 22:53:44)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2202952599-3493141167-913060798-500 - Administrator - Enabled) => C:\Users\Administrator
ASPNET (S-1-5-21-2202952599-3493141167-913060798-1004 - Limited - Enabled)
brent (S-1-5-21-2202952599-3493141167-913060798-1005 - Administrator - Enabled)
Guest (S-1-5-21-2202952599-3493141167-913060798-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.7.186 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 1.7.186 - Adobe Systems Incorporated) Hidden
Adaptec Storage Manager (HKLM\...\{2A9F53CA-E999-432A-9720-597C12AE0D73}) (Version: 5.20.00.17414 - Adaptec, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8900 - Adobe Systems Inc.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Belarc Advisor 8.1 (HKLM-x32\...\Belarc Advisor) (Version:  - )
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151  (Jun-27-2014) - Carbonite)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ConneXion (HKLM-x32\...\{C39B4DF9-4FB0-4127-ACFC-2BB8A673F178}) (Version:  - )
ConneXion Web Service (HKLM-x32\...\{357C6C9A-0F30-42C0-90B1-DCDEAD245658}) (Version: 14.0 - Applied Systems, Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
docSTAR 3.12 (HKLM-x32\...\docSTAR 3.12) (Version:  - Astria Solutions Group, LLC)
DocSTAR Integrator 1.0 (HKLM-x32\...\DocSTAR Integrator 1.0) (Version:  - )
docSTAR TAM Integration (HKLM-x32\...\docSTAR TAM Integration) (Version:  - )
DocSTAR Virtual Cover Sheet (HKLM-x32\...\DocSTAR Virtual Cover Sheet) (Version:  - )
FileZilla Client 3.3.2.1 (HKLM-x32\...\FileZilla Client) (Version: 3.3.2.1 - )
GoToMeeting 4.5.0.457 (HKU\S-1-5-21-2860578506-4265885347-367632480-500\...\GoToMeeting) (Version:  - )
GoToMyPC (HKLM\...\{ED8FAC5C-24F9-4F6B-9F9A-010360BDA1D2}) (Version: 8.3.1611 - Citrix Systems, Inc.)
HASP SRM Run-time (HKLM-x32\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 4.0.1.12070 - ® Aladdin Knowledge Systems Ltd. 1985-2009. All rights reserved.)
IDrive Version - 6.0 (HKLM-x32\...\IDrive_is1) (Version: 6.0 - Pro Softnet Corp)
iLinc Client (HKLM-x32\...\uninstall.exe) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Inter-Tel Collaboration Client 2.0 (HKLM-x32\...\{04f6ffea-6702-11dc-8314-0800200c9a66}) (Version: 4.2.2.0 - Inter-Tel (Delaware), Inc.)
ISIS Driver - KODAK i2900 (HKLM-x32\...\{6FA986D3-7D3D-47ad-B467-91C506C10286}) (Version: 1.0.2631 - EMC Corporation)
ISIS Driver - KODAK i2900 (HKLM-x32\...\{F297DF0C-8489-44a1-A2FD-07FE50BF3B54}) (Version: 1.0.3351 - EMC Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KODAK i2900 - Smart Touch (HKLM-x32\...\{F490B4AC-0B7B-4789-8913-D79E27230CC1}) (Version: 1.7.114.566 - Kodak Alaris Inc.)
KODAK i2900 Scanner (HKLM-x32\...\KODAK i2900 Scanner) (Version: 2.0 - Kodak Alaris Inc.)
KYOCERA Net Viewer (HKLM\...\KYOCERA Net Viewer) (Version: 5.3.7106.5 - KYOCERA Document Solutions Inc.)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.)
Macro Express 3 (HKLM-x32\...\Macro Express 3) (Version: 3.0 - Insight Software Solutions, Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Matrox Graphics Software (remove only) (HKLM\...\Matrox Graphics Uninstaller) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Easy Assist v2 (HKLM-x32\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office XP Standard (HKLM-x32\...\{91120409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Management Studio Express (HKLM\...\{B6C87B73-79A5-401A-A12A-4DD96EC40442}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PowerChute Business Edition Agent (HKLM-x32\...\{BCE9F441-9027-4911-82E0-5FB28057897D}) (Version: 9.0.2.614 - American Power Conversion)
PowerChute Business Edition Console (HKLM-x32\...\{0F86FD09-BA63-4E45-A70B-604C1106C2F2}) (Version: 9.1.0.614 - American Power Conversion)
PowerChute Business Edition Server (HKLM-x32\...\{A6491A4A-AAA0-4892-BFEF-ECD6CECE2FF3}) (Version: 9.1.0.614 - American Power Conversion)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
ScandAll 21 (HKLM-x32\...\{AEFF1CC5-2774-4EAE-A19F-8A86F2E9EFDB}) (Version:  - )
Software Operation Panel (HKLM-x32\...\Software Operation Panel) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1108 - SUPERAntiSpyware.com)
TreeSize Free V2.4 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.4 - JAM Software)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2860578506-4265885347-367632480-500_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\457\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-01-19 02:33 - 2006-09-18 14:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {155DEC80-72B6-4DD1-AB24-25DA08001A0A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2009-04-11] (Microsoft Corporation)
Task: {1769EFEC-C6C3-4242-AB66-38C7620E0766} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2008-01-19] (Microsoft Corporation)
Task: {1A3750D3-E02C-47E6-82FB-A5EFD40B53C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {1FC02746-ED11-460E-84BC-06FAC9F5432A} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {6A63EFD9-03B4-487E-AA66-297B63B9A384} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {EACD0CC1-1180-438F-962A-65BD83DD9020} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => C:\Windows\system32\ceiprole.exe [2009-04-11] (Microsoft Corporation)
Task: {F7C26B43-C643-4F06-8ABE-7AA08E08082F} - System32\Tasks\Carbonite Upgrade Check => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2010-01-13 06:44 - 2012-02-27 11:00 - 00007680 _____ () C:\DOCSTAR\ImagingServiceHost.exe
2010-01-13 06:44 - 2009-11-09 18:23 - 00011264 _____ () C:\DOCSTAR\DSHostService.exe
2014-12-10 16:16 - 2014-12-08 20:54 - 00013312 _____ () C:\Program Files (x86)\IDriveWindows\SqliteWrapper.dll
2014-12-10 16:16 - 2014-12-08 14:12 - 00834048 _____ () C:\Program Files (x86)\IDriveWindows\sqlite3.dll
2014-12-10 16:16 - 2014-12-08 14:12 - 00582656 _____ () C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll
2010-01-02 07:42 - 2010-01-02 07:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-12-10 16:16 - 2014-12-08 14:12 - 00225280 _____ () C:\Program Files (x86)\IDriveWindows\Sync.dll
2014-12-10 16:16 - 2014-12-08 14:12 - 02423160 _____ () C:\Program Files (x86)\IDriveWindows\cmd_util\idwutil_600.exe
2012-12-27 12:04 - 2012-12-05 09:32 - 00024576 _____ () C:\Program Files (x86)\APC\PowerChute Business Edition\agent\lib\win32\apcusb.dll
2010-01-13 06:44 - 2012-02-27 11:00 - 00012800 _____ () C:\DOCSTAR\ImagingWcfHost.dll
2010-01-13 06:44 - 2012-02-27 11:00 - 00022016 _____ () C:\DOCSTAR\Astria.Framework.Lib.Imaging.dll
2010-01-13 06:44 - 2011-12-05 12:56 - 00013312 _____ () C:\DOCSTAR\Astria.Framework.Base.CacheManager.dll
2013-03-25 13:42 - 2013-03-25 13:42 - 00021824 _____ () C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\SSLSupport.dll
2009-10-22 20:37 - 2009-04-10 23:28 - 00368640 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-06-16 11:02 - 2014-06-16 11:02 - 00042496 _____ () C:\Program Files (x86)\Kodak\Document Imaging\kds_i2900\Smart Touch\CloudUploaderManagerDLL.dll
2014-12-10 16:16 - 2014-12-08 14:12 - 00022528 _____ () C:\Program Files (x86)\IDriveWindows\cmd_util\cygpopt-0.dll
2014-12-10 16:16 - 2014-12-08 14:12 - 00046094 _____ () C:\Program Files (x86)\IDriveWindows\cmd_util\cyggcc_s-1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2860578506-4265885347-367632480-500\...\comserv01 -> hxxp://comserv01

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2860578506-4265885347-367632480-500\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.50
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [{86151484-A40C-4310-A100-62327D83792B}] => (Allow) LPort=1947
FirewallRules: [{54024BE7-BD74-4F9E-964B-06BD8B1BB737}] => (Allow) LPort=1947
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{4528217A-820A-4087-8A83-E7226FAF30FC}] => (Allow) LPort=80
FirewallRules: [{0EE75ADE-D8DE-40F8-B90E-52A26252EFB2}] => (Allow) LPort=80
FirewallRules: [{C33B3A7C-85CE-4EA3-963D-2E4391BB2399}] => (Allow) LPort=80
FirewallRules: [{68E14501-3A06-4426-B4FC-9374B2350E37}] => (Allow) LPort=60450
FirewallRules: [{CD77F80B-9C71-49CD-A25D-BF9B67B317BC}] => (Allow) C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe
FirewallRules: [{CADA0459-B517-433E-9346-40808ACB1E95}] => (Allow) C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe
FirewallRules: [{EF907B9B-AD41-4461-B5C1-7DBBF701A380}] => (Allow) C:\Program Files (x86)\APC\PowerChute Business Edition\server\pbeserver.exe
FirewallRules: [{C140ADBD-467E-4255-A4D0-8D2E8837BABB}] => (Allow) C:\Program Files (x86)\APC\PowerChute Business Edition\server\pbeserver.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2015 06:49:48 PM) (Source: DSClientService) (EventID: 0) (User: )
Description: Service terminated due to primary application failure (exit code 0) within 40 seconds of last start

Error: (09/17/2015 06:49:43 PM) (Source: DocSTAR) (EventID: 1) (User: HWBINS)
Description: frmClSvcMain:SetupAutoImports Object required (424)

Error: (09/17/2015 06:49:42 PM) (Source: DocSTAR) (EventID: 1) (User: HWBINS)
Description: moApplication is not initialized--shutting down

Error: (09/17/2015 05:00:29 PM) (Source: DSClientService) (EventID: 0) (User: )
Description: Service terminated due to primary application failure (exit code 0) within 50 seconds of last start

Error: (09/17/2015 05:00:24 PM) (Source: DocSTAR) (EventID: 1) (User: HWBINS)
Description: frmClSvcMain:SetupAutoImports Object required (424)

Error: (09/17/2015 05:00:24 PM) (Source: DocSTAR) (EventID: 1) (User: HWBINS)
Description: moApplication is not initialized--shutting down

Error: (09/17/2015 04:59:56 PM) (Source: MSSQLSERVER) (EventID: 17187) (User: )
Description: SQL Server is not ready to accept new client connections. Wait a few minutes before trying again. If you have access to the error log, look for the informational message that indicates that SQL Server is ready before trying to connect again.  [CLIENT: 192.168.1.108]

Error: (09/17/2015 04:59:56 PM) (Source: MSSQLSERVER) (EventID: 17187) (User: )
Description: SQL Server is not ready to accept new client connections. Wait a few minutes before trying again. If you have access to the error log, look for the informational message that indicates that SQL Server is ready before trying to connect again.  [CLIENT: 192.168.1.107]

Error: (09/17/2015 03:43:00 PM) (Source: DocSTAR) (EventID: 1) (User: HWBINS)
Description: See Folder: !Deferred Archiving Exceptions

Error: (09/17/2015 03:26:30 PM) (Source: DocSTAR) (EventID: 1) (User: HWBINS)
Description: See Folder: !Deferred Archiving Exceptions

System errors:
=============
Error: (09/17/2015 06:56:18 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (09/17/2015 06:48:27 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Error: (09/17/2015 06:48:20 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Error: (09/17/2015 05:06:28 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (09/17/2015 05:01:28 PM) (Source: WinDefend) (EventID: 2004) (User: )
Description: %%%82527 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

 Signatures Attempted: %%%82524

 Error Code: 0x80508001

 Error description: A problem is preventing the program from starting. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

 Signatures loading: %%825

 Loading signature version: 1.205.2201.0

 Loading engine version: %%%825270

Error: (09/17/2015 04:58:47 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Error: (09/17/2015 04:58:39 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

CodeIntegrity:
===================================
  Date: 2015-09-17 21:18:02.495
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-17 21:18:02.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-17 21:18:01.998
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-17 21:18:01.751
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-17 21:17:51.040
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-17 21:17:50.799
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-17 21:17:50.549
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-17 21:17:50.307
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-17 20:52:48.482
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-17 20:52:48.239
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Xeon® CPU X3220 @ 2.40GHz
Percentage of memory in use: 43%
Total physical RAM: 8187.07 MB
Available physical RAM: 4641.88 MB
Total Virtual: 20072.12 MB
Available Virtual: 17404.33 MB

==================== Drives ================================

Drive c: (SYS3-0005936) (Fixed) (Total:134.86 GB) (Free:39.4 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RAID1) (Fixed) (Total:119.67 GB) (Free:69.94 GB) NTFS
Drive f: () (Network) (Total:384.4 GB) (Free:194.46 GB)
Drive g: (VOLUME_0018) (Removable) (Total:3.73 GB) (Free:0.96 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 2165190E)
Partition 1: (Active) - (Size=134.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hello,

Thanks for posting. I'll be with you a bit later today.

Thanks
Joe :)
  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hello.

Sorry for some delay.

Out of date Adobe Reader installed!
Your Adobe reader needs updating. You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.
Note Important: Please uncheck any optional offers before downloading.

Next
A few items to fix using FRST

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
GroupPolicyScripts: Restriction <======= ATTENTION
C:\Users\administrator.HWBINS\en_res.dll
C:\Users\administrator.HWBINS\es_res.dll
C:\Users\administrator.HWBINS\fr_res.dll
C:\Users\administrator.HWBINS\grm_res.dll
C:\Users\administrator.HWBINS\it_res.dll
C:\Users\administrator.HWBINS\jp_res.dll
C:\Users\administrator.HWBINS\mfc80u.dll
C:\Users\administrator.HWBINS\msvcr80.dll
C:\Users\administrator.HWBINS\PCPE Setup.exe
C:\Users\administrator.HWBINS\pt_res.dll
C:\Users\administrator.HWBINS\ResourceReader.dll
C:\Users\administrator.HWBINS\ru_res.dll
C:\Users\administrator.HWBINS\zh_res.dll
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Next

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at "C"

    Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;
  • Fixlog.txt
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log

  • 0

#7
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by administrator (2015-09-21 07:32:54) Run:1
Running from C:\Users\administrator.HWBINS\Desktop
Loaded Profiles: administrator (Available Profiles: Administrator & Chuck & administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
GroupPolicyScripts: Restriction <======= ATTENTION
C:\Users\administrator.HWBINS\en_res.dll
C:\Users\administrator.HWBINS\es_res.dll
C:\Users\administrator.HWBINS\fr_res.dll
C:\Users\administrator.HWBINS\grm_res.dll
C:\Users\administrator.HWBINS\it_res.dll
C:\Users\administrator.HWBINS\jp_res.dll
C:\Users\administrator.HWBINS\mfc80u.dll
C:\Users\administrator.HWBINS\msvcr80.dll
C:\Users\administrator.HWBINS\PCPE Setup.exe
C:\Users\administrator.HWBINS\pt_res.dll
C:\Users\administrator.HWBINS\ResourceReader.dll
C:\Users\administrator.HWBINS\ru_res.dll
C:\Users\administrator.HWBINS\zh_res.dll
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Users\administrator.HWBINS\en_res.dll => moved successfully
C:\Users\administrator.HWBINS\es_res.dll => moved successfully
C:\Users\administrator.HWBINS\fr_res.dll => moved successfully
C:\Users\administrator.HWBINS\grm_res.dll => moved successfully
C:\Users\administrator.HWBINS\it_res.dll => moved successfully
C:\Users\administrator.HWBINS\jp_res.dll => moved successfully
C:\Users\administrator.HWBINS\mfc80u.dll => moved successfully
C:\Users\administrator.HWBINS\msvcr80.dll => moved successfully
C:\Users\administrator.HWBINS\PCPE Setup.exe => moved successfully
C:\Users\administrator.HWBINS\pt_res.dll => moved successfully
C:\Users\administrator.HWBINS\ResourceReader.dll => moved successfully
C:\Users\administrator.HWBINS\ru_res.dll => moved successfully
C:\Users\administrator.HWBINS\zh_res.dll => moved successfully

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========

=========  netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2860578506-4265885347-367632480-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2860578506-4265885347-367632480-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 12.4 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 07:33:01 ====


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Post the adwCleaner log
Post the JRT Log
  • 0

#9
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts

It failed on creating a restore point, and is still running 15 min later, should I wait?


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
No don't wait for it, do the next thing.
  • 0

Advertisements


#11
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts

Now it rebooted, getting scarier, for me...


  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Was it running adwCleaner when it rebooted ?
  • 0

#13
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.2 (09.14.2015:1)
OS: Windows Server ® 2008 Standard x64
Ran by administrator on Mon 09/21/2015 at  8:34:37.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/21/2015 at  8:47:28.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#14
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts

Ok that is the last one requested.


  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
How old is that machine ? What do you use it for ?
  • 0






Similar Topics


Also tagged with one or more of these keywords: Slow

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP