Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ransomware RSA-4096 on my computer [Solved]

Started by Savageone , Jan 16 2016 11:47 AM

  • This topic is locked This topic is locked

#1
Savageone
Posted 16 January 2016 - 11:47 AM

Savageone

    Member

  • Member
  • PipPip
  • 19 posts

Thanks for this forum. My computer has become invaded as of yesterday by this ransomware, which I understand is RSA-4096. So, now I have encrypted documents! The logfiles of the scans are as follows:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Lennox (administrator) on LENNOX-PC (16-01-2016 11:30:19)
Running from C:\Users\Lennox\Desktop
Loaded Profiles: Lennox (Available Profiles: Lennox)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BitTorrent Inc.) C:\Users\Lennox\AppData\Roaming\uTorrent\uTorrent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Users\Lennox\AppData\Roaming\lxowkhe45.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(JME) C:\Program Files (x86)\jmesoft\hotkey.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Soft STA,) C:\Users\Lennox\AppData\Local\Obdics\TMP94A5.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(BitTorrent Inc.) C:\Users\Lennox\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\Lennox\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(Hewlett Packard) C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [Utility Chest Home Page Guard 64 bit] => "C:\PROGRA~2\UTILIT~2\bar\1.bin\AppIntegrator64.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [jmekey] => C:\Program Files (x86)\jmesoft\hotkey.exe [114688 2009-07-16] (JME)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [Utility Chest Search Scope Monitor] => "C:\PROGRA~2\UTILIT~2\bar\1.bin\49srchmn.exe" /m=2 /w /h
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe [2086568 2014-03-06] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe [254024 2014-02-13] ()
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330040 2014-02-12] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-606387608-774257337-4196163694-1001\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-606387608-774257337-4196163694-1001\...\Run: [uTorrent] => C:\Users\Lennox\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-05] (BitTorrent Inc.)
HKU\S-1-5-21-606387608-774257337-4196163694-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-606387608-774257337-4196163694-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-606387608-774257337-4196163694-1001\...\Run: [deveWNet] => C:\Users\Lennox\AppData\Roaming\d3d8olcy\bitstcfg.exe
HKU\S-1-5-21-606387608-774257337-4196163694-1001\...\Run: [Deviient] => C:\Users\Lennox\AppData\Roaming\d3d8ssdo\bitshtui.exe [523266 2016-01-13] ()
HKU\S-1-5-21-606387608-774257337-4196163694-1001\...\Run: [MSConfig] => C:\Users\Lennox\otsvmaef.exe [40341504 2016-01-15] (MadPack  , Pro. )
HKU\S-1-5-21-606387608-774257337-4196163694-1001\...\Run: [meryHmas] => C:\Users\Lennox\AppData\Roaming\lxowkhe45.exe [365056 2016-01-15] ()
HKU\S-1-5-21-606387608-774257337-4196163694-1001\...\Run: [Obdics] => C:\Users\Lennox\AppData\Local\Obdics\TMP94A5.exe [94208 2016-01-15] (Soft STA,)
HKU\S-1-5-21-606387608-774257337-4196163694-1001\...\Run: [Emtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Lennox\AppData\Local\Obdics\qgpwijmj.dll
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-10] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)
Startup: C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+klh.html [2016-01-16] ()
Startup: C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+klh.txt [2016-01-16] ()
Startup: C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+qjr.html [2016-01-16] ()
Startup: C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+qjr.txt [2016-01-16] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 64.140.114.21 64.140.114.22 64.140.114.23
Tcpip\..\Interfaces\{2794DA8D-ABBA-4A53-B171-F3F66F62FA30}: [DhcpNameServer] 207.164.234.193 207.164.234.129
Tcpip\..\Interfaces\{4A3B9833-BDE4-43DE-BBFF-F1D475462A3A}: [DhcpNameServer] 64.140.114.21 64.140.114.22 64.140.114.23
Tcpip\..\Interfaces\{F433DC1D-DC57-4B9C-8A59-42B1DF098EEA}: [DhcpNameServer] 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94

Internet Explorer:
==================
HKU\S-1-5-21-606387608-774257337-4196163694-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ebay.com/
SearchScopes: HKU\S-1-5-21-606387608-774257337-4196163694-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-606387608-774257337-4196163694-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-606387608-774257337-4196163694-1001 -> {FC4956B7-584C-4CC3-8C42-FE5AA6F29C97} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-16] (VideoLAN)
FF Plugin HKU\S-1-5-21-606387608-774257337-4196163694-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] => not found

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708104 2015-04-10] (Garmin Ltd. or its subsidiaries)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2013-08-22] (HP) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [79360 2011-06-01] (ASIX Electronics Corp.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S0 PxHlpa64; C:\Windows\SysWOW64\Drivers\PxHlpa64.sys [26720 2004-09-23] (Sonic Solutions) [File not signed]
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-16 11:30 - 2016-01-16 11:33 - 00015913 _____ C:\Users\Lennox\Desktop\FRST.txt
2016-01-16 11:28 - 2016-01-16 11:28 - 00006732 _____ C:\Users\Lennox\AppData\Local\help_recover_instructions+omq.html
2016-01-16 11:28 - 2016-01-16 11:28 - 00006732 _____ C:\Users\Lennox\AppData\Local\Apps\help_recover_instructions+omq.html
2016-01-16 11:28 - 2016-01-16 11:28 - 00002323 _____ C:\Users\Lennox\AppData\Local\help_recover_instructions+omq.txt
2016-01-16 11:28 - 2016-01-16 11:28 - 00002323 _____ C:\Users\Lennox\AppData\Local\Apps\help_recover_instructions+omq.txt
2016-01-16 11:25 - 2016-01-16 11:28 - 00006732 _____ C:\ProgramData\help_recover_instructions+omq.html
2016-01-16 11:25 - 2016-01-16 11:28 - 00002323 _____ C:\ProgramData\help_recover_instructions+omq.txt
2016-01-16 11:25 - 2016-01-16 11:25 - 00006732 _____ C:\Users\Public\Documents\help_recover_instructions+omq.html
2016-01-16 11:25 - 2016-01-16 11:25 - 00002323 _____ C:\Users\Public\Documents\help_recover_instructions+omq.txt
2016-01-16 11:25 - 2016-01-16 11:25 - 00000254 _____ C:\Users\Lennox\Documents\recover_file_bngxdymdd.txt
2016-01-16 11:20 - 2016-01-16 11:20 - 00006732 _____ C:\Users\Lennox\Downloads\help_recover_instructions+klh.html
2016-01-16 11:20 - 2016-01-16 11:20 - 00002323 _____ C:\Users\Lennox\Downloads\help_recover_instructions+klh.txt
2016-01-16 10:20 - 2016-01-16 10:20 - 00006732 _____ C:\Users\Lennox\Documents\help_recover_instructions+klh.html
2016-01-16 10:20 - 2016-01-16 10:20 - 00006732 _____ C:\Users\Lennox\AppData\Roaming\help_recover_instructions+klh.html
2016-01-16 10:20 - 2016-01-16 10:20 - 00006732 _____ C:\Users\Lennox\AppData\help_recover_instructions+klh.html
2016-01-16 10:20 - 2016-01-16 10:20 - 00002323 _____ C:\Users\Lennox\Documents\help_recover_instructions+klh.txt
2016-01-16 10:20 - 2016-01-16 10:20 - 00002323 _____ C:\Users\Lennox\AppData\Roaming\help_recover_instructions+klh.txt
2016-01-16 10:20 - 2016-01-16 10:20 - 00002323 _____ C:\Users\Lennox\AppData\help_recover_instructions+klh.txt
2016-01-16 10:19 - 2016-01-16 10:19 - 00006732 _____ C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\help_recover_instructions+klh.html
2016-01-16 10:19 - 2016-01-16 10:19 - 00006732 _____ C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\help_recover_instructions+klh.html
2016-01-16 10:19 - 2016-01-16 10:19 - 00002323 _____ C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\help_recover_instructions+klh.txt
2016-01-16 10:19 - 2016-01-16 10:19 - 00002323 _____ C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\help_recover_instructions+klh.txt
2016-01-16 10:18 - 2016-01-16 10:18 - 00006732 _____ C:\Users\Lennox\AppData\LocalLow\help_recover_instructions+klh.html
2016-01-16 10:18 - 2016-01-16 10:18 - 00002323 _____ C:\Users\Lennox\AppData\LocalLow\help_recover_instructions+klh.txt
2016-01-16 09:07 - 2016-01-16 11:30 - 00000000 ____D C:\FRST
2016-01-16 09:06 - 2016-01-16 09:06 - 02370560 _____ (Farbar) C:\Users\Lennox\Desktop\FRST64.exe
2016-01-16 09:04 - 2016-01-16 10:18 - 00006732 _____ C:\Users\Lennox\AppData\Local\help_recover_instructions+klh.html
2016-01-16 09:04 - 2016-01-16 10:18 - 00002323 _____ C:\Users\Lennox\AppData\Local\help_recover_instructions+klh.txt
2016-01-16 09:04 - 2016-01-16 09:04 - 00006732 _____ C:\Users\Lennox\AppData\Local\Apps\help_recover_instructions+klh.html
2016-01-16 09:04 - 2016-01-16 09:04 - 00002323 _____ C:\Users\Lennox\AppData\Local\Apps\help_recover_instructions+klh.txt
2016-01-16 09:00 - 2016-01-16 09:04 - 00006732 _____ C:\ProgramData\help_recover_instructions+klh.html
2016-01-16 09:00 - 2016-01-16 09:04 - 00002323 _____ C:\ProgramData\help_recover_instructions+klh.txt
2016-01-16 09:00 - 2016-01-16 09:00 - 00006732 _____ C:\Users\Public\Documents\help_recover_instructions+klh.html
2016-01-16 09:00 - 2016-01-16 09:00 - 00002323 _____ C:\Users\Public\Documents\help_recover_instructions+klh.txt
2016-01-16 08:59 - 2016-01-16 08:59 - 00000254 _____ C:\Users\Lennox\Documents\recover_file_jcktiwnxy.txt
2016-01-16 08:02 - 2016-01-16 08:02 - 00000254 _____ C:\Users\Lennox\Documents\recover_file_omqeekxcl.txt
2016-01-16 07:41 - 2016-01-16 07:41 - 00006732 _____ C:\Users\Lennox\AppData\Local\help_recover_instructions+blu.html
2016-01-16 07:41 - 2016-01-16 07:41 - 00006732 _____ C:\Users\Lennox\AppData\Local\Apps\help_recover_instructions+blu.html
2016-01-16 07:41 - 2016-01-16 07:41 - 00002323 _____ C:\Users\Lennox\AppData\Local\help_recover_instructions+blu.txt
2016-01-16 07:41 - 2016-01-16 07:41 - 00002323 _____ C:\Users\Lennox\AppData\Local\Apps\help_recover_instructions+blu.txt
2016-01-16 07:37 - 2016-01-16 11:26 - 00000000 ____D C:\Users\Lennox\AppData\LocalLow\uTorrent
2016-01-16 07:37 - 2016-01-16 07:41 - 00006732 _____ C:\ProgramData\help_recover_instructions+blu.html
2016-01-16 07:37 - 2016-01-16 07:41 - 00002323 _____ C:\ProgramData\help_recover_instructions+blu.txt
2016-01-16 07:37 - 2016-01-16 07:37 - 00006732 _____ C:\Users\Public\Documents\help_recover_instructions+blu.html
2016-01-16 07:37 - 2016-01-16 07:37 - 00002323 _____ C:\Users\Public\Documents\help_recover_instructions+blu.txt
2016-01-16 07:35 - 2016-01-16 07:35 - 00000254 _____ C:\Users\Lennox\Documents\recover_file_hecgdrnaa.txt
2016-01-16 06:35 - 2016-01-16 06:35 - 00006732 _____ C:\Users\Lennox\Documents\help_recover_instructions+qjr.html
2016-01-16 06:35 - 2016-01-16 06:35 - 00002323 _____ C:\Users\Lennox\Documents\help_recover_instructions+qjr.txt
2016-01-16 00:39 - 2016-01-16 00:39 - 00006732 _____ C:\Users\Lennox\AppData\Roaming\help_recover_instructions+qjr.html
2016-01-16 00:39 - 2016-01-16 00:39 - 00006732 _____ C:\Users\Lennox\AppData\help_recover_instructions+qjr.html
2016-01-16 00:39 - 2016-01-16 00:39 - 00002323 _____ C:\Users\Lennox\AppData\Roaming\help_recover_instructions+qjr.txt
2016-01-16 00:39 - 2016-01-16 00:39 - 00002323 _____ C:\Users\Lennox\AppData\help_recover_instructions+qjr.txt
2016-01-16 00:38 - 2016-01-16 00:38 - 00006732 _____ C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\help_recover_instructions+qjr.html
2016-01-16 00:38 - 2016-01-16 00:38 - 00006732 _____ C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\help_recover_instructions+qjr.html
2016-01-16 00:38 - 2016-01-16 00:38 - 00002323 _____ C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\help_recover_instructions+qjr.txt
2016-01-16 00:38 - 2016-01-16 00:38 - 00002323 _____ C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\help_recover_instructions+qjr.txt
2016-01-16 00:32 - 2016-01-16 00:32 - 00006732 _____ C:\Users\Lennox\AppData\LocalLow\help_recover_instructions+qjr.html
2016-01-16 00:32 - 2016-01-16 00:32 - 00002323 _____ C:\Users\Lennox\AppData\LocalLow\help_recover_instructions+qjr.txt
2016-01-15 23:09 - 2016-01-15 23:09 - 01754112 _____ C:\Users\Lennox\Desktop\adwcleaner_5.029.exe
2016-01-15 22:44 - 2016-01-16 00:32 - 00006732 _____ C:\Users\Lennox\AppData\Local\help_recover_instructions+qjr.html
2016-01-15 22:44 - 2016-01-16 00:32 - 00002323 _____ C:\Users\Lennox\AppData\Local\help_recover_instructions+qjr.txt
2016-01-15 22:44 - 2016-01-15 22:44 - 00006732 _____ C:\Users\Lennox\AppData\Local\Apps\help_recover_instructions+qjr.html
2016-01-15 22:44 - 2016-01-15 22:44 - 00002323 _____ C:\Users\Lennox\AppData\Local\Apps\help_recover_instructions+qjr.txt
2016-01-15 22:42 - 2016-01-15 22:43 - 00006732 _____ C:\ProgramData\help_recover_instructions+qjr.html
2016-01-15 22:42 - 2016-01-15 22:43 - 00002323 _____ C:\ProgramData\help_recover_instructions+qjr.txt
2016-01-15 22:42 - 2016-01-15 22:42 - 00006732 _____ C:\Users\Public\Documents\help_recover_instructions+qjr.html
2016-01-15 22:42 - 2016-01-15 22:42 - 00002323 _____ C:\Users\Public\Documents\help_recover_instructions+qjr.txt
2016-01-15 22:40 - 2016-01-15 22:40 - 00000254 _____ C:\Users\Lennox\Documents\recover_file_ooyjhwegs.txt
2016-01-15 21:00 - 2016-01-15 21:00 - 00006732 _____ C:\Users\Lennox\AppData\Local\help_recover_instructions+yik.html
2016-01-15 21:00 - 2016-01-15 21:00 - 00006732 _____ C:\Users\Lennox\AppData\Local\Apps\help_recover_instructions+yik.html
2016-01-15 21:00 - 2016-01-15 21:00 - 00002323 _____ C:\Users\Lennox\AppData\Local\help_recover_instructions+yik.txt
2016-01-15 21:00 - 2016-01-15 21:00 - 00002323 _____ C:\Users\Lennox\AppData\Local\Apps\help_recover_instructions+yik.txt
2016-01-15 20:57 - 2016-01-16 11:28 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2016-01-15 20:57 - 2016-01-16 10:18 - 00000000 ____D C:\Users\Lennox\AppData\Local\Obdics
2016-01-15 20:57 - 2016-01-15 21:00 - 00006732 _____ C:\ProgramData\help_recover_instructions+yik.html
2016-01-15 20:57 - 2016-01-15 21:00 - 00002323 _____ C:\ProgramData\help_recover_instructions+yik.txt
2016-01-15 20:57 - 2016-01-15 20:57 - 40341504 ____H (MadPack , Pro. ) C:\Users\Lennox\otsvmaef.exe
2016-01-15 20:57 - 2016-01-15 20:57 - 00365056 _____ C:\Users\Lennox\AppData\Roaming\lxowkhe45.exe
2016-01-15 20:57 - 2016-01-15 20:57 - 00006732 _____ C:\Users\Public\Documents\help_recover_instructions+yik.html
2016-01-15 20:57 - 2016-01-15 20:57 - 00002323 _____ C:\Users\Public\Documents\help_recover_instructions+yik.txt
2016-01-15 20:57 - 2016-01-15 20:57 - 00000254 _____ C:\Users\Lennox\Documents\recover_file_muuobcpap.txt
2016-01-15 17:18 - 2016-01-16 00:45 - 00251296 _____ C:\Users\Lennox\Desktop\shutterstock_149488013.jpg.micro
2016-01-14 15:53 - 2016-01-16 00:39 - 00128160 _____ C:\Users\Lennox\Desktop\10.jpg.micro
2016-01-13 15:10 - 2016-01-13 15:10 - 04704280 _____ (Garmin International) C:\Users\Lennox\Desktop\GarminMapUpdater.exe
2016-01-13 15:09 - 2016-01-16 11:28 - 00000000 ____D C:\Users\Lennox\AppData\Local\Garmin_Ltd._or_its_subsid
2016-01-13 14:35 - 2016-01-16 00:45 - 00089088 _____ C:\Users\Lennox\Desktop\Pinterest-yokoandjohnnudeokaybuteverythingelseisnt.jpg.micro
2016-01-13 14:33 - 2016-01-16 00:45 - 00253168 _____ C:\Users\Lennox\Desktop\Pinterest-Jan13.pdf.micro
2016-01-13 14:26 - 2016-01-16 00:45 - 02021248 _____ C:\Users\Lennox\Desktop\Pinterest-Jan13.doc.micro
2016-01-13 11:38 - 2016-01-16 10:18 - 00000000 ____D C:\Users\Lennox\AppData\Roaming\d3d8ssdo
2016-01-13 06:23 - 2015-12-11 13:57 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-01-13 06:23 - 2015-12-08 16:54 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 06:23 - 2015-12-08 16:54 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2016-01-13 06:23 - 2015-12-08 16:54 - 01568768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVENCOD.DLL
2016-01-13 06:23 - 2015-12-08 16:54 - 01325056 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 06:23 - 2015-12-08 16:54 - 00902144 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOD.DLL
2016-01-13 06:23 - 2015-12-08 16:54 - 00815616 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOE.DLL
2016-01-13 06:23 - 2015-12-08 16:54 - 00740352 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmpmde.dll
2016-01-13 06:23 - 2015-12-08 16:54 - 00739328 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 06:23 - 2015-12-08 16:54 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVXENCD.DLL
2016-01-13 06:23 - 2015-12-08 16:54 - 00541184 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSDECD.DLL
2016-01-13 06:23 - 2015-12-08 16:54 - 00358400 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSENCD.DLL
2016-01-13 06:23 - 2015-12-08 16:54 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\VIDRESZR.DLL
2016-01-13 06:23 - 2015-12-08 16:53 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2016-01-13 06:23 - 2015-12-08 16:53 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2016-01-13 06:23 - 2015-12-08 16:53 - 00970240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2adec.dll
2016-01-13 06:23 - 2015-12-08 16:53 - 00829952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 06:23 - 2015-12-08 16:53 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-01-13 06:23 - 2015-12-08 16:53 - 00609280 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 06:23 - 2015-12-08 16:53 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2016-01-13 06:23 - 2015-12-08 16:53 - 00509952 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2016-01-13 06:23 - 2015-12-08 16:53 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2016-01-13 06:23 - 2015-12-08 16:53 - 00415744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL
2016-01-13 06:23 - 2015-12-08 16:53 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2016-01-13 06:23 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MPG4DECD.DLL
2016-01-13 06:23 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP43DECD.DLL
2016-01-13 06:23 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 06:23 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\qasf.dll
2016-01-13 06:23 - 2015-12-08 16:53 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksproxy.ax
2016-01-13 06:23 - 2015-12-08 16:53 - 00153600 _____ (Microsoft Corporation) C:\windows\SysWOW64\COLORCNV.DLL
2016-01-13 06:23 - 2015-12-08 16:53 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2016-01-13 06:23 - 2015-12-08 16:53 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP3DMOD.DLL
2016-01-13 06:23 - 2015-12-08 16:53 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\devenum.dll
2016-01-13 06:23 - 2015-12-08 16:53 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfvdsp.dll
2016-01-13 06:23 - 2015-12-08 16:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2016-01-13 06:23 - 2015-12-08 16:53 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2016-01-13 06:23 - 2015-12-08 16:53 - 00004608 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksuser.dll
2016-01-13 06:23 - 2015-12-08 16:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2016-01-13 06:23 - 2015-12-08 14:07 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2016-01-13 06:23 - 2015-12-08 14:07 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2016-01-13 06:23 - 2015-12-08 14:07 - 01955328 _____ (Microsoft Corporation) C:\windows\system32\WMVENCOD.DLL
2016-01-13 06:23 - 2015-12-08 14:07 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2016-01-13 06:23 - 2015-12-08 14:07 - 01575424 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOE.DLL
2016-01-13 06:23 - 2015-12-08 14:07 - 01573888 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2016-01-13 06:23 - 2015-12-08 14:07 - 01393152 _____ (Microsoft Corporation) C:\windows\system32\WMALFXGFXDSP.dll
2016-01-13 06:23 - 2015-12-08 14:07 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2adec.dll
2016-01-13 06:23 - 2015-12-08 14:07 - 01232896 _____ (Microsoft Corporation) C:\windows\system32\WMADMOD.DLL
2016-01-13 06:23 - 2015-12-08 14:07 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\MSMPEG2ENC.DLL
2016-01-13 06:23 - 2015-12-08 14:07 - 01153024 _____ (Microsoft Corporation) C:\windows\system32\WMADMOE.DLL
2016-01-13 06:23 - 2015-12-08 14:07 - 01026048 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll
2016-01-13 06:23 - 2015-12-08 14:07 - 01010688 _____ (Microsoft Corporation) C:\windows\system32\mcmde.dll
2016-01-13 06:23 - 2015-12-08 14:07 - 00978944 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOD.DLL
2016-01-13 06:23 - 2015-12-08 14:07 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-01-13 06:23 - 2015-12-08 14:07 - 00666112 _____ (Microsoft Corporation) C:\windows\system32\WMVSDECD.DLL
2016-01-13 06:23 - 2015-12-08 14:07 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL
2016-01-13 06:23 - 2015-12-08 14:07 - 00642048 _____ (Microsoft Corporation) C:\windows\system32\WMVXENCD.DLL
2016-01-13 06:23 - 2015-12-08 14:07 - 00632320 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2016-01-13 06:23 - 2015-12-08 14:07 - 00624640 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2016-01-13 06:23 - 2015-12-08 14:07 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\MFWMAAEC.DLL
2016-01-13 06:23 - 2015-12-08 14:07 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\WMVSENCD.DLL
2016-01-13 06:23 - 2015-12-08 14:07 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2016-01-13 06:23 - 2015-12-08 14:07 - 00378880 _____ (Microsoft Corporation) C:\windows\system32\SysFxUI.dll
2016-01-13 06:23 - 2015-12-08 14:07 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2016-01-13 06:23 - 2015-12-08 14:07 - 00292352 _____ (Microsoft Corporation) C:\windows\system32\VIDRESZR.DLL
2016-01-13 06:23 - 2015-12-08 14:07 - 00254464 _____ (Microsoft Corporation) C:\windows\system32\qasf.dll
2016-01-13 06:23 - 2015-12-08 14:07 - 00225792 _____ (Microsoft Corporation) C:\windows\system32\RESAMPLEDMO.DLL
2016-01-13 06:23 - 2015-12-08 14:07 - 00224768 _____ (Microsoft Corporation) C:\windows\system32\MPG4DECD.DLL
2016-01-13 06:23 - 2015-12-08 14:07 - 00223744 _____ (Microsoft Corporation) C:\windows\system32\MP43DECD.DLL
2016-01-13 06:23 - 2015-12-08 14:07 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2016-01-13 06:23 - 2015-12-08 14:07 - 00189952 _____ (Microsoft Corporation) C:\windows\system32\COLORCNV.DLL
2016-01-13 06:23 - 2015-12-08 14:07 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\MP3DMOD.DLL
2016-01-13 06:23 - 2015-12-08 14:07 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\devenum.dll
2016-01-13 06:23 - 2015-12-08 14:07 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\mfvdsp.dll
2016-01-13 06:23 - 2015-12-08 14:07 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2016-01-13 06:23 - 2015-12-08 14:07 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\ksuser.dll
2016-01-13 06:23 - 2015-12-08 14:06 - 00250880 _____ (Microsoft Corporation) C:\windows\system32\ksproxy.ax
2016-01-13 06:23 - 2015-12-08 14:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2016-01-13 06:23 - 2015-12-08 14:04 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2016-01-13 06:23 - 2015-12-08 13:54 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2016-01-13 06:23 - 2015-12-08 13:12 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2016-01-13 06:23 - 2015-12-08 13:11 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmkaud.sys
2016-01-13 06:23 - 2015-12-08 12:58 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-01-13 06:23 - 2015-11-16 20:11 - 00025024 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-01-13 06:23 - 2015-11-16 20:08 - 01381376 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-01-13 06:23 - 2015-11-16 20:08 - 00792064 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-01-13 06:23 - 2015-11-16 20:08 - 00705536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-01-13 06:23 - 2015-11-16 20:08 - 00505856 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-01-13 06:23 - 2015-11-16 20:08 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-01-13 06:23 - 2015-11-16 15:17 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-01-13 06:23 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapistub.dll
2016-01-13 06:23 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapi32.dll
2016-01-13 06:23 - 2015-11-13 18:08 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\fixmapi.exe
2016-01-13 06:23 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapistub.dll
2016-01-13 06:23 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapi32.dll
2016-01-13 06:23 - 2015-11-13 17:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fixmapi.exe
2016-01-13 06:22 - 2015-12-30 14:08 - 05572544 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-01-13 06:22 - 2015-12-30 14:08 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-01-13 06:22 - 2015-12-30 14:08 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-01-13 06:22 - 2015-12-30 14:05 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-01-13 06:22 - 2015-12-30 14:02 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-01-13 06:22 - 2015-12-30 14:02 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-01-13 06:22 - 2015-12-30 14:02 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-01-13 06:22 - 2015-12-30 14:02 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-01-13 06:22 - 2015-12-30 14:02 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-01-13 06:22 - 2015-12-30 14:02 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-01-13 06:22 - 2015-12-30 14:01 - 01214464 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-01-13 06:22 - 2015-12-30 14:01 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-01-13 06:22 - 2015-12-30 14:01 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-01-13 06:22 - 2015-12-30 14:01 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-01-13 06:22 - 2015-12-30 14:01 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-01-13 06:22 - 2015-12-30 14:01 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-01-13 06:22 - 2015-12-30 14:01 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-01-13 06:22 - 2015-12-30 14:00 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-01-13 06:22 - 2015-12-30 13:59 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-01-13 06:22 - 2015-12-30 13:59 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-01-13 06:22 - 2015-12-30 13:59 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-01-13 06:22 - 2015-12-30 13:58 - 01461248 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-01-13 06:22 - 2015-12-30 13:58 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-01-13 06:22 - 2015-12-30 13:57 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-01-13 06:22 - 2015-12-30 13:57 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-01-13 06:22 - 2015-12-30 13:57 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-01-13 06:22 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-01-13 06:22 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-01-13 06:22 - 2015-12-30 13:55 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:47 - 03993536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-01-13 06:22 - 2015-12-30 13:47 - 03938240 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-01-13 06:22 - 2015-12-30 13:44 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-01-13 06:22 - 2015-12-30 13:41 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-01-13 06:22 - 2015-12-30 13:41 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-01-13 06:22 - 2015-12-30 13:41 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-01-13 06:22 - 2015-12-30 13:41 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-01-13 06:22 - 2015-12-30 13:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-01-13 06:22 - 2015-12-30 13:41 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-01-13 06:22 - 2015-12-30 13:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-01-13 06:22 - 2015-12-30 13:41 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-01-13 06:22 - 2015-12-30 13:40 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-01-13 06:22 - 2015-12-30 13:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-01-13 06:22 - 2015-12-30 13:39 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-01-13 06:22 - 2015-12-30 13:39 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-01-13 06:22 - 2015-12-30 13:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-01-13 06:22 - 2015-12-30 13:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-01-13 06:22 - 2015-12-30 13:38 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-01-13 06:22 - 2015-12-30 13:38 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 12:57 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-01-13 06:22 - 2015-12-30 12:50 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-01-13 06:22 - 2015-12-30 12:49 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-01-13 06:22 - 2015-12-30 12:44 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-01-13 06:22 - 2015-12-30 12:43 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-01-13 06:22 - 2015-12-30 12:42 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-01-13 06:22 - 2015-12-30 12:42 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-01-13 06:22 - 2015-12-30 12:41 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-01-13 06:22 - 2015-12-30 12:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-01-13 06:22 - 2015-12-30 12:32 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-01-13 06:22 - 2015-12-30 12:32 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-01-13 06:22 - 2015-12-30 12:32 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-01-13 06:22 - 2015-12-30 12:32 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-01-13 06:22 - 2015-12-30 12:30 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-01-13 06:22 - 2015-12-30 12:30 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 12:30 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 12:30 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 06:22 - 2015-12-30 12:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-13 06:22 - 2015-12-23 18:13 - 00387784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-01-13 06:22 - 2015-12-23 17:52 - 00341192 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-01-13 06:22 - 2015-12-12 13:54 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-01-13 06:22 - 2015-12-12 13:31 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-01-13 06:22 - 2015-12-12 13:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-01-13 06:22 - 2015-12-12 13:16 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-01-13 06:22 - 2015-12-12 13:15 - 02887168 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-01-13 06:22 - 2015-12-12 13:15 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-01-13 06:22 - 2015-12-12 13:15 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-01-13 06:22 - 2015-12-12 13:15 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-01-13 06:22 - 2015-12-12 13:14 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-01-13 06:22 - 2015-12-12 13:07 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-01-13 06:22 - 2015-12-12 13:07 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-01-13 06:22 - 2015-12-12 13:07 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-01-13 06:22 - 2015-12-12 13:03 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-01-13 06:22 - 2015-12-12 13:02 - 20367360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-01-13 06:22 - 2015-12-12 13:02 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-01-13 06:22 - 2015-12-12 13:02 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-01-13 06:22 - 2015-12-12 13:02 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-01-13 06:22 - 2015-12-12 13:02 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-01-13 06:22 - 2015-12-12 12:55 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-01-13 06:22 - 2015-12-12 12:51 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-01-13 06:22 - 2015-12-12 12:49 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-01-13 06:22 - 2015-12-12 12:44 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 06:22 - 2015-12-12 12:40 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-01-13 06:22 - 2015-12-12 12:39 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-01-13 06:22 - 2015-12-12 12:37 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-01-13 06:22 - 2015-12-12 12:37 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-01-13 06:22 - 2015-12-12 12:37 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-01-13 06:22 - 2015-12-12 12:37 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-01-13 06:22 - 2015-12-12 12:36 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-01-13 06:22 - 2015-12-12 12:36 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-01-13 06:22 - 2015-12-12 12:35 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-01-13 06:22 - 2015-12-12 12:33 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-01-13 06:22 - 2015-12-12 12:31 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-01-13 06:22 - 2015-12-12 12:30 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-01-13 06:22 - 2015-12-12 12:28 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-01-13 06:22 - 2015-12-12 12:27 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-01-13 06:22 - 2015-12-12 12:27 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-01-13 06:22 - 2015-12-12 12:27 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-01-13 06:22 - 2015-12-12 12:25 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-01-13 06:22 - 2015-12-12 12:23 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-01-13 06:22 - 2015-12-12 12:22 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-01-13 06:22 - 2015-12-12 12:21 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-01-13 06:22 - 2015-12-12 12:20 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-01-13 06:22 - 2015-12-12 12:19 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-01-13 06:22 - 2015-12-12 12:18 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-01-13 06:22 - 2015-12-12 12:14 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-13 06:22 - 2015-12-12 12:12 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-01-13 06:22 - 2015-12-12 12:10 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-01-13 06:22 - 2015-12-12 12:10 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-01-13 06:22 - 2015-12-12 12:09 - 04610560 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-01-13 06:22 - 2015-12-12 12:08 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-01-13 06:22 - 2015-12-12 12:06 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-01-13 06:22 - 2015-12-12 12:02 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-01-13 06:22 - 2015-12-12 12:00 - 12856320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-01-13 06:22 - 2015-12-12 12:00 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-01-13 06:22 - 2015-12-12 12:00 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-01-13 06:22 - 2015-12-12 12:00 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-01-13 06:22 - 2015-12-12 11:54 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-01-13 06:22 - 2015-12-12 11:42 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-01-13 06:22 - 2015-12-12 11:41 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-01-13 06:22 - 2015-12-12 11:38 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-01-13 06:22 - 2015-12-12 11:36 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-01-13 06:22 - 2015-12-08 16:52 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-01-13 06:22 - 2015-12-08 14:07 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-01-08 17:15 - 2016-01-16 00:44 - 00346304 _____ C:\Users\Lennox\Desktop\File 7715013201.pdf.micro
2016-01-03 13:36 - 2016-01-16 10:20 - 00000000 ____D C:\Users\Lennox\Documents\Keep It Clean & Green
2015-12-31 11:25 - 2016-01-16 00:45 - 00210464 _____ C:\Users\Lennox\Desktop\tumblr_nupqqhPMpp1t4toomo1_1280.jpg.micro
2015-12-30 15:16 - 2016-01-16 00:45 - 00232816 _____ C:\Users\Lennox\Desktop\imagejpeg_3.jpg.micro
2015-12-29 11:26 - 2016-01-16 11:28 - 00000000 ____D C:\Users\Lennox\AppData\Local\MediaHuman
2015-12-29 11:26 - 2016-01-16 10:19 - 00000000 ____D C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaHuman
2015-12-29 11:26 - 2015-12-29 11:26 - 00001241 _____ C:\Users\Lennox\Desktop\MediaHuman Audio Converter.lnk
2015-12-29 11:26 - 2015-12-29 11:26 - 00000000 ____D C:\Program Files (x86)\MediaHuman
2015-12-29 11:25 - 2015-12-29 11:25 - 22195536 _____ (MediaHuman ) C:\Users\Lennox\Desktop\MHAudioConverter.exe
2015-12-22 21:46 - 2016-01-16 00:45 - 00530928 _____ C:\Users\Lennox\Desktop\StarWars.pdf.micro
2015-12-22 20:35 - 2016-01-16 00:45 - 00130544 _____ C:\Users\Lennox\Desktop\harp.JPG.micro
2015-12-22 20:20 - 2015-12-22 20:20 - 00001018 _____ C:\Users\Public\Desktop\PDF-Viewer.lnk
2015-12-22 20:20 - 2015-12-22 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2015-12-22 20:20 - 2015-12-22 20:20 - 00000000 ____D C:\Program Files\Tracker Software
2015-12-22 18:09 - 2016-01-16 00:45 - 00108016 _____ C:\Users\Lennox\Desktop\tickets.pdf.micro
2015-12-21 01:29 - 2016-01-16 00:45 - 00245744 _____ C:\Users\Lennox\Desktop\keep_hamilton_clean_and_green_-_member_roles_and_responsibilities.pdf.micro
2015-12-21 01:29 - 2016-01-16 00:45 - 00095392 _____ C:\Users\Lennox\Desktop\khcgc_terms_of_reference.pdf.micro
2015-12-20 21:12 - 2016-01-16 00:46 - 14305632 _____ C:\Users\Lennox\Desktop\xyz25.zip.micro

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-16 11:32 - 2012-05-11 13:25 - 00000000 ____D C:\Users\Lennox\AppData\Roaming\uTorrent
2016-01-16 11:31 - 2009-07-13 23:45 - 00026192 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-16 11:31 - 2009-07-13 23:45 - 00026192 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-16 11:28 - 2015-12-11 19:10 - 00000000 ____D C:\Users\Lennox\AppData\Local\Apple Inc
2016-01-16 11:28 - 2015-12-09 14:06 - 00000000 ____D C:\Users\Lennox\AppData\Local\CEF
2016-01-16 11:28 - 2015-06-10 02:30 - 00000000 ____D C:\Users\Lennox\AppData\Local\GWX
2016-01-16 11:28 - 2014-12-17 06:19 - 00000000 ____D C:\Users\Lennox\AppData\Local\Deployment
2016-01-16 11:28 - 2014-12-17 06:19 - 00000000 ____D C:\Users\Lennox\AppData\Local\Apps\2.0
2016-01-16 11:28 - 2014-11-12 20:20 - 00000000 __SHD C:\Users\Lennox\AppData\Local\EmieBrowserModeList
2016-01-16 11:28 - 2014-06-17 07:06 - 00000000 ____D C:\Users\Lennox\AppData\Local\Adobe
2016-01-16 11:28 - 2014-04-12 17:29 - 00000000 __SHD C:\Users\Lennox\AppData\Local\EmieUserList
2016-01-16 11:28 - 2014-04-12 17:29 - 00000000 __SHD C:\Users\Lennox\AppData\Local\EmieSiteList
2016-01-16 11:28 - 2013-11-22 15:20 - 00000000 ____D C:\Users\Lennox\AppData\Local\Downloaded Installations
2016-01-16 11:28 - 2013-11-22 15:20 - 00000000 ____D C:\ProgramData\Sonos,_Inc
2016-01-16 11:28 - 2013-05-12 06:30 - 00000000 ____D C:\Users\Lennox\AppData\Local\Google
2016-01-16 11:28 - 2013-04-15 20:30 - 00000000 ____D C:\Users\Lennox\AppData\Local\Garmin
2016-01-16 11:28 - 2012-09-20 20:03 - 00000000 ____D C:\Users\Lennox\AppData\Local\Apple Computer
2016-01-16 11:28 - 2012-09-20 20:02 - 00000000 ____D C:\Users\Lennox\AppData\Local\Apple
2016-01-16 11:28 - 2012-05-27 17:00 - 00000000 ____D C:\Users\Lennox\AppData\Local\DuplicateCleaner
2016-01-16 11:28 - 2012-04-21 21:48 - 00000000 ____D C:\ProgramData\TP-LINK
2016-01-16 11:28 - 2011-01-17 20:05 - 00000000 __HDC C:\ProgramData\{FEC7DA28-87AB-47BB-8C6C-FFE15BF1037D}
2016-01-16 11:28 - 2011-01-17 20:04 - 00000000 ____D C:\ProgramData\Temp
2016-01-16 11:27 - 2015-02-08 18:25 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-01-16 11:27 - 2015-02-08 18:17 - 00000000 ____D C:\ProgramData\HP
2016-01-16 11:27 - 2014-05-07 22:03 - 00000000 ____D C:\ProgramData\GRETECH
2016-01-16 11:27 - 2013-12-10 20:22 - 00000000 ____D C:\ProgramData\Lenovo
2016-01-16 11:27 - 2013-05-12 06:30 - 00000000 ____D C:\ProgramData\Google
2016-01-16 11:27 - 2013-04-15 20:30 - 00000000 ____D C:\ProgramData\Garmin
2016-01-16 11:27 - 2012-05-11 14:09 - 00000000 ____D C:\ProgramData\QuickTime
2016-01-16 11:27 - 2012-05-11 14:07 - 00000000 ____D C:\ProgramData\Kodak
2016-01-16 11:27 - 2011-01-17 20:00 - 00000000 ____D C:\ProgramData\McAfee
2016-01-16 11:27 - 2011-01-17 20:00 - 00000000 ____D C:\ProgramData\Intel
2016-01-16 11:26 - 2012-06-25 16:58 - 00000000 ____D C:\ProgramData\eBay
2016-01-16 11:25 - 2015-12-12 08:24 - 00000000 ____D C:\AdwCleaner
2016-01-16 11:25 - 2014-05-04 17:07 - 00000000 ____D C:\ProgramData\Dr Tax
2016-01-16 11:25 - 2014-04-23 17:55 - 00000000 ____D C:\ProgramData\Cisco Systems
2016-01-16 11:25 - 2013-08-12 18:58 - 00000000 ____D C:\MSSoap
2016-01-16 11:25 - 2013-08-12 18:58 - 00000000 ____D C:\Binaries
2016-01-16 11:25 - 2013-05-12 06:30 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-16 11:25 - 2012-09-20 20:02 - 00000000 ____D C:\ProgramData\Apple Computer
2016-01-16 11:25 - 2012-09-20 20:01 - 00000000 ____D C:\ProgramData\Apple
2016-01-16 11:25 - 2012-06-17 17:00 - 00000000 ___HD C:\Lenovo
2016-01-16 11:25 - 2012-06-17 17:00 - 00000000 ____D C:\ProgramData\CyberLink
2016-01-16 11:25 - 2012-06-07 17:08 - 00000000 ___HD C:\kleaner.tmp
2016-01-16 11:25 - 2011-01-17 20:04 - 00000000 ____D C:\ProgramData\Adobe
2016-01-16 11:25 - 2011-01-17 19:15 - 00000000 ____D C:\Intel
2016-01-16 11:25 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-01-16 11:20 - 2015-09-14 15:35 - 00000000 ____D C:\Users\Lennox\Downloads\Magazines
2016-01-16 10:59 - 2013-05-12 06:30 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-16 10:30 - 2009-07-14 00:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2016-01-16 10:30 - 2009-07-13 22:20 - 00000000 ____D C:\windows\inf
2016-01-16 10:20 - 2015-07-05 10:07 - 00000000 ____D C:\Users\Lennox\Documents\Garden
2016-01-16 10:20 - 2015-06-19 21:18 - 00000000 ____D C:\Users\Lennox\Documents\Garage Sales
2016-01-16 10:20 - 2014-06-17 07:09 - 00000000 ____D C:\Users\Lennox\Documents\Tax Files
2016-01-16 10:20 - 2014-03-20 19:43 - 00000000 ____D C:\Users\Lennox\Documents\My Weblog Posts
2016-01-16 10:20 - 2014-03-20 19:43 - 00000000 ____D C:\Users\Lennox\AppData\Roaming\Windows Live Writer
2016-01-16 10:20 - 2014-02-09 14:47 - 00000000 ____D C:\Users\Lennox\Documents\I am Lennox
2016-01-16 10:20 - 2014-02-05 13:19 - 00000000 ____D C:\Users\Lennox\Documents\Calendars
2016-01-16 10:20 - 2014-02-04 21:51 - 00000000 ____D C:\Users\Lennox\Documents\Hamilton Arts Council
2016-01-16 10:20 - 2013-12-13 19:24 - 00000000 ____D C:\Users\Lennox\Documents\Garmin
2016-01-16 10:20 - 2012-11-09 19:41 - 00000000 ____D C:\Users\Lennox\Documents\Any Video Converter
2016-01-16 10:20 - 2012-08-12 14:45 - 00000000 ____D C:\Users\Lennox\Documents\59 Oxford Street
2016-01-16 10:20 - 2012-07-27 17:01 - 00000000 ____D C:\Users\Lennox\Documents\Budget
2016-01-16 10:20 - 2012-07-22 18:40 - 00000000 ____D C:\Users\Lennox\Documents\Resume & Job Applications
2016-01-16 10:20 - 2012-07-22 18:33 - 00000000 ____D C:\Users\Lennox\Documents\Home Stuff
2016-01-16 10:20 - 2012-07-22 18:32 - 00000000 ____D C:\Users\Lennox\Documents\Old Computer
2016-01-16 10:20 - 2012-07-22 17:29 - 00000000 ____D C:\Users\Lennox\Documents\Kijiji Ads
2016-01-16 10:20 - 2012-06-25 17:38 - 00000000 ____D C:\Users\Lennox\Documents\Turbo Lister Backup
2016-01-16 10:20 - 2012-06-01 05:40 - 00000000 ____D C:\Users\Lennox\Documents\US
2016-01-16 10:20 - 2012-06-01 05:40 - 00000000 ____D C:\Users\Lennox\Documents\Recipes
2016-01-16 10:20 - 2012-05-27 15:13 - 00000000 __RSD C:\Users\Lennox\Documents\My Stationery
2016-01-16 10:20 - 2012-05-11 14:33 - 00000000 ____D C:\Users\Lennox\AppData\Roaming\vlc
2016-01-16 10:19 - 2015-12-03 12:08 - 00000000 ____D C:\Users\Lennox\AppData\Roaming\Mp3tag
2016-01-16 10:19 - 2015-02-08 18:27 - 00000000 ____D C:\Users\Lennox\AppData\Roaming\Hewlett-Packard Company
2016-01-16 10:19 - 2015-02-08 18:25 - 00000000 ____D C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2016-01-16 10:19 - 2015-02-08 18:25 - 00000000 ____D C:\Users\Lennox\AppData\Roaming\HpUpdate
2016-01-16 10:19 - 2014-02-01 12:02 - 00000000 ____D C:\Users\Lennox\AppData\Roaming\InstallShield
2016-01-16 10:19 - 2013-12-27 09:09 - 00000000 ____D C:\Users\Lennox\AppData\Roaming\GRETECH
2016-01-16 10:19 - 2013-04-15 20:31 - 00000000 ____D C:\Users\Lennox\AppData\Roaming\Garmin
2016-01-16 10:19 - 2012-04-21 21:49 - 00000000 ____D C:\Users\Lennox\AppData\Roaming\Macromedia
2016-01-16 10:19 - 2012-04-15 03:20 - 00000000 ____D C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-01-16 10:19 - 2012-04-15 03:20 - 00000000 ____D C:\Users\Lennox\AppData\Roaming\Media Center Programs
2016-01-16 10:18 - 2015-12-16 13:12 - 00000000 ____D C:\Users\Lennox\AppData\Roaming\d3d8olcy
2016-01-16 10:18 - 2015-03-15 13:49 - 00000000 ____D C:\Users\Lennox\AppData\Roaming\DigitalVolcano
2016-01-16 10:18 - 2014-11-12 03:27 - 00000000 __SHD C:\Users\Lennox\AppData\LocalLow\EmieBrowserModeList
2016-01-16 10:18 - 2014-09-12 06:53 - 00000000 ____D C:\Users\Lennox\AppData\Roaming\AC3Filter
2016-01-16 10:18 - 2014-05-21 21:35 - 00000000 ____D C:\Users\Lennox\AppData\Roaming\DVDVideoSoft
2016-01-16 10:18 - 2014-04-12 17:29 - 00000000 __SHD C:\Users\Lennox\AppData\LocalLow\EmieUserList
2016-01-16 10:18 - 2014-04-12 17:23 - 00000000 __SHD C:\Users\Lennox\AppData\LocalLow\EmieSiteList
2016-01-16 10:18 - 2014-03-20 19:43 - 00000000 ____D C:\Users\Lennox\AppData\Local\Windows Live Writer
2016-01-16 10:18 - 2013-11-22 18:54 - 00000000 ____D C:\Users\Lennox\AppData\Local\Sonos,_Inc
2016-01-16 10:18 - 2013-03-26 05:08 - 00000000 ____D C:\Users\Lennox\AppData\LocalLow\Adobe
2016-01-16 10:18 - 2013-01-07 18:55 - 00000000 ____D C:\Users\Lennox\AppData\Roaming\AquaSoft
2016-01-16 10:18 - 2012-11-09 19:41 - 00000000 ____D C:\Users\Lennox\AppData\Roaming\AnvSoft
2016-01-16 10:18 - 2012-09-20 20:03 - 00000000 ____D C:\Users\Lennox\AppData\Roaming\Apple Computer
2016-01-16 10:18 - 2012-05-27 14:35 - 00000000 ____D C:\Users\Lennox\AppData\Local\WindowsUpdate
2016-01-16 10:18 - 2012-05-27 14:29 - 00000000 ____D C:\Users\Lennox\AppData\Local\Microsoft Help
2016-01-16 10:18 - 2012-05-15 19:23 - 00000000 ____D C:\Users\Lennox\AppData\Local\Microsoft Games
2016-01-16 10:18 - 2012-04-21 21:49 - 00000000 ____D C:\Users\Lennox\AppData\Roaming\Adobe
2016-01-16 10:18 - 2012-04-15 03:51 - 00000000 ___SD C:\Users\Lennox\AppData\LocalLow\Temp
2016-01-16 10:18 - 2012-04-15 03:20 - 00000000 ____D C:\Users\Lennox\AppData\Local\VirtualStore
2016-01-16 09:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-16 08:06 - 2012-05-12 22:14 - 04565648 _____ C:\windows\ntbtlog.txt
2016-01-16 00:49 - 2013-12-05 23:20 - 00026496 _____ C:\Users\Lennox\Documents\Hi Michel.doc.micro
2016-01-16 00:49 - 2013-10-20 18:13 - 00026496 _____ C:\Users\Lennox\Documents\Giving someone all your love is never an assurance that they.doc.micro
2016-01-16 00:46 - 2015-12-10 08:41 - 00032896 _____ C:\Users\Lennox\Desktop\Ward 1 Speed Hump Petition - Oxford St.pdf.micro
2016-01-16 00:46 - 2015-07-22 17:52 - 00000544 ____H C:\Users\Lennox\Desktop\~$e video for Beethoven begins with Annie Lennox as a neglected housewife.docx.micro
2016-01-16 00:46 - 2014-03-17 19:35 - 00000000 ____D C:\Users\Lennox\Desktop\VR
2016-01-16 00:46 - 2013-12-22 09:34 - 00000544 ____H C:\Users\Lennox\Desktop\~$cember-2013.doc.micro
2016-01-16 00:45 - 2015-12-12 23:47 - 00085344 _____ C:\Users\Lennox\Desktop\libra.jpg.micro
2016-01-16 00:45 - 2015-11-15 17:02 - 00142464 _____ C:\Users\Lennox\Desktop\tumblr_nmn8ykac091rtkr1co1_1280.jpg.micro
2016-01-16 00:45 - 2015-11-11 18:00 - 00204272 _____ C:\Users\Lennox\Desktop\HAC_FundDevelopment_Volunteer.docx.micro
2016-01-16 00:45 - 2015-09-09 16:45 - 00000000 ____D C:\Users\Lennox\Desktop\HAC
2016-01-16 00:45 - 2015-08-13 08:59 - 00876736 _____ C:\Users\Lennox\Desktop\ProjectBrief_25-year_CommunityVision.pdf.micro
2016-01-16 00:45 - 2015-07-12 08:21 - 01439360 _____ C:\Users\Lennox\Desktop\Me.JPG.micro
2016-01-16 00:45 - 2015-07-10 06:57 - 00036640 _____ C:\Users\Lennox\Desktop\LTroe.pdf.micro
2016-01-16 00:45 - 2015-06-22 11:04 - 00798592 _____ C:\Users\Lennox\Desktop\iamsavagetoo Freecycle login problems.doc.micro
2016-01-16 00:45 - 2015-06-12 13:59 - 00143296 _____ C:\Users\Lennox\Desktop\niconicea72.jpg.micro
2016-01-16 00:45 - 2015-05-04 19:21 - 00245600 _____ C:\Users\Lennox\Desktop\RBG.pdf.micro
2016-01-16 00:45 - 2015-04-12 08:10 - 08475472 _____ C:\Users\Lennox\Desktop\Native Plant Presentation.pdf.micro
2016-01-16 00:45 - 2015-02-07 21:05 - 00064080 _____ C:\Users\Lennox\Desktop\Ptera's Cat.jpg.micro
2016-01-16 00:45 - 2014-11-10 08:17 - 00011168 _____ C:\Users\Lennox\Desktop\The video for Beethoven begins with Annie Lennox as a neglected housewife.docx.micro
2016-01-16 00:44 - 2015-09-09 11:35 - 00000000 ____D C:\Users\Lennox\Desktop\eBay johnpruitt photos
2016-01-16 00:44 - 2015-09-04 12:25 - 00000000 ____D C:\Users\Lennox\Desktop\Garden 2015
2016-01-16 00:44 - 2015-07-06 11:42 - 00105632 _____ C:\Users\Lennox\Desktop\garden.JPG.micro
2016-01-16 00:43 - 2015-10-28 11:40 - 00000000 ____D C:\Users\Lennox\Desktop\eBay jimyount photos
2016-01-16 00:43 - 2015-08-08 10:23 - 00000000 ____D C:\Users\Lennox\Desktop\Desktop Pictures
2016-01-16 00:42 - 2015-12-02 17:10 - 00000000 ____D C:\Users\Lennox\Desktop\Dancers
2016-01-16 00:42 - 2015-11-25 12:54 - 00000000 ____D C:\Users\Lennox\Desktop\David Leveille’s THE MODESTY OF ICEBERGS
2016-01-16 00:42 - 2015-09-02 17:26 - 00026496 _____ C:\Users\Lennox\Desktop\Arizer V.doc.micro
2016-01-16 00:42 - 2015-03-08 19:52 - 00110464 _____ C:\Users\Lennox\Desktop\Board Report for Sat. May 28 - edited.doc.micro
2016-01-16 00:42 - 2014-09-29 16:24 - 01020000 _____ C:\Users\Lennox\Desktop\3715141288_b9a83d8fbb_o.jpg.micro
2016-01-16 00:41 - 2015-11-10 09:41 - 00000000 ____D C:\Users\Lennox\Desktop\2015
2016-01-16 00:41 - 2015-08-24 16:04 - 00293088 _____ C:\Users\Lennox\Desktop\2015 - 2016 TAC Reciprocal Agreement.pdf.micro
2016-01-16 00:41 - 2015-08-13 08:59 - 01319232 _____ C:\Users\Lennox\Desktop\25-year Vision - Project Plan.pdf.micro
2016-01-16 00:41 - 2015-06-13 16:50 - 00161152 _____ C:\Users\Lennox\Desktop\2015 Calendar.xls.micro
2016-01-16 00:35 - 2014-02-01 11:56 - 00000480 _____ C:\Users\Lennox\AppData\Roaming\edition.txt.micro
2016-01-15 20:57 - 2012-04-15 03:20 - 00000000 ____D C:\Users\Lennox
2016-01-14 16:08 - 2013-12-27 09:09 - 00001209 _____ C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-01-14 16:08 - 2013-12-27 09:09 - 00001185 _____ C:\Users\Public\Desktop\GOM Player.lnk
2016-01-14 13:22 - 2013-10-10 03:23 - 00000000 ____D C:\windows\rescache
2016-01-13 11:37 - 2009-07-13 23:45 - 00306168 _____ C:\windows\system32\FNTCACHE.DAT
2016-01-13 11:34 - 2014-12-10 03:24 - 00000000 ____D C:\windows\system32\appraiser
2016-01-13 11:34 - 2014-05-06 07:06 - 00000000 ___SD C:\windows\system32\CompatTel
2016-01-13 11:30 - 2013-03-16 02:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 11:30 - 2012-05-27 14:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-13 11:29 - 2013-03-16 02:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 11:29 - 2013-03-16 02:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 11:28 - 2013-07-28 02:05 - 00000000 ____D C:\windows\system32\MRT
2016-01-13 11:25 - 2012-05-27 14:52 - 143671360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-12-22 20:12 - 2015-12-09 12:21 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-18 12:57 - 2015-04-05 02:00 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-12-18 12:57 - 2015-04-05 02:00 - 00000000 ___SD C:\windows\system32\GWX

==================== Files in the root of some directories =======

2014-03-27 05:52 - 2014-03-27 05:52 - 3074725 _____ () C:\Program Files (x86)\DT1W1_13.dtE
2014-03-27 05:52 - 2014-03-27 05:52 - 3959095 _____ () C:\Program Files (x86)\DT1W1_13.dtF
2014-01-24 10:44 - 2014-01-24 10:44 - 1340102 _____ () C:\Program Files (x86)\DT1wdx13
2013-12-11 08:54 - 2013-12-11 08:54 - 0036740 _____ () C:\Program Files (x86)\Dt1wef13
2013-12-09 13:19 - 2013-12-09 13:19 - 0044733 _____ () C:\Program Files (x86)\Dt1weq13
2014-03-28 05:10 - 2014-03-28 05:10 - 16988052 _____ () C:\Program Files (x86)\DT1WFO13
2014-03-21 14:41 - 2014-03-21 14:41 - 0000130 _____ () C:\Program Files (x86)\dt1wve13
2013-11-26 08:27 - 2013-11-26 08:27 - 0184320 _____ (Thomson Reuters DT Tax and Accounting Inc.) C:\Program Files (x86)\DtHtmlLabelDll.dll
2013-11-26 08:27 - 2013-11-26 08:27 - 0072704 _____ (Thomson Reuters DT Tax and Accounting Inc.) C:\Program Files (x86)\DtMaskEdit.dll
2014-01-07 15:21 - 2014-01-07 15:21 - 0384000 _____ (Thomson Reuters DT Tax and Accounting Inc.) C:\Program Files (x86)\dtw9.dll
2013-11-28 08:03 - 2013-11-28 08:03 - 0265216 _____ (Thomson Reuters DT Tax and Accounting Inc.) C:\Program Files (x86)\DTWinf.exe
1999-02-20 07:54 - 1999-02-20 07:54 - 0030720 _____ () C:\Program Files (x86)\dtwsmtp.exe
2010-08-09 09:35 - 2010-08-09 09:35 - 0643072 _____ () C:\Program Files (x86)\ECLActiveX.ocx
2013-12-11 13:03 - 2013-12-11 13:03 - 1780084 _____ () C:\Program Files (x86)\guidee.pdf
2010-08-09 09:35 - 2010-08-09 09:35 - 0163840 _____ (IDAutomation.com, Inc.) C:\Program Files (x86)\IDAutomationDMATRIX6.DLL
2010-08-09 09:35 - 2010-08-09 09:35 - 0017920 _____ () C:\Program Files (x86)\IMPLODE.DLL
2014-03-18 13:40 - 2014-03-18 13:40 - 0110695 _____ () C:\Program Files (x86)\mrq2wigl.xsl
2010-08-09 09:35 - 2010-08-09 09:35 - 2613248 _____ (PDFlib GmbH) C:\Program Files (x86)\pdflib.dll
2013-12-02 09:40 - 2013-12-02 09:40 - 0005023 _____ () C:\Program Files (x86)\readme.txt
2013-11-08 08:33 - 2013-11-08 08:33 - 0354816 _____ (Revenu Québec) C:\Program Files (x86)\RQ_R4S001D13.dll
2010-11-01 08:55 - 2010-11-01 08:55 - 0562720 _____ (TEC-IT Datenverarbeitung GmbH (www.tec-it.com)
Wagnerstr. 6, A-4400 Steyr, AUSTRIA
[email protected]
p: +43 (7252) 72720
f: +43 (7252) 72720-77) C:\Program Files (x86)\TBarCode6.ocx
2014-03-31 07:01 - 2014-03-31 07:01 - 3308822 _____ () C:\Program Files (x86)\UB1X13A.dte
2014-03-28 14:49 - 2014-03-28 14:49 - 3978240 _____ () C:\Program Files (x86)\ub1x3_13.exe
2014-01-27 12:56 - 2014-01-27 12:56 - 0754688 _____ (Thomson Reuters DT Tax and Accounting Inc.) C:\Program Files (x86)\ubx1.dll
2014-03-24 09:52 - 2014-03-24 09:52 - 0781824 _____ (Thomson Reuters DT Tax and Accounting Inc.) C:\Program Files (x86)\ubx5.dll
2014-03-25 09:19 - 2014-03-25 09:19 - 1054208 _____ (Thomson Reuters DT Tax and Accounting Inc.) C:\Program Files (x86)\ubxabe.dll
2014-03-17 09:47 - 2014-03-17 09:47 - 0499712 _____ (Thomson Reuters DT Tax and Accounting Inc.) C:\Program Files (x86)\UbxDiagnostics.dll
2014-03-24 09:51 - 2014-03-24 09:51 - 0476160 _____ (Thomson Reuters DT Tax and Accounting Inc.) C:\Program Files (x86)\ubxflat.dll
2014-03-27 13:54 - 2014-03-27 13:54 - 14022598 _____ () C:\Program Files (x86)\ubxkbe.chm
2013-12-09 15:15 - 2013-12-09 15:15 - 0216181 _____ () C:\Program Files (x86)\ubxkwmap.dt
2013-12-09 15:15 - 2013-12-09 15:15 - 0228130 _____ () C:\Program Files (x86)\ubxkwmapQ.dt
2014-03-27 13:52 - 2014-03-27 13:52 - 0017420 _____ () C:\Program Files (x86)\ubxlnk
2014-02-07 10:32 - 2014-02-07 10:32 - 9796096 _____ (Thomson Reuters DT Tax and Accounting Inc.) C:\Program Files (x86)\ubxres.dll
2013-11-13 14:57 - 2013-11-13 14:57 - 0017202 _____ () C:\Program Files (x86)\ubxsrch.dte
2013-12-10 07:12 - 2013-12-10 07:12 - 1302016 _____ (Thomson Reuters DT Tax and Accounting Inc.) C:\Program Files (x86)\ubxupdater.exe
2014-01-30 15:09 - 2014-01-30 15:09 - 0271872 _____ (Thomson Reuters DT Tax and Accounting Inc.) C:\Program Files (x86)\ubxutil.dll
2014-02-04 14:05 - 2014-02-04 14:05 - 0554496 _____ (Thomson Reuters DT Tax and Accounting Inc.) C:\Program Files (x86)\ufile.exe
2010-08-09 09:35 - 2010-08-09 09:35 - 0206336 _____ (Catenary Systems) C:\Program Files (x86)\VIC32.DLL
2014-02-01 11:56 - 2016-01-16 00:35 - 0000480 _____ () C:\Users\Lennox\AppData\Roaming\edition.txt.micro
2016-01-16 10:20 - 2016-01-16 10:20 - 0006732 _____ () C:\Users\Lennox\AppData\Roaming\help_recover_instructions+klh.html
2016-01-16 10:20 - 2016-01-16 10:20 - 0002323 _____ () C:\Users\Lennox\AppData\Roaming\help_recover_instructions+klh.txt
2016-01-16 00:39 - 2016-01-16 00:39 - 0006732 _____ () C:\Users\Lennox\AppData\Roaming\help_recover_instructions+qjr.html
2016-01-16 00:39 - 2016-01-16 00:39 - 0002323 _____ () C:\Users\Lennox\AppData\Roaming\help_recover_instructions+qjr.txt
2016-01-15 20:57 - 2016-01-15 20:57 - 0365056 _____ () C:\Users\Lennox\AppData\Roaming\lxowkhe45.exe
2016-01-16 10:19 - 2016-01-16 10:19 - 0006732 _____ () C:\Users\Lennox\AppData\Roaming\Microsoft\help_recover_instructions+klh.html
2016-01-16 10:19 - 2016-01-16 10:19 - 0002323 _____ () C:\Users\Lennox\AppData\Roaming\Microsoft\help_recover_instructions+klh.txt
2016-01-16 00:38 - 2016-01-16 00:38 - 0006732 _____ () C:\Users\Lennox\AppData\Roaming\Microsoft\help_recover_instructions+qjr.html
2016-01-16 00:38 - 2016-01-16 00:38 - 0002323 _____ () C:\Users\Lennox\AppData\Roaming\Microsoft\help_recover_instructions+qjr.txt
2016-01-16 07:41 - 2016-01-16 07:41 - 0006732 _____ () C:\Users\Lennox\AppData\Local\help_recover_instructions+blu.html
2016-01-16 07:41 - 2016-01-16 07:41 - 0002323 _____ () C:\Users\Lennox\AppData\Local\help_recover_instructions+blu.txt
2016-01-16 09:04 - 2016-01-16 10:18 - 0006732 _____ () C:\Users\Lennox\AppData\Local\help_recover_instructions+klh.html
2016-01-16 09:04 - 2016-01-16 10:18 - 0002323 _____ () C:\Users\Lennox\AppData\Local\help_recover_instructions+klh.txt
2016-01-16 11:28 - 2016-01-16 11:28 - 0006732 _____ () C:\Users\Lennox\AppData\Local\help_recover_instructions+omq.html
2016-01-16 11:28 - 2016-01-16 11:28 - 0002323 _____ () C:\Users\Lennox\AppData\Local\help_recover_instructions+omq.txt
2016-01-15 22:44 - 2016-01-16 00:32 - 0006732 _____ () C:\Users\Lennox\AppData\Local\help_recover_instructions+qjr.html
2016-01-15 22:44 - 2016-01-16 00:32 - 0002323 _____ () C:\Users\Lennox\AppData\Local\help_recover_instructions+qjr.txt
2016-01-15 21:00 - 2016-01-15 21:00 - 0006732 _____ () C:\Users\Lennox\AppData\Local\help_recover_instructions+yik.html
2016-01-15 21:00 - 2016-01-15 21:00 - 0002323 _____ () C:\Users\Lennox\AppData\Local\help_recover_instructions+yik.txt
2012-06-03 16:21 - 2012-06-03 16:21 - 0017408 _____ () C:\Users\Lennox\AppData\Local\WebpageIcons.db
2016-01-16 07:37 - 2016-01-16 07:41 - 0006732 _____ () C:\ProgramData\help_recover_instructions+blu.html
2016-01-16 07:37 - 2016-01-16 07:41 - 0002323 _____ () C:\ProgramData\help_recover_instructions+blu.txt
2016-01-16 09:00 - 2016-01-16 09:04 - 0006732 _____ () C:\ProgramData\help_recover_instructions+klh.html
2016-01-16 09:00 - 2016-01-16 09:04 - 0002323 _____ () C:\ProgramData\help_recover_instructions+klh.txt
2016-01-16 11:25 - 2016-01-16 11:28 - 0006732 _____ () C:\ProgramData\help_recover_instructions+omq.html
2016-01-16 11:25 - 2016-01-16 11:28 - 0002323 _____ () C:\ProgramData\help_recover_instructions+omq.txt
2016-01-15 22:42 - 2016-01-15 22:43 - 0006732 _____ () C:\ProgramData\help_recover_instructions+qjr.html
2016-01-15 22:42 - 2016-01-15 22:43 - 0002323 _____ () C:\ProgramData\help_recover_instructions+qjr.txt
2016-01-15 20:57 - 2016-01-15 21:00 - 0006732 _____ () C:\ProgramData\help_recover_instructions+yik.html
2016-01-15 20:57 - 2016-01-15 21:00 - 0002323 _____ () C:\ProgramData\help_recover_instructions+yik.txt

Files to move or delete:
====================
C:\Users\Lennox\otsvmaef.exe

Some files in TEMP:
====================
C:\Users\Lennox\AppData\Local\Temp\6E5C.tmp.exe
C:\Users\Lennox\AppData\Local\Temp\A75D.tmp.exe
C:\Users\Lennox\AppData\Local\Temp\A988.tmp.exe
C:\Users\Lennox\AppData\Local\Temp\CD7C.tmp.exe
C:\Users\Lennox\AppData\Local\Temp\ExPromo.exe
C:\Users\Lennox\AppData\Local\Temp\F08D.tmp.exe
C:\Users\Lennox\AppData\Local\Temp\install.exe
C:\Users\Lennox\AppData\Local\Temp\SonosUpgrader.exe
C:\Users\Lennox\AppData\Local\Temp\sqlite3.dll
C:\Users\Lennox\AppData\Local\Temp\utt30B2.tmp.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-09 00:05

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Lennox (2016-01-16 11:37:08)
Running from C:\Users\Lennox\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-04-15 08:20:18)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-606387608-774257337-4196163694-500 - Administrator - Disabled)
Guest (S-1-5-21-606387608-774257337-4196163694-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-606387608-774257337-4196163694-1003 - Limited - Enabled)
Lennox (S-1-5-21-606387608-774257337-4196163694-1001 - Administrator - Enabled) => C:\Users\Lennox
Sonos (S-1-5-21-606387608-774257337-4196163694-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-606387608-774257337-4196163694-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
AC3Filter 2.5b (HKLM-x32\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter 5.8.6 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Best Buy pc app (Version: 3.1.1.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.1.1.0 - Best Buy) Hidden
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12263.1 - Cisco Consumer Products LLC)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Duplicate Cleaner Free 3.2.6 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.2.6 - DigitalVolcano Software Ltd) <==== ATTENTION
EaseUS Partition Master 10.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Elevated Installer (x32 Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Hidden
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.1.514 - DVDVideoSoft Ltd.)
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{01b90f4a-c495-47c4-a33b-1391f41398ce}) (Version: 4.0.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Hidden
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.76.5239 - Gretech Corporation)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP LaserJet Pro M201-M202 (HKLM-x32\...\{e71f6d30-080d-43ef-87e0-1ac4d7f8adfa}) (Version: 12.0.14101.145 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDXP (x32 Version: 3.0.26.14 - HP) Hidden
HPLJDXPHelper (x32 Version: 120.063.006 - HP) Hidden
HPLJProM201M202 (HKLM-x32\...\{F2C371CB-0B8B-4135-82AA-DA2147635412}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUTCore (x32 Version: 012.000.0001 - HP) Hidden
HPLJUTM201_202 (x32 Version: 012.000.0001 - HP) Hidden
hppLaserJetService (x32 Version: 009.033.00906 - Hewlett-Packard) Hidden
hppM201-M202LaserJetService (x32 Version: 001.034.00685 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 100.040.00218 - Hewlett Packard) Hidden
hpStatusAlertsM201-M202 (x32 Version: 120.046.00127 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2246 - Intel Corporation)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.1.0.1311 - Lenovo)
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
LJDXPHelperUI (x32 Version: 120.063.006 - HP) Hidden
LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.2.0919 - Lenovo)
LXH-JME2207FN Hotkey Driver (HKLM-x32\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)
MediaHuman Audio Converter version 1.9.5.2 (HKLM-x32\...\MHAudioConverter_is1) (Version: 1.9.5.2 - MediaHuman)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.6.140.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 3.0 (HKLM-x32\...\{BCB4C18A-ACA6-4383-8688-E19933A705DD}) (Version: 3.0.1325.4 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mp3tag v2.72 (HKLM-x32\...\Mp3tag) (Version: v2.72 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4SP2 (HKLM-x32\...\{451BB54C-8B23-4455-8BDC-14FC7D43E056}) (Version: 1.00.0000 - Logiciel Dr Tax Software Inc.)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.315.0 - Tracker Software Products Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30095 - Realtek Semiconductor Corp.)
Soap 3.0 Toolkit (HKLM-x32\...\{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}) (Version: 1.00.0000 - Your Company Name)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 31.3.22220 - Sonos, Inc.)
TP-LINK Wireless Client Utility (HKLM-x32\...\{1E58B969-9BB4-4012-8D8B-D06005D1CD24}) (Version: 7.0 - TP-LINK)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
UFile 2012 (HKLM-x32\...\{AF54F043-62F9-47AB-A2B2-795CD1EA4C56}) (Version: 16.21.0000 - Logiciel Dr Tax Software Inc.)
UFile 2013 (HKLM-x32\...\{D3D79DA4-68EA-450F-A916-0E854CA30984}) (Version: 17.20.0000 - Thomson Reuters DT Tax and Accounting Inc.)
UFile 2014 (HKLM-x32\...\{BAF69D89-5F75-4872-8389-74157F5E3087}) (Version: 18.20.0000 - Thomson Reuters DT Tax and Accounting Inc.)
UFile Updater 2012 (HKLM-x32\...\{EBD3E558-C070-474B-9CC5-CBCA7147EB25}) (Version: 8.01.0000 - Logiciel Dr Tax Software Inc.)
UFile Updater 2013 (HKLM-x32\...\{B37F0361-9323-44F6-83DD-FCA9390F5712}) (Version: 9.01.0000 - Thomson Reuters DT Tax and Accounting Inc.)
UFile Updater 2014 (HKLM-x32\...\{85DEECC9-38D1-4BA9-A8DD-09282CFB97C8}) (Version: 10.12.0010 - Thomson Reuters DT Tax and Accounting Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07860F5E-A9E8-41BC-A5A0-0E164DF135F3} - System32\Tasks\Games\UpdateCheck_S-1-5-21-606387608-774257337-4196163694-1001
Task: {09BFD008-A955-4362-B464-2DD5C32267A0} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2014-01-07] (Hewlett Packard)
Task: {1393150B-ED13-4ED5-A2D4-8AF834832573} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
Task: {247DD265-D665-4630-AA96-FDF4A81F0927} - System32\Tasks\{50726633-BBFD-40CA-9B02-788DF9BEE5FC} => pcalua.exe -a D:\setup.exe -d D:\
Task: {344391BE-FDE7-4C9F-9258-48C9193BD0C2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {420BCBB1-A9B9-4F91-8DBD-8F294B637007} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4985C1D3-4CD4-4735-80E8-843E7811ABE4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {58D56142-7D31-46A5-BA16-7131A5C48064} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {7A57AEB8-B1AC-4CBD-BCA5-08973F5685B4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
Task: {8E39112E-DF16-4CA0-AD08-A16BA72DC0DC} - System32\Tasks\{47BDB568-536A-4725-92DD-163DE3D68546} => pcalua.exe -a C:\Users\Lennox\Downloads\coreaacSetup.exe -d C:\Users\Lennox\Downloads
Task: {9A326682-DD84-4B10-AB49-D017D047F815} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C5B6CC65-626A-4D1A-AC6D-9D9034AC8B6C} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {C77AF2EB-0468-4481-93D9-930DC442FB59} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-09-10] (Microsoft)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {EDBF35B2-D294-46AF-ABEC-7C97D4A65CE7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {F899A47F-BC71-4E81-8B2E-2F750ED50707} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-05-11 13:01 - 2010-05-13 22:48 - 00192512 ____N () C:\windows\System32\zlhp1020.dll
2012-05-11 13:01 - 2012-09-18 15:27 - 00065024 _____ () C:\windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-19 05:22 - 2010-11-11 23:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-01-15 20:57 - 2016-01-15 20:57 - 00365056 _____ () C:\Users\Lennox\AppData\Roaming\lxowkhe45.exe
2014-07-23 05:35 - 2014-02-13 14:37 - 00254024 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-01-15 20:57 - 2016-01-15 20:57 - 00862208 _____ () C:\Users\Lennox\AppData\Local\Obdics\qgpwijmj.dll
2011-01-17 19:17 - 2009-07-16 12:20 - 00032768 _____ () C:\Program Files (x86)\jmesoft\Keyhook.dll
2011-01-17 19:17 - 2007-12-31 13:27 - 00007168 _____ () C:\Program Files (x86)\jmesoft\VistaVolume.dll
2014-07-23 05:35 - 2014-02-13 14:27 - 00222792 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\traynet.dll
2014-07-23 05:35 - 2014-02-13 14:27 - 00275528 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\libcurl.dll
2014-07-23 05:35 - 2014-02-13 14:27 - 00113166 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\zlib1.dll
2014-07-23 05:35 - 2014-02-13 14:27 - 00249928 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\uexper.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Lennox\Local Settings:init
AlternateDataStreams: C:\Users\Lennox\AppData\Local:init
AlternateDataStreams: C:\Users\Lennox\AppData\Local\Application Data:init

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-606387608-774257337-4196163694-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 64.140.114.21 - 64.140.114.22
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AquaSoft DesktopKalender => "C:\Users\Lennox\DOWNLO~1\-20CB0~1\2013-B~1.EXE" "-p|PhotoKalender.ads" "-t|Gebuersteter Stahl.pwt"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0D8E61D4-9911-4E01-B00A-FB38D42B6616}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{8983B11A-F0B7-4E94-9A5C-169165937C05}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FAE90B17-2BEC-480A-81BB-823D24D034AE}] => (Allow) svchost.exe
FirewallRules: [{72C91B50-D5EE-44A7-8F16-21BD6617C404}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{47CBCFA5-C928-4AF6-8856-78A24EF9F7D0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{96391BCE-97C3-4BA7-A5A0-582B9B730F5A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{71BF86EF-1EB3-4F87-BF6E-E5AA3EAED5F7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{31672717-07DB-438B-8733-A89A35DC1F10}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{42B51B78-C28B-4F26-B23E-1B5E1B95F8D0}] => (Allow) C:\Users\Lennox\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{45263FFE-08F8-4470-B506-DB66307D380E}] => (Allow) C:\Users\Lennox\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{659DDCA4-F605-40B9-8470-7E32644BF480}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe
FirewallRules: [{4D873077-006E-47D2-BDD5-6CA2019EEAD7}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe
FirewallRules: [{5D921B04-191E-4E79-826F-AFC2B82687D2}] => (Allow) C:\Users\Lennox\Downloads\uTorrent_3.4_build_30635.exe
FirewallRules: [{23F209C6-8990-4B49-8C05-ADABE767EC9E}] => (Allow) C:\Users\Lennox\Downloads\uTorrent_3.4_build_30635.exe
FirewallRules: [{74625007-A671-421F-820F-D6E2AFCE2F8E}] => (Allow) C:\Users\Lennox\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{62D94C88-1305-4BB7-AB12-143E58F59AE2}] => (Allow) C:\Users\Lennox\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{641071CB-D3E7-4D1F-915B-53FC937DEC3E}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{68128DD4-BBCA-4104-B4FE-8F62D7C1023C}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{EC82D585-B58B-4AD8-BDF9-E6053C74507C}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro M201-M202\bin\EWSProxy.exe
FirewallRules: [{0AB2B055-29EE-443D-8469-610678026A6A}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro M201-M202\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{24FA13C6-DBFB-446B-9B1B-993B1EEEF7C3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4DABB42A-F3A7-4C06-8850-08ABA1BABB02}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{48A66E2D-D704-46F4-B38B-4BFCFD3E46BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{77E88FF3-4B38-4B68-843D-97CCE37D6624}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B79ED354-865F-4B2F-92B9-D59F3C76D897}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{EB4D02D9-D6FF-4F0D-B04E-54DBF3361430}] => (Allow) C:\Users\Lennox\Desktop\avc-free-69969525.exe
FirewallRules: [{C03406A0-7070-41BF-8BCB-1159608B63F1}] => (Allow) C:\Users\Lennox\Desktop\avc-free-69969525.exe
FirewallRules: [TCP Query User{D8B60D2D-44D3-4CCF-984C-E7F794955D9E}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{1ECF56E5-D950-4C7B-AEDB-4726AC9EAAF7}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [TCP Query User{A600A23F-D272-418D-942A-9261364682B9}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{05964E14-8B2B-48AC-8B5C-D61777BEAE89}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [TCP Query User{8287EB5C-98D0-45B6-88FE-69EAD19EA3A2}C:\windows\syswow64\svchost.exe] => (Block) C:\windows\syswow64\svchost.exe
FirewallRules: [UDP Query User{0E59E144-A954-4EE1-BBC9-75348B28BE54}C:\windows\syswow64\svchost.exe] => (Block) C:\windows\syswow64\svchost.exe
FirewallRules: [TCP Query User{FB08EE46-7EC3-48C2-82FA-61A6B58E1288}C:\windows\syswow64\svchost.exe] => (Block) C:\windows\syswow64\svchost.exe
FirewallRules: [UDP Query User{F8633F15-B4EC-4B13-99B7-0F9C12D5778E}C:\windows\syswow64\svchost.exe] => (Block) C:\windows\syswow64\svchost.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2016 09:55:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EXCEL.EXE, version: 12.0.6742.5000, time stamp: 0x567b1cb4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00a7fee4
Faulting process id: 0x22e4
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3

Error: (01/15/2016 06:34:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GOM.EXE version 2.2.76.5239 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b30

Start Time: 01d14fece2c4afbc

Termination Time: 17

Application Path: C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE

Report Id: 70d0b65e-bbe0-11e5-8759-1078d2ca0f83

Error: (01/15/2016 05:53:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18163, time stamp: 0x5605a124
Faulting module name: ntdll.dll, version: 6.1.7601.19110, time stamp: 0x5684255b
Exception code: 0x80000003
Fault offset: 0x00056956
Faulting process id: 0xf40
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (01/15/2016 01:26:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18163, time stamp: 0x566c4c47
Faulting module name: mshtml.DLL, version: 11.0.9600.18163, time stamp: 0x566c60fb
Exception code: 0xc0000005
Fault offset: 0x002458e3
Faulting process id: 0x15bc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/13/2016 12:50:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18163, time stamp: 0x566c4c47
Faulting module name: Flash32_19_0_0_226.ocx, version: 19.0.0.226, time stamp: 0x561f2c93
Exception code: 0xc0000005
Fault offset: 0x006897f5
Faulting process id: 0x10c8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/12/2016 08:01:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 70c

Start Time: 01d14d950b5aac9e

Termination Time: 30

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 32e9d074-b991-11e5-90d6-1078d2ca0f83

Error: (01/12/2016 06:10:08 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (01/11/2016 06:00:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000000013df00
Faulting process id: 0x508
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (01/08/2016 12:11:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 3.4.5.41372 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 820

Start Time: 01d147d0264849df

Termination Time: 40

Application Path: C:\Users\Lennox\AppData\Roaming\uTorrent\uTorrent.exe

Report Id: d242e4ac-b62a-11e5-a7f6-1078d2ca0f83

Error: (01/07/2016 10:23:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d4c

Start Time: 01d1494a83192dff

Termination Time: 70

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

System errors:
=============
Error: (01/16/2016 12:22:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0002DF01-0000-0000-C000-000000000046}

Error: (01/16/2016 11:33:50 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (01/16/2016 11:31:20 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.

Error: (01/16/2016 11:26:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PxHlpa64

Error: (01/16/2016 11:26:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (01/16/2016 11:26:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP LaserJet Service service failed to start due to the following error:
%%1053

Error: (01/16/2016 11:26:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP LaserJet Service service to connect.

Error: (01/16/2016 11:25:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053

Error: (01/16/2016 11:25:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

Error: (01/16/2016 11:23:04 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

CodeIntegrity:
===================================
  Date: 2014-02-05 00:31:17.830
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-05 00:31:17.830
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-05 00:31:17.830
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-05 00:31:17.814
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-05 00:31:17.814
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-05 00:31:17.814
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-04 00:31:00.466
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-04 00:31:00.466
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-04 00:31:00.456
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-04 00:31:00.446
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 29%
Total physical RAM: 8040.43 MB
Available physical RAM: 5642.27 MB
Total Virtual: 16079.06 MB
Available Virtual: 12344.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.34 GB) (Free:284.38 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A4E6029F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
Valinorum
Posted 16 January 2016 - 12:19 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi Savageone, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process and so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest you any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 

You have been infected by one of the recent variants of the TelsaCrypt ransomware. We can remove the malware from your system but there is presently no way to recover your encrypted file. There is an ongoing research regarding this ransomware encryption and I would advise you to follow this to track if a decryption system has been released.


 
  • Step #1 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
C:\Users\Lennox\AppData\Roaming\lxowkhe45.exe
C:\Users\Lennox\AppData\Local\Obdics\TMP94A5.exe
HKLM\...\Run: [Utility Chest Home Page Guard 64 bit] => "C:\PROGRA~2\UTILIT~2\bar\1.bin\AppIntegrator64.exe"
C:\PROGRA~2\UTILIT~2\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [Utility Chest Search Scope Monitor] => "C:\PROGRA~2\UTILIT~2\bar\1.bin\49srchmn.exe" /m=2 /w /h
C:\PROGRA~2\UTILIT~2\bar
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-606387608-774257337-4196163694-1001\...\Run: [deveWNet] => C:\Users\Lennox\AppData\Roaming\d3d8olcy\bitstcfg.exe
HKU\S-1-5-21-606387608-774257337-4196163694-1001\...\Run: [Deviient] => C:\Users\Lennox\AppData\Roaming\d3d8ssdo\bitshtui.exe [523266 2016-01-13] ()
HKU\S-1-5-21-606387608-774257337-4196163694-1001\...\Run: [meryHmas] => C:\Users\Lennox\AppData\Roaming\lxowkhe45.exe [365056 2016-01-15] ()
HKU\S-1-5-21-606387608-774257337-4196163694-1001\...\Run: [Obdics] => C:\Users\Lennox\AppData\Local\Obdics\TMP94A5.exe [94208 2016-01-15] (Soft STA,)
HKU\S-1-5-21-606387608-774257337-4196163694-1001\...\Run: [Emtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Lennox\AppData\Local\Obdics\qgpwijmj.dll
C:\Users\Lennox\AppData\Local\Obdics\
Startup: C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+klh.html [2016-01-16] ()
Startup: C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+klh.txt [2016-01-16] ()
Startup: C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+qjr.html [2016-01-16] ()
Startup: C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+qjr.txt [2016-01-16] ()
cmd: bitsadmin /reset /allusers
End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #2 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click on mbam-setup-version-number.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
      • Navigate to the Settings tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Required Log(s):
    • FRST Fix Log
    • Malwarebytes' Anti-Malware Log
Regards,
Valinorum
  • 0

#3
Savageone
Posted 16 January 2016 - 06:05 PM

Savageone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Okay, here are the two logs:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Lennox (2016-01-16 15:59:03) Run:1
Running from C:\Users\Lennox\Desktop
Loaded Profiles: Lennox (Available Profiles: Lennox)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
C:\Users\Lennox\AppData\Roaming\lxowkhe45.exe
C:\Users\Lennox\AppData\Local\Obdics\TMP94A5.exe
HKLM\...\Run: [Utility Chest Home Page Guard 64 bit] => "C:\PROGRA~2\UTILIT~2\bar\1.bin\AppIntegrator64.exe"
C:\PROGRA~2\UTILIT~2\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [Utility Chest Search Scope Monitor] => "C:\PROGRA~2\UTILIT~2\bar\1.bin\49srchmn.exe" /m=2 /w /h
C:\PROGRA~2\UTILIT~2\bar
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-606387608-774257337-4196163694-1001\...\Run: [deveWNet] => C:\Users\Lennox\AppData\Roaming\d3d8olcy\bitstcfg.exe
HKU\S-1-5-21-606387608-774257337-4196163694-1001\...\Run: [Deviient] => C:\Users\Lennox\AppData\Roaming\d3d8ssdo\bitshtui.exe [523266 2016-01-13] ()
HKU\S-1-5-21-606387608-774257337-4196163694-1001\...\Run: [meryHmas] => C:\Users\Lennox\AppData\Roaming\lxowkhe45.exe [365056 2016-01-15] ()
HKU\S-1-5-21-606387608-774257337-4196163694-1001\...\Run: [Obdics] => C:\Users\Lennox\AppData\Local\Obdics\TMP94A5.exe [94208 2016-01-15] (Soft STA,)
HKU\S-1-5-21-606387608-774257337-4196163694-1001\...\Run: [Emtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Lennox\AppData\Local\Obdics\qgpwijmj.dll
C:\Users\Lennox\AppData\Local\Obdics\
Startup: C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+klh.html [2016-01-16] ()
Startup: C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+klh.txt [2016-01-16] ()
Startup: C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+qjr.html [2016-01-16] ()
Startup: C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+qjr.txt [2016-01-16] ()
cmd: bitsadmin /reset /allusers
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\Lennox\AppData\Roaming\lxowkhe45.exe => moved successfully
C:\Users\Lennox\AppData\Local\Obdics\TMP94A5.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Utility Chest Home Page Guard 64 bit => value removed successfully
"C:\PROGRA~2\UTILIT~2\bar\1.bin\AppIntegrator64.exe" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Utility Chest Search Scope Monitor => value removed successfully
"C:\PROGRA~2\UTILIT~2\bar" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-606387608-774257337-4196163694-1001\Software\Microsoft\Windows\CurrentVersion\Run\\deveWNet => value removed successfully
HKU\S-1-5-21-606387608-774257337-4196163694-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Deviient => value removed successfully
HKU\S-1-5-21-606387608-774257337-4196163694-1001\Software\Microsoft\Windows\CurrentVersion\Run\\meryHmas => value removed successfully
HKU\S-1-5-21-606387608-774257337-4196163694-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Obdics => value removed successfully
HKU\S-1-5-21-606387608-774257337-4196163694-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Emtion => value removed successfully
C:\Users\Lennox\AppData\Local\Obdics => moved successfully
C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+klh.html => moved successfully
C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+klh.txt => moved successfully
C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+qjr.html => moved successfully
C:\Users\Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\help_recover_instructions+qjr.txt => moved successfully

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 26.6 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 17:23:28 ====

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/16/2016
Scan Time: 6:02 PM
Logfile: MalawareScanLog.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.16.05
Rootkit Database: v2016.01.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lennox

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 395153
Time Elapsed: 46 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Trojan.Agent.Gen, HKU\S-1-5-21-606387608-774257337-4196163694-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MSConfig, "C:\Users\Lennox\otsvmaef.exe", Quarantined, [4411bb7fedac43f3c604c8c1f60d4cb4]

Registry Data: 0
(No malicious items detected)

Folders: 1
Trojan.Clicker.FMS, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}, Delete-on-Reboot, [7cd9bc7ec6d382b4ffc07c1dc939e51b],

Files: 3
Trojan.Downloader, C:\Users\Lennox\AppData\Roaming\d3d8ssdo\bitshtui.exe, Quarantined, [5ef72f0b1d7c6acccccb398add2404fc],
Rootkit.ADS, c:\Users\Lennox\AppData\local:init, Quarantined, [6ee7f347c8d144f25ecf366b19ea5aa6],
Trojan.Agent.Gen, C:\Users\Lennox\otsvmaef.exe, Quarantined, [4411bb7fedac43f3c604c8c1f60d4cb4],

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#4
Valinorum
Posted 17 January 2016 - 07:46 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
  • Step #3 Run Malwarebytes' Anti-Rootkit
    Please download Malwarebytes Anti-Rootkit from here and extract the content to your Desktop.
    • Update the program if asked.
    • In the Scan System option check all the boxes and click on Scan.
    • Click on Cleanup button after the scan and wait patiently. Reboot the computer if asked.
    • After the clean-up process; locate two logs in the mbar folder namely--
      • mbar-log.txt; and
      • system-log.txt
    • Copy and paste the contents of the log in your next reply.
 
  • Step #4 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Check the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 
  • Required Log(s):
    • Malwarebytes' Anti-Rootkit Log
      [*}ESET Log
Regards,
Valinorum
  • 0

#5
Savageone
Posted 17 January 2016 - 05:10 PM

Savageone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Logs:

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.01.17.02
  rootkit: v2016.01.09.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18163
Lennox :: LENNOX-PC [administrator]

1/17/2016 8:56:36 AM
mbar-log-2016-01-17 (08-56-36).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 324757
Time elapsed: 1 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18163

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.093000 GHz
Memory total: 8430997504, free: 5656211456

Downloaded database version: v2016.01.17.02
Downloaded database version: v2016.01.09.01
Downloaded database version: v2016.01.14.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     01/17/2016 08:56:26
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\nvalgl.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\RtsUStor.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imagehlp.dll
\Windows\System32\wininet.dll
\Windows\System32\urlmon.dll
\Windows\System32\difxapi.dll
\Windows\System32\ole32.dll
\Windows\System32\advapi32.dll
\Windows\System32\shell32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\comdlg32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msctf.dll
\Windows\System32\lpk.dll
\Windows\System32\usp10.dll
\Windows\System32\nsi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\imm32.dll
\Windows\System32\psapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\user32.dll
\Windows\System32\normaliz.dll
\Windows\System32\setupapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\kernel32.dll
\Windows\System32\gdi32.dll
\Windows\System32\sechost.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2016.01.17.02
  rootkit: v2016.01.09.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007e34060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007e34b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007e34060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80077ee520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007769680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
The directory C:\WINDOWS\SYSTEM32\drivers seems inaccessible or encrypted.
Drivers scan is aborted.
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A4E6029F

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 1900734464
    Partition is bootable
    Partition file system is NTFS

    Partition 2 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1900941312  Numsec = 52583856
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-1900941312-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished


  • 0

#6
Savageone
Posted 17 January 2016 - 05:15 PM

Savageone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

ESET file won't let me copy and paste, so I've attached it.

Attached Files

  • Attached File  log.txt   3.68MB   273 downloads

  • 0

#7
Valinorum
Posted 17 January 2016 - 08:51 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Log looks good. How is your system running?
  • 0

#8
Savageone
Posted 17 January 2016 - 10:51 PM

Savageone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

It's running well....but what about all the threats in the ESET scan? There was no step after attaching the log...should these be quarantined or deleted?


  • 0

#9
Valinorum
Posted 17 January 2016 - 10:59 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
They have been quarantined. They are actually the harmless part of the Ransomware. You may keep the encrypted file if you wish and follow the thread I linked you on my first post so that (if a decrypter is released) you may decrypt them. Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.

 

♣ Removal of Tools and Quarantined Files ♣


 

Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.
  • Cleanup with Delfix
    Please download DelFix by Xplode to your Desktop.
    Download Link
    • Double-click to run the program;
      • Note: Windows Vista/7/8 users right-click and choose Run as administrator
    • Make sure that all the boxes are checked;
    • Click Run;
    • A log will be opened after the operation is finished;
    • Copy and Paste it in your next reply
 

♣ Prevention and Future Guidelines ♣


 

Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.
  • Keep Windows up-to-date.
    It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.
  • Run antivirus software and keep it up-to-date, too.
    Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!
  • Keep your web browser plugins and other programs updated also.
    This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

    A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.

    No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

    Download NoSript by Giorgio Maone.

    Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.
  • Watch out for new threat named CryptoLocker
    CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.
    How to prevent your computer from becoming infected by CryptoLocker.
  • And last of all, surf smart.
    It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article How Did I Get Infected in the First Place? and Keep Your Computer Safe Online.

Regards,
Valinorum
  • 0

#10
Savageone
Posted 19 January 2016 - 09:17 AM

Savageone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Thanks, here is the Delfix log:

 

# DelFix v1.011 - Logfile created 19/01/2016 at 10:09:44
# Updated 18/08/2015 by Xplode
# Username : Lennox - LENNOX-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Lennox\Desktop\mbar
Deleted : C:\Users\Lennox\Desktop\adwcleaner_5.029.exe
Deleted : C:\Users\Lennox\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Lennox\Desktop\Fixlog.txt
Deleted : C:\Users\Lennox\Desktop\FRST64.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

 

Also, this ransomware threw the following "message" files everywhere in my various folders...what's the best way to find and get rid of them all?

 

help_recover_instructions+klh.html

help_recover_instructions+omq.html

help_recover_instructions+qjr.html


  • 0

#11
Valinorum
Posted 19 January 2016 - 09:21 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Try to run another scan with ESET and check if they are taken down. I'd suggest keeping at least one if they are needed for future decryption.

Regards,
Valinorum
  • 0

#12
Valinorum
Posted 21 January 2016 - 08:38 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP