Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Corona Borealis malware infection. Plz halp.


  • This topic is locked This topic is locked

#1
chrisdee

chrisdee

    New Member

  • Member
  • Pip
  • 8 posts

Hi all, my mum's pc has become infected with a malicious and virulent malware that calls itself corona borealis. It may have come via a copy of daemon tools, although I can't be certain of that.

 

It essentially hijacks the browser, filling each page with ads, popups or just sending it to another page. It also changes any links to reroute to its own pages. 

 

We have kaspersky anti-virus, which seems incapable of detecting or removing the virus. I spoke to their customer support team who helped me increase the scan sensitivity but still no luck. I've uninstalled any program downloaded in the last week and have followed some online tutorials aimed at removing the virus, which mostly involved uninstalling the program and resetting the browser settings, but this hasn't worked.

 

Any help would be hugely appreciated!!

 

 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016

Ran by Dad D (administrator) on WSW262 (18-02-2016 13:04:56)
Running from C:\Users\Dad D\Desktop
Loaded Profiles: UpdatusUser & Dad D (Available Profiles: UpdatusUser & Dad D)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(                                                                                                    ) C:\Windows\Temp\mrt388C.tmp\stdrt.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(                                                            ) C:\Windows\Temp\nsp7D4B.tmp\hwmonitor_1.28\hwmonitor_1.28.exe
() C:\Windows\Temp\is-I2IOR.tmp\hwmonitor_1.28.tmp
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(RayDl) C:\Program Files (x86)\RayDld\ihpmServer.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1612880 2010-01-27] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-21] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2472048 2012-07-04] (VIA)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-04-28] (Samsung Electronics Co., Ltd.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\...\MountPoints2: {0dab255d-d467-11e5-b03c-e0cb4ed67335} - D:\setup.exe
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL => No File
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~2.dll => No File
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll [2015-04-05] ()
Startup: C:\Users\Dad D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-11-18]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 198.142.0.51 211.29.132.12 198.142.235.14
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{ABBCF719-9030-4214-A6FC-26F124D73A6F}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{ABBCF719-9030-4214-A6FC-26F124D73A6F}: [DhcpNameServer] 198.142.0.51 211.29.132.12 198.142.235.14
 
Internet Explorer:
==================
HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.theage.com.au/
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-3199717442-3386205327-3011415108-1008 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com.au/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3199717442-3386205327-3011415108-1008 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-3199717442-3386205327-3011415108-1008 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3199717442-3386205327-3011415108-1008 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com.au/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3199717442-3386205327-3011415108-1008 -> {9AC709F8-DAF6-4754-B30B-0EB9F5B8B72F} URL = hxxp://www.guard-search.com/Results.aspx?gd=GB1000094&ctid=&octid=EB_ORIGINAL_CTID&ISID=E71395CF-65A4-4EED-9D93-422B3A01C9E9&SearchSource=58&CUI=SB_CUI&UM=8&UP=ED932CFA-F38E-4057-8ADF-930507335642&D=IN_DA&q={searchTerms}&SSPV=GB10A
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-16] (AO Kaspersky Lab)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-11-16] (AO Kaspersky Lab)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-16] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-11-16] (AO Kaspersky Lab)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2012-07-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-12-01]
 
Chrome: 
=======
CHR Profile: C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-25]
CHR Extension: (Google Docs) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-25]
CHR Extension: (Google Drive) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Kaspersky Protection) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-11-16]
CHR Extension: (Google Sheets) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-25]
CHR Extension: (Google Docs Offline) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (Skype) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
CHR Extension: (Gmail) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Profile: C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Profile: C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-17]
CHR Extension: (Google Drive) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17]
CHR Extension: (YouTube) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-17]
CHR Extension: (Google Search) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17]
CHR Extension: (Kaspersky Protection) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-17]
CHR Extension: (Gmail) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-17]
CHR Profile: C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-17]
CHR Extension: (Google Docs) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-17]
CHR Extension: (Google Drive) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17]
CHR Extension: (YouTube) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-17]
CHR Extension: (Google Search) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17]
CHR Extension: (Kaspersky Protection) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-02-17]
CHR Extension: (Google Sheets) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-17]
CHR Extension: (Gmail) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-17]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Adobe Licensing Console; C:\Windows\SysWOW64\lnsecsl.exe [1203634 2016-02-16] (                                                                                                    ) [File not signed] <==== ATTENTION
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-11-16] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [264944 2016-02-03] (RayDl)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-11-16] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-11-16] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [940928 2015-12-01] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-11-16] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 akshasp; \SystemRoot\system32\drivers\akshasp.sys [X]
S3 akshhl; \SystemRoot\system32\drivers\akshhl.sys [X]
S3 akspccard; \SystemRoot\system32\drivers\akspccard.sys [X]
S3 aksusb; \SystemRoot\system32\drivers\aksusb.sys [X]
S1 Teefer3; system32\DRIVERS\Teefer3.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-18 13:04 - 2016-02-18 13:05 - 00021474 _____ C:\Users\Dad D\Desktop\FRST.txt
2016-02-18 13:04 - 2016-02-18 13:04 - 00000399 _____ C:\Windows\SysWOW64\x86detect.bat
2016-02-18 13:04 - 2016-02-18 13:04 - 00000000 ____D C:\FRST
2016-02-18 13:04 - 2016-02-18 13:00 - 02371072 _____ (Farbar) C:\Users\Dad D\Desktop\FRST64.exe
2016-02-18 11:36 - 2016-02-18 11:37 - 00002632 _____ C:\Windows\SysWOW64\soft.exe
2016-02-18 11:26 - 2016-02-18 11:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-02-18 11:26 - 2016-02-18 11:26 - 00000000 ____D C:\Program Files\CPUID
2016-02-17 14:53 - 2016-02-17 14:54 - 00001648 _____ C:\Windows\SysWOW64\apply.reg
2016-02-17 13:16 - 2016-02-17 14:59 - 00003224 _____ C:\Windows\System32\Tasks\GridinSoft Anti-Malware
2016-02-17 13:15 - 2016-02-17 13:15 - 00000000 ____D C:\ProgramData\GridinSoft
2016-02-17 13:13 - 2016-02-17 13:13 - 01104336 _____ C:\Users\Dad D\Downloads\gsam2S.exe
2016-02-17 13:07 - 2016-02-17 15:05 - 00002259 _____ C:\Users\Dad D\Desktop\Google Chrome.lnk
2016-02-17 12:41 - 2016-02-17 12:41 - 00954546 _____ C:\Users\Dad D\Downloads\download (1).htm
2016-02-16 15:48 - 2016-02-16 15:48 - 00000000 ____D C:\Program Files (x86)\Firewatch
2016-02-16 15:35 - 2016-02-17 13:02 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2016-02-16 15:35 - 2016-02-16 15:35 - 01710680 _____ C:\Users\Dad D\Downloads\SetupVirtualCloneDrive5500.exe
2016-02-16 15:26 - 2016-02-16 15:26 - 00000040 ___SH C:\ProgramData\.zreglib
2016-02-16 15:25 - 2016-02-16 15:36 - 00000000 ____D C:\Program Files (x86)\SlySoft
2016-02-16 15:25 - 2016-02-16 15:25 - 00000000 ____D C:\ProgramData\SlySoft
2016-02-16 15:24 - 2016-02-16 15:25 - 12682504 _____ C:\Users\Dad D\Downloads\SetupAnyDVD7690.exe
2016-02-16 14:44 - 2016-02-16 14:44 - 00000000 _____ C:\Windows\SysWOW64\x64.txt
2016-02-16 14:39 - 2016-02-16 14:47 - 00000000 ____D C:\Users\Dad D\AppData\Local\TrailerTime
2016-02-16 14:39 - 2016-02-16 14:39 - 00000000 ____D C:\Program Files (x86)\RayDld
2016-02-16 14:38 - 2016-02-17 01:39 - 00000000 ____D C:\Users\Dad D\AppData\Roaming\ElujpOjax
2016-02-16 14:38 - 2016-02-16 14:39 - 00000000 ____D C:\Users\Dad D\AppData\Local\Tempfolder
2016-02-16 14:38 - 2016-02-16 14:38 - 01203634 _____ ( ) C:\Windows\SysWOW64\lnsecsl.exe
2016-02-16 14:38 - 2016-02-16 14:38 - 00003338 _____ C:\Windows\System32\Tasks\Xegxi
2016-02-16 14:38 - 2016-02-16 14:38 - 00000000 ____D C:\Windows\system32\kenz
2016-02-16 14:38 - 2016-02-16 14:38 - 00000000 ____D C:\Users\Dad D\AppData\LocalLow\Company
2016-02-16 14:38 - 2016-02-16 14:38 - 00000000 ____D C:\Users\Dad D\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-02-16 14:38 - 2016-02-16 14:38 - 00000000 ____D C:\uninst
2016-02-16 14:37 - 2016-02-16 14:37 - 00000000 ____D C:\Users\Dad D\AppData\Roaming\DAEMON Tools Lite
2016-02-16 14:36 - 2016-02-16 14:36 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-02-16 12:12 - 2016-02-16 12:15 - 00000000 ____D C:\Users\Dad D\Desktop\Firewatch-CODEX
2016-02-16 12:10 - 2016-02-16 12:25 - 00000000 ____D C:\Users\Dad D\Desktop\Bone.Tomahawk.2015.BRRip.XviD.AC3-EVO
2016-02-11 12:39 - 2016-02-06 21:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-11 12:39 - 2016-02-06 21:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-11 12:39 - 2016-02-06 21:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-11 12:39 - 2016-02-06 21:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-11 12:39 - 2016-02-06 21:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-11 12:39 - 2016-02-06 21:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-11 12:39 - 2016-02-06 20:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-11 12:39 - 2016-02-06 20:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-11 12:39 - 2016-02-06 20:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-11 12:39 - 2016-02-06 20:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-11 12:39 - 2016-02-06 20:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-11 12:39 - 2016-02-06 20:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-11 12:39 - 2016-02-06 20:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-11 12:39 - 2016-02-06 19:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-11 12:39 - 2016-01-23 07:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-11 12:39 - 2016-01-23 07:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-11 12:39 - 2016-01-22 17:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-11 12:39 - 2016-01-22 17:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-11 12:39 - 2016-01-22 17:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-11 12:39 - 2016-01-22 17:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-11 12:39 - 2016-01-22 17:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-11 12:39 - 2016-01-22 17:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-11 12:39 - 2016-01-22 17:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-11 12:39 - 2016-01-22 17:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-11 12:39 - 2016-01-22 17:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-11 12:39 - 2016-01-22 17:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-11 12:39 - 2016-01-22 17:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-11 12:39 - 2016-01-22 17:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-11 12:39 - 2016-01-22 17:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-11 12:39 - 2016-01-22 17:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-11 12:39 - 2016-01-22 17:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-11 12:39 - 2016-01-22 17:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-11 12:39 - 2016-01-22 17:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-11 12:39 - 2016-01-22 17:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-11 12:39 - 2016-01-22 16:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-11 12:39 - 2016-01-22 16:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-11 12:39 - 2016-01-22 16:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-11 12:39 - 2016-01-22 16:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-11 12:39 - 2016-01-22 16:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-11 12:39 - 2016-01-22 16:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-11 12:39 - 2016-01-22 16:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-11 12:39 - 2016-01-22 16:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-11 12:39 - 2016-01-22 16:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-11 12:39 - 2016-01-22 16:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-11 12:39 - 2016-01-22 16:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-11 12:39 - 2016-01-22 16:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-11 12:39 - 2016-01-22 16:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-11 12:39 - 2016-01-22 16:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-11 12:39 - 2016-01-22 16:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-11 12:39 - 2016-01-22 16:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-11 12:39 - 2016-01-22 16:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-11 12:39 - 2016-01-22 16:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-11 12:39 - 2016-01-22 16:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-11 12:39 - 2016-01-22 16:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-11 12:39 - 2016-01-22 16:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-11 12:39 - 2016-01-22 16:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-11 12:38 - 2016-01-22 17:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-11 12:38 - 2016-01-22 17:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-11 12:38 - 2016-01-22 17:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-11 12:38 - 2016-01-22 17:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-11 12:38 - 2016-01-22 17:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-11 12:38 - 2016-01-22 17:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-11 12:38 - 2016-01-22 17:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-11 12:38 - 2016-01-22 16:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-11 12:38 - 2016-01-22 16:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-11 12:38 - 2016-01-22 16:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-11 12:17 - 2016-01-17 06:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-11 12:17 - 2016-01-17 05:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-11 12:17 - 2016-01-12 01:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-11 12:17 - 2016-01-12 01:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-11 12:17 - 2016-01-12 01:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-11 12:17 - 2016-01-12 01:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-11 12:17 - 2016-01-12 01:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-11 12:17 - 2016-01-07 06:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-11 12:17 - 2016-01-07 06:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-11 12:17 - 2016-01-07 05:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-11 12:16 - 2016-01-22 17:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-11 12:16 - 2016-01-22 17:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-11 12:16 - 2016-01-22 17:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-11 12:16 - 2016-01-22 17:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-11 12:16 - 2016-01-22 17:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-11 12:16 - 2016-01-22 17:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-11 12:16 - 2016-01-22 17:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-11 12:16 - 2016-01-22 17:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-11 12:16 - 2016-01-22 17:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-11 12:16 - 2016-01-22 17:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-11 12:16 - 2016-01-22 17:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-11 12:16 - 2016-01-22 17:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-11 12:16 - 2016-01-22 17:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-11 12:16 - 2016-01-22 17:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-11 12:16 - 2016-01-22 17:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-11 12:16 - 2016-01-22 17:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-11 12:16 - 2016-01-22 17:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-11 12:16 - 2016-01-22 17:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-11 12:16 - 2016-01-22 17:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-11 12:16 - 2016-01-22 17:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-11 12:16 - 2016-01-22 17:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-11 12:16 - 2016-01-22 17:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-11 12:16 - 2016-01-22 17:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-11 12:16 - 2016-01-22 17:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-11 12:16 - 2016-01-22 17:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-11 12:16 - 2016-01-22 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-11 12:16 - 2016-01-22 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-11 12:16 - 2016-01-22 17:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-11 12:16 - 2016-01-22 17:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-11 12:16 - 2016-01-22 17:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-11 12:16 - 2016-01-22 17:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-11 12:16 - 2016-01-22 17:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-11 12:16 - 2016-01-22 17:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-11 12:16 - 2016-01-22 17:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-11 12:16 - 2016-01-22 17:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-11 12:16 - 2016-01-22 17:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-11 12:16 - 2016-01-22 17:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-11 12:16 - 2016-01-22 17:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-11 12:16 - 2016-01-22 17:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-11 12:16 - 2016-01-22 17:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-11 12:16 - 2016-01-22 17:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-11 12:16 - 2016-01-22 17:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-11 12:16 - 2016-01-22 17:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-11 12:16 - 2016-01-22 17:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-11 12:16 - 2016-01-22 17:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-11 12:16 - 2016-01-22 17:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-11 12:16 - 2016-01-22 17:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-11 12:16 - 2016-01-22 17:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-11 12:16 - 2016-01-22 17:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-11 12:16 - 2016-01-22 17:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-11 12:16 - 2016-01-22 17:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-11 12:16 - 2016-01-22 17:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-11 12:16 - 2016-01-22 17:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-11 12:16 - 2016-01-22 17:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-11 12:16 - 2016-01-22 17:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-11 12:16 - 2016-01-22 17:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-11 12:16 - 2016-01-22 17:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-11 12:16 - 2016-01-22 16:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-11 12:16 - 2016-01-22 16:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-11 12:16 - 2016-01-22 16:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-11 12:16 - 2016-01-22 16:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-11 12:16 - 2016-01-22 16:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-11 12:16 - 2016-01-22 15:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-11 12:16 - 2016-01-22 15:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-11 12:16 - 2016-01-22 15:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-11 12:16 - 2016-01-22 15:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-11 12:16 - 2016-01-22 15:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-11 12:16 - 2016-01-22 15:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-11 12:16 - 2016-01-22 15:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-11 12:16 - 2016-01-22 15:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-11 12:16 - 2016-01-22 15:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-11 12:16 - 2016-01-22 15:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-11 12:16 - 2016-01-22 15:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 15:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 15:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 15:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-11 12:16 - 2016-01-17 06:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-11 12:16 - 2016-01-17 05:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-11 12:16 - 2016-01-12 06:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-11 12:16 - 2016-01-12 06:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-11 12:16 - 2016-01-12 06:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-11 12:16 - 2016-01-12 05:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-11 12:16 - 2016-01-12 05:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-11 12:16 - 2016-01-12 05:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-11 12:16 - 2016-01-12 05:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-11 12:16 - 2016-01-12 05:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-11 12:16 - 2016-01-12 05:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-11 12:16 - 2016-01-12 05:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-11 12:16 - 2016-01-12 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-11 12:16 - 2016-01-12 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-11 12:16 - 2016-01-12 05:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-11 12:16 - 2016-01-12 05:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-11 12:16 - 2016-01-12 05:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-11 12:16 - 2016-01-12 05:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-11 12:16 - 2016-01-08 04:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-11 12:16 - 2016-01-08 04:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-11 12:16 - 2015-12-21 05:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-11 12:16 - 2015-12-21 05:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-11 12:16 - 2015-12-21 01:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-02 22:49 - 2016-02-02 22:49 - 00148516 _____ C:\Users\Dad D\Downloads\QF_Boarding_Pass_4ZKLPE_03FEB.pdf
2016-02-02 22:36 - 2016-02-02 22:56 - 00000000 ____D C:\Users\Dad D\Desktop\Kate and Dan do Japan
2016-02-02 22:35 - 2016-02-02 22:35 - 00344747 _____ C:\Users\Dad D\Downloads\Certificate of Insurance.pdf
2016-02-02 22:33 - 2016-02-02 22:33 - 00146823 _____ C:\Users\Dad D\Downloads\QF_Boarding_Pass_4Z2ZY6_03FEB.pdf
2016-01-27 11:44 - 2016-01-28 17:00 - 00016380 _____ C:\Users\Dad D\Desktop\Expenditure by Month.xlsx
2016-01-26 11:41 - 2016-01-26 11:41 - 00167052 _____ C:\Users\Dad D\Downloads\download.htm
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-18 13:00 - 2009-07-14 15:45 - 00021920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-18 13:00 - 2009-07-14 15:45 - 00021920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-18 12:42 - 2015-05-03 12:42 - 00005512 _____ C:\Windows\Tasks\e20aa047-a2ab-4905-b64f-21f07483fa4f-6.job
2016-02-18 12:41 - 2015-05-03 12:41 - 00002106 _____ C:\Windows\Tasks\e20aa047-a2ab-4905-b64f-21f07483fa4f-10_user.job
2016-02-18 12:36 - 2015-09-01 15:13 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e46c91b55e67.job
2016-02-18 11:58 - 2014-11-19 16:06 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-02-18 11:46 - 2015-05-03 12:41 - 00000974 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2016-02-18 11:46 - 2015-05-03 12:41 - 00000970 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2016-02-18 11:42 - 2015-05-03 12:42 - 00005176 _____ C:\Windows\Tasks\e20aa047-a2ab-4905-b64f-21f07483fa4f-7.job
2016-02-18 11:41 - 2015-05-03 12:41 - 00004152 _____ C:\Windows\Tasks\e20aa047-a2ab-4905-b64f-21f07483fa4f-3.job
2016-02-18 11:41 - 2009-07-14 16:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-18 11:41 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\inf
2016-02-18 11:36 - 2015-09-01 15:13 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e46c9198cde3.job
2016-02-18 11:36 - 2012-07-04 16:16 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-18 11:36 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-17 21:34 - 2014-12-10 17:10 - 00000000 ____D C:\Users\Dad D\Documents\Outlook Files
2016-02-17 15:18 - 2015-11-04 18:02 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-17 15:13 - 2012-07-04 17:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-02-17 13:02 - 2014-12-10 18:07 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-02-16 16:10 - 2014-11-19 17:14 - 00000717 _____ C:\Windows\WININIT.INI
2016-02-16 16:08 - 2012-07-04 16:16 - 00000000 ____D C:\Users\UpdatusUser
2016-02-16 14:58 - 2014-11-19 16:00 - 00000000 ____D C:\Users\Dad D\Documents\BitLord
2016-02-16 14:51 - 2014-11-17 17:02 - 00001429 _____ C:\Users\Dad D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-16 14:44 - 2012-07-04 16:39 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-02-16 14:41 - 2012-07-04 16:39 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-02-14 11:35 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\rescache
2016-02-14 10:58 - 2014-11-17 17:02 - 00000000 ___RD C:\Users\Dad D\Virtual Machines
2016-02-14 10:56 - 2014-12-11 13:08 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-14 10:56 - 2014-11-28 12:13 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-14 10:56 - 2011-04-12 19:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-14 10:56 - 2009-07-14 15:45 - 00919104 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-11 21:13 - 2014-04-22 14:50 - 00000000 ____D C:\Windows\system32\MRT
2016-02-11 21:04 - 2012-07-04 16:49 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-11 21:03 - 2009-07-14 13:34 - 00000580 _____ C:\Windows\win.ini
2016-02-02 22:31 - 2015-09-01 15:13 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0e46c91b55e67
2016-02-02 22:31 - 2015-09-01 15:13 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0e46c9198cde3
2016-01-26 18:01 - 2015-08-11 20:22 - 00000000 ____D C:\Users\Dad D\AppData\Local\Battle.net
2016-01-26 11:46 - 2015-08-11 20:30 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-01-26 11:31 - 2015-08-11 20:22 - 00000000 ____D C:\Program Files (x86)\Battle.net
 
==================== Files in the root of some directories =======
 
2014-11-19 16:00 - 2014-12-10 21:29 - 0000000 _____ () C:\Users\Dad D\AppData\Roaming\bitlord_log.txt
2014-12-10 21:30 - 2014-12-10 21:30 - 0000218 _____ () C:\Users\Dad D\AppData\Local\recently-used.xbel
2016-02-16 15:26 - 2016-02-16 15:26 - 0000040 ___SH () C:\ProgramData\.zreglib
2012-07-06 13:38 - 2012-07-06 13:38 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2012-07-06 15:55 - 2012-07-06 15:55 - 0000119 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2014-04-23 12:15 - 2014-04-23 12:15 - 0000105 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
 
Some files in TEMP:
====================
C:\Users\Dad D\AppData\Local\Temp\7za.exe
C:\Users\Dad D\AppData\Local\Temp\bitlord.exe
C:\Users\Dad D\AppData\Local\Temp\BitLordSetup.exe
C:\Users\Dad D\AppData\Local\Temp\DAEMON Tools Lite 10.1.0.74.exe
C:\Users\Dad D\AppData\Local\Temp\MediaPlayer__11728_il1069.exe
C:\Users\Dad D\AppData\Local\Temp\msconfig.exe
C:\Users\Dad D\AppData\Local\Temp\setdd.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-18 12:26
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by Dad D (2016-02-18 13:05:15)
Running from C:\Users\Dad D\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-04-22 03:23:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3199717442-3386205327-3011415108-500 - Administrator - Disabled)
Dad D (S-1-5-21-3199717442-3386205327-3011415108-1008 - Administrator - Enabled) => C:\Users\Dad D
Guest (S-1-5-21-3199717442-3386205327-3011415108-501 - Limited - Enabled)
UpdatusUser (S-1-5-21-3199717442-3386205327-3011415108-1002 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Any Video Converter 5.8.3 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Revit Structure 2012 UR1 (HKLM\...\Autodesk Revit Structure 2012 UR1) (Version: 1 - Autodesk)
Autodesk Revit Structure 2013 UR1 (HKLM\...\Autodesk Revit Structure 2013 UR1) (Version: 1 - Autodesk)
Autodesk Revit Structure 2013 UR2 (HKLM\...\Autodesk Revit Structure 2013 UR2) (Version: 1 - Autodesk)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitLord 2.4 (HKLM-x32\...\BitLord) (Version: 2.4.2-298 - House of Life)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
e-tax 2015 (HKLM-x32\...\{9D19C250-CE9A-4BF0-91C8-031665D54D16}) (Version: 2.7.488 - Australian Taxation Office)
Family Browser 2013 (Version: 13.22.13.1 - Kiwi Codes Solutions Ltd) Hidden
Family Browser 2014 (Version: 14.10.01.1 - Kiwi Codes Solutions Ltd) Hidden
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hero Editor V0.80 (HKLM-x32\...\ST6UNST #1) (Version:  - )
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
jetAudio Basic (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Logitech SetPoint 6.0 (HKLM\...\SP6) (Version: 6.00.68 - Logitech)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\...\MyFreeCodec) (Version:  - )
NavDesk 7.20 (HKLM-x32\...\{AB756389-9A03-44f3-ABAF-3699C01B4868}-Navman-7.20) (Version: 7.20.0011.55 - Navman Technology NZ Limited)
NavDesk 7.50 (HKLM-x32\...\{AB756389-9A03-44f3-ABAF-3699C01B4868}-Navman-7.50) (Version: 7.50.0109.128 - Navman Technology NZ Limited)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Nero Burning ROM 2014 (HKLM-x32\...\{B0E4ACBC-4CFA-4B6D-9B7B-E13C171BCC23}) (Version: 15.0.05300 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
NVIDIA 3D Vision Controller Driver 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Optimizer Pro v3.2 (x32 Version:  - ) Hidden <==== ATTENTION
PC Cleaner v3.2 (x32 Version: 3.2 - PC Help Soft) Hidden
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinSCP 4.3.6 (HKLM-x32\...\winscp3_is1) (Version: 4.3.6 - Martin Prikryl)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06E6A0FA-06D2-4632-883D-201B4889A438} - \e20aa047-a2ab-4905-b64f-21f07483fa4f-10_user -> No File <==== ATTENTION
Task: {1F318518-7628-4DEB-B378-BDF7004D6668} - System32\Tasks\{7941636A-1D04-4FE9-AA15-7FCFCED02768} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.0.0.102&amp;LastError=-9
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {32256008-631A-41AD-A0CC-75D4D24A88B2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {33DF87EB-9BE4-47C4-9927-6D0A30528F2A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-15] (Adobe Systems Incorporated)
Task: {46FEF3AD-A7CB-4390-A2D7-DDA6DC1AFE5D} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe
Task: {5187F243-6BE4-42FF-8FF7-F9BEED11DD26} - \e20aa047-a2ab-4905-b64f-21f07483fa4f-7 -> No File <==== ATTENTION
Task: {56F10CC2-001E-43F1-9AAD-7E7ACE544F15} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {5C7EBB49-B541-4B91-8972-73EB1EC809DA} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-11] (AO Kaspersky Lab)
Task: {606DE769-2289-4422-B5FD-67491B07CFA9} - System32\Tasks\{050D74C6-294B-4D9E-A652-547B32CE03EC} => C:\Program Files (x86)\etax2015\etax2015.exe [2015-06-16] ()
Task: {6ECF3505-66A7-49CC-9B5A-CA3C34BAD7DB} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {76465AA4-552B-473B-98F5-718794EA1355} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e46c91b55e67 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {7F61216C-5504-414A-A466-0D68B09933B1} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {8228F2A8-7DD4-42B5-94D8-4A2B635BDBC1} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {84EE130C-3984-4448-85FE-5E964BD89EC2} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e46c9198cde3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {8A28154A-5C0D-4E54-B478-FED54B1EAA94} - System32\Tasks\Xegxi => C:\PROGRA~1\GROOVE~1\Lulriw.bat
Task: {8AFFD189-6C3A-447A-BA63-B36CB601D70B} - \e20aa047-a2ab-4905-b64f-21f07483fa4f-3 -> No File <==== ATTENTION
Task: {9237D59B-74DA-4797-9017-23DE4BE26B5A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-19] (Piriform Ltd)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {AEC349A2-DC88-4AED-84FC-D1410F8F1DAF} - System32\Tasks\{47FBE209-203B-460F-A314-787D18099A25} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.0.0.102&amp;LastError=-9
Task: {B800A32F-7021-4A27-99D8-FFB02519B170} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {BDA10174-0802-4421-9CC8-5614444F0D9A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {BF3F43CD-0BE9-45C3-A939-6B711E611D22} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D0223D73-A3E7-461A-9158-749E119DED4A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F9FE5BBA-2BB3-4913-85BF-F2761AB48B23} - \e20aa047-a2ab-4905-b64f-21f07483fa4f-6 -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FEAEE09D-2D7B-40EA-8667-F115307D6DCD} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\e20aa047-a2ab-4905-b64f-21f07483fa4f-10_user.job => C:\Program Files (x86)\CinemaP-1.9cV02.05\e20aa047-a2ab-4905-b64f-21f07483fa4f-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\e20aa047-a2ab-4905-b64f-21f07483fa4f-3.job => C:\Program Files (x86)\CinemaP-1.9cV02.05\e20aa047-a2ab-4905-b64f-21f07483fa4f-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\e20aa047-a2ab-4905-b64f-21f07483fa4f-6.job => C:\Program Files (x86)\CinemaP-1.9cV02.05\e20aa047-a2ab-4905-b64f-21f07483fa4f-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\e20aa047-a2ab-4905-b64f-21f07483fa4f-7.job => C:\Program Files (x86)\CinemaP-1.9cV02.05\e20aa047-a2ab-4905-b64f-21f07483fa4f-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e46c9198cde3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e46c91b55e67.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-07-04 16:16 - 2014-03-05 00:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-05 23:25 - 2015-04-05 23:25 - 02622464 _____ () C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll
2015-05-13 23:04 - 2015-05-13 23:04 - 02165760 _____ () C:\ProgramData\Microsoft\Security\Client\SecurityHelper.dll
2012-07-04 16:18 - 2012-07-04 15:46 - 00078448 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-07-04 16:18 - 2012-07-04 15:46 - 00386160 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-07-04 16:18 - 2012-07-04 15:46 - 00105584 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2012-07-04 16:18 - 2012-07-04 15:46 - 64643696 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2016-02-18 11:36 - 2016-02-18 11:36 - 00708096 _____ () C:\Windows\TEMP\is-I2IOR.tmp\hwmonitor_1.28.tmp
2016-02-18 11:36 - 2016-02-18 11:36 - 00307200 _____ () C:\Windows\TEMP\mrt388C.tmp\MMFS2.dll
2016-02-18 11:36 - 2016-02-18 11:36 - 00021504 _____ () C:\Windows\TEMP\mrt388C.tmp\Get.mfx
2016-02-18 11:36 - 2016-02-18 11:36 - 00059392 _____ () C:\Windows\TEMP\mrt388C.tmp\Yaso.mfx
2012-05-30 21:06 - 2012-05-30 21:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 21:06 - 2012-05-30 21:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll
2016-02-11 12:37 - 2016-02-09 22:58 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libglesv2.dll
2016-02-11 12:37 - 2016-02-09 22:58 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libegl.dll
2016-02-11 12:37 - 2016-02-09 22:58 - 16810824 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:98181191
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\Dad D\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 104.197.191.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{21021CB3-45A9-423C-8BAB-273D0BE738A6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{7D1A9A4A-1218-45C2-82AB-0451F4FCB4DB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BF264930-8622-4513-9A34-653EC1BE5FE7}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{5108F449-32E3-48D3-BA56-BAF4C82D0B0A}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{DA0E9456-614C-45F3-8070-359FAD3100A1}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
FirewallRules: [{458CD983-6742-4C3D-BC7E-CF6227BB9660}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
FirewallRules: [{88B2B029-5EB0-4328-8994-0DE11F96BD7A}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{197BB573-F00E-4795-9D89-9F126AD90319}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{F6A96F04-CD17-4707-A829-D26B6709A87F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{544C051A-E85D-4145-B61E-F20BC3DEDC44}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E9A391ED-9FB7-4209-88A8-BF19277D6C1A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7D078554-9946-41B6-9E82-9362AB687A6A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC4D5998-14C8-4797-BCA3-599FE6682AAF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3CD450A-9FC0-418E-9B1D-4DCB527E3409}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{E922A4B1-227F-4FAC-A64E-83BA8596FDDB}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{30BF5BB7-49BF-49F7-883A-3815ADE14CBA}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{29FC8CCF-1827-4815-9BDB-FEF2AA902E56}] => (Allow) C:\AutoCAD2014\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
FirewallRules: [{8BDB2D46-EE30-4E34-9215-2E68ADF4EE0D}] => (Allow) C:\AutoCAD2014\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
FirewallRules: [{19E1A624-E6BB-4169-9C44-18D1ED361A6E}] => (Allow) C:\AutoCAD2014\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64.exe
FirewallRules: [{73F8FD96-3C06-4CB3-B780-4FF573BFD367}] => (Allow) C:\AutoCAD2014\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64.exe
FirewallRules: [{C2A3ED28-7B72-4C47-AE77-157AA230A365}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{B62E30D2-1950-4C7C-B904-3ABDC7656221}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{9E024027-769F-4E12-AB2D-A8D3E2D6EB8B}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{55450EB1-E302-40AD-89E6-411D0EE67408}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{475EA248-A2EF-4440-B855-2E9D6AAE3975}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{28146EC9-7073-4B79-8DB2-6CF31E62D7D4}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{2EB4D2BB-DAF7-4790-9B82-EEB60F119A35}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{36E80BD7-3DBC-4B10-8F5D-2E3BBB55DDD1}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{691558CA-A0BB-442A-B3E5-31FF6705AAFC}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{DC8BAA65-73D4-4CB2-8243-00C3A50F2900}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{98E105AB-7397-4802-8CC7-AA8026233F27}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{66800D63-4A39-479E-94F5-BC0D8E2BA590}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{02DED1BD-8549-4922-8877-3472D9908CA6}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{389F3FD4-C4A0-43A3-B547-236EE7902A63}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe
FirewallRules: [{5E05409D-2B79-4489-95A0-621E89DEBD2E}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe
FirewallRules: [{7E61F34A-4530-4F0B-9D46-9C085F5938EE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
27-01-2016 16:40:05 Windows Update
02-02-2016 22:26:46 Windows Update
07-02-2016 11:44:02 Windows Update
11-02-2016 12:15:11 Windows Update
11-02-2016 20:56:43 Windows Update
16-02-2016 15:47:31 Device Driver Package Install: Elaborate Bytes AG Storage controllers
 
==================== Faulty Device Manager Devices =============
 
Name: Symantec Endpoint Protection Firewall
Description: Symantec Endpoint Protection Firewall
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Teefer3
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/18/2016 11:37:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/18/2016 11:27:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/17/2016 03:18:21 PM) (Source: MsiInstaller) (EventID: 1024) (User: wsw262)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5B00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (02/17/2016 03:01:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/17/2016 02:57:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/17/2016 12:31:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/17/2016 12:26:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/17/2016 10:18:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/17/2016 09:53:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/17/2016 12:46:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (02/18/2016 12:36:17 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/18/2016 12:06:29 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/18/2016 11:36:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Teefer3
 
Error: (02/18/2016 11:36:40 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/18/2016 11:36:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Adobe Licensing Console service failed to start due to the following error: 
%%1053
 
Error: (02/18/2016 11:36:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Adobe Licensing Console service to connect.
 
Error: (02/18/2016 11:36:10 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/18/2016 11:36:09 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/18/2016 11:27:06 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {682159D9-C321-47CA-B3F1-30E36B2EC8B9}
 
Error: (02/18/2016 11:26:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Teefer3
 
 
CodeIntegrity:
===================================
  Date: 2015-07-29 17:25:09.133
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-29 17:25:09.133
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-29 17:25:09.133
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-29 17:25:09.133
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-29 17:25:09.117
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-29 17:25:09.117
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-29 17:25:09.101
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-29 17:25:09.101
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-29 17:25:09.101
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-29 17:25:09.086
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 30%
Total physical RAM: 8190.05 MB
Available physical RAM: 5690.49 MB
Total Virtual: 16378.32 MB
Available Virtual: 13788.67 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:238.37 GB) (Free:92.84 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 4507FCF3)
Partition 1: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

I have also noticed in your log file you are using BitLord 2.4 P2P program. We at Geeks to go ! Recommend removing these type of programs, they are a known cause of Malware infections. When you use file sharing programs like this you can never be sure of the file content and you are put at a much greater risk for infection. I strongly recommend you remove this program before we begin our work.


I'll be with you as soon as possible so we can start the process
  • 0

#3
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Download the enclosed => Attached File  fixlist.txt   6.6KB   56 downloads Save it in the location FRST64 is. Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.

Then

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

#4
chrisdee

chrisdee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Thanks Zep516, here are the logs.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by Dad D (2016-02-19 09:50:55) Run:1
Running from C:\Users\Dad D\Desktop
Loaded Profiles: UpdatusUser & Dad D (Available Profiles: UpdatusUser & Dad D)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
C:\Program Files (x86)\Lavasoft
HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\...\MountPoints2: {0dab255d-d467-11e5-b03c-e0cb4ed67335} - D:\setup.exe
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL => No File
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~2.dll => No File
SearchScopes: HKU\S-1-5-21-3199717442-3386205327-3011415108-1008 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com.au/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3199717442-3386205327-3011415108-1008 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-3199717442-3386205327-3011415108-1008 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3199717442-3386205327-3011415108-1008 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com.au/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3199717442-3386205327-3011415108-1008 -> {9AC709F8-DAF6-4754-B30B-0EB9F5B8B72F} URL = hxxp://www.guard-search.com/Results.aspx?gd=GB1000094&ctid=&octid=EB_ORIGINAL_CTID&ISID=E71395CF-65A4-4EED-9D93-422B3A01C9E9&SearchSource=58&CUI=SB_CUI&UM=8&UP=ED932CFA-F38E-4057-8ADF-930507335642&D=IN_DA&q={searchTerms}&SSPV=GB10A
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
S3 akshasp; \SystemRoot\system32\drivers\akshasp.sys [X]
S3 akshhl; \SystemRoot\system32\drivers\akshhl.sys [X]
S3 akspccard; \SystemRoot\system32\drivers\akspccard.sys [X]
S3 aksusb; \SystemRoot\system32\drivers\aksusb.sys [X]
S1 Teefer3; system32\DRIVERS\Teefer3.sys [X]
2016-02-16 15:26 - 2016-02-16 15:26 - 00000040 ___SH C:\ProgramData\.zreglib
2016-02-16 14:38 - 2016-02-17 01:39 - 00000000 ____D C:\Users\Dad D\AppData\Roaming\ElujpOjax
2016-02-16 14:39 - 2016-02-16 14:47 - 00000000 ____D C:\Users\Dad D\AppData\Local\TrailerTime
2016-02-16 14:39 - 2016-02-16 14:39 - 00000000 ____D C:\Program Files (x86)\RayDld
2016-02-16 14:38 - 2016-02-16 14:38 - 01203634 _____ ( ) C:\Windows\SysWOW64\lnsecsl.exe
2016-02-16 14:38 - 2016-02-16 14:38 - 00003338 _____ C:\Windows\System32\Tasks\Xegxi
2016-02-16 14:38 - 2016-02-16 14:38 - 00000000 ____D C:\Windows\system32\kenz
2016-02-16 14:38 - 2016-02-16 14:38 - 00000000 ____D C:\Users\Dad D\AppData\LocalLow\Company
2016-02-16 14:38 - 2016-02-16 14:38 - 00000000 ____D C:\Users\Dad D\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-02-16 14:38 - 2016-02-16 14:38 - 00000000 ____D C:\uninst
2014-11-19 16:00 - 2014-12-10 21:29 - 0000000 _____ () C:\Users\Dad D\AppData\Roaming\bitlord_log.txt
Optimizer Pro v3.2 (x32 Version:  - ) Hidden <==== ATTENTION
PC Cleaner v3.2 (x32 Version: 3.2 - PC Help Soft) Hidden
Task: {06E6A0FA-06D2-4632-883D-201B4889A438} - \e20aa047-a2ab-4905-b64f-21f07483fa4f-10_user -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {5187F243-6BE4-42FF-8FF7-F9BEED11DD26} - \e20aa047-a2ab-4905-b64f-21f07483fa4f-7 -> No File <==== ATTENTION
Task: {7F61216C-5504-414A-A466-0D68B09933B1} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B800A32F-7021-4A27-99D8-FFB02519B170} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {BF3F43CD-0BE9-45C3-A939-6B711E611D22} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {F9FE5BBA-2BB3-4913-85BF-F2761AB48B23} - \e20aa047-a2ab-4905-b64f-21f07483fa4f-6 -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FEAEE09D-2D7B-40EA-8667-F115307D6DCD} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: C:\Windows\Tasks\e20aa047-a2ab-4905-b64f-21f07483fa4f-10_user.job => C:\Program Files (x86)\CinemaP-1.9cV02.05\e20aa047-a2ab-4905-b64f-21f07483fa4f-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\e20aa047-a2ab-4905-b64f-21f07483fa4f-3.job => C:\Program Files (x86)\CinemaP-1.9cV02.05\e20aa047-a2ab-4905-b64f-21f07483fa4f-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\e20aa047-a2ab-4905-b64f-21f07483fa4f-6.job => C:\Program Files (x86)\CinemaP-1.9cV02.05\e20aa047-a2ab-4905-b64f-21f07483fa4f-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\e20aa047-a2ab-4905-b64f-21f07483fa4f-7.job => C:\Program Files (x86)\CinemaP-1.9cV02.05\e20aa047-a2ab-4905-b64f-21f07483fa4f-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
C:\Program Files (x86)\CinemaP-1.9cV02.05
AlternateDataStreams: C:\ProgramData\TEMP:98181191
FirewallRules: [{BF264930-8622-4513-9A34-653EC1BE5FE7}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{5108F449-32E3-48D3-BA56-BAF4C82D0B0A}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{DA0E9456-614C-45F3-8070-359FAD3100A1}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
FirewallRules: [{458CD983-6742-4C3D-BC7E-CF6227BB9660}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
FirewallRules: [{88B2B029-5EB0-4328-8994-0DE11F96BD7A}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{197BB573-F00E-4795-9D89-9F126AD90319}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION => restored successfully
HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion => value removed successfully
"C:\Program Files (x86)\Lavasoft" => not found.
"HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dab255d-d467-11e5-b03c-e0cb4ed67335}" => key removed successfully
HKCR\CLSID\{0dab255d-d467-11e5-b03c-e0cb4ed67335} => key not found. 
"C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL" => Value data removed successfully.
"c:\progra~2\optimi~1\optpro~2.dll" => Value data removed successfully.
HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
"HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{85A60A59-D3D8-468F-B598-FB4393789EF4}" => key removed successfully
HKCR\CLSID\{85A60A59-D3D8-468F-B598-FB4393789EF4} => key not found. 
"HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9AC709F8-DAF6-4754-B30B-0EB9F5B8B72F}" => key removed successfully
HKCR\CLSID\{9AC709F8-DAF6-4754-B30B-0EB9F5B8B72F} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully
"HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully
akshasp => service removed successfully
akshhl => service removed successfully
akspccard => service removed successfully
aksusb => service removed successfully
Teefer3 => service removed successfully
C:\ProgramData\.zreglib => moved successfully
C:\Users\Dad D\AppData\Roaming\ElujpOjax => moved successfully
C:\Users\Dad D\AppData\Local\TrailerTime => moved successfully
C:\Program Files (x86)\RayDld => moved successfully
C:\Windows\SysWOW64\lnsecsl.exe => moved successfully
C:\Windows\System32\Tasks\Xegxi => moved successfully
C:\Windows\system32\kenz => moved successfully
C:\Users\Dad D\AppData\LocalLow\Company => moved successfully
C:\Users\Dad D\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} => moved successfully
C:\uninst => moved successfully
C:\Users\Dad D\AppData\Roaming\bitlord_log.txt => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PC Cleaner_is1\\SystemComponent => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{06E6A0FA-06D2-4632-883D-201B4889A438}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06E6A0FA-06D2-4632-883D-201B4889A438}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e20aa047-a2ab-4905-b64f-21f07483fa4f-10_user" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5187F243-6BE4-42FF-8FF7-F9BEED11DD26}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5187F243-6BE4-42FF-8FF7-F9BEED11DD26}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e20aa047-a2ab-4905-b64f-21f07483fa4f-7" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F61216C-5504-414A-A466-0D68B09933B1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F61216C-5504-414A-A466-0D68B09933B1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B800A32F-7021-4A27-99D8-FFB02519B170}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B800A32F-7021-4A27-99D8-FFB02519B170}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF3F43CD-0BE9-45C3-A939-6B711E611D22}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF3F43CD-0BE9-45C3-A939-6B711E611D22}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F9FE5BBA-2BB3-4913-85BF-F2761AB48B23}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9FE5BBA-2BB3-4913-85BF-F2761AB48B23}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e20aa047-a2ab-4905-b64f-21f07483fa4f-6" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FEAEE09D-2D7B-40EA-8667-F115307D6DCD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEAEE09D-2D7B-40EA-8667-F115307D6DCD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => key removed successfully
C:\Windows\Tasks\e20aa047-a2ab-4905-b64f-21f07483fa4f-10_user.job => moved successfully
C:\Windows\Tasks\e20aa047-a2ab-4905-b64f-21f07483fa4f-3.job => moved successfully
C:\Windows\Tasks\e20aa047-a2ab-4905-b64f-21f07483fa4f-6.job => moved successfully
C:\Windows\Tasks\e20aa047-a2ab-4905-b64f-21f07483fa4f-7.job => moved successfully
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => moved successfully
"C:\Program Files (x86)\CinemaP-1.9cV02.05" => not found.
C:\ProgramData\TEMP => ":98181191" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BF264930-8622-4513-9A34-653EC1BE5FE7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5108F449-32E3-48D3-BA56-BAF4C82D0B0A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA0E9456-614C-45F3-8070-359FAD3100A1} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{458CD983-6742-4C3D-BC7E-CF6227BB9660} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{88B2B029-5EB0-4328-8994-0DE11F96BD7A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{197BB573-F00E-4795-9D89-9F126AD90319} => value removed successfully
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
Could not restore Hosts.
EmptyTemp: => 1.5 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 09:53:43 ====
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016
Ran by Dad D (administrator) on WSW262 (19-02-2016 10:06:41)
Running from C:\Users\Dad D\Desktop
Loaded Profiles: Dad D (Available Profiles: UpdatusUser & Dad D)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\wmi64.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1612880 2010-01-27] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-21] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2472048 2012-07-04] (VIA)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-04-28] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll [2015-04-05] ()
Startup: C:\Users\Dad D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-11-18]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 198.142.0.51 211.29.132.12 198.142.235.14
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{ABBCF719-9030-4214-A6FC-26F124D73A6F}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{ABBCF719-9030-4214-A6FC-26F124D73A6F}: [DhcpNameServer] 198.142.0.51 211.29.132.12 198.142.235.14
 
Internet Explorer:
==================
HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.theage.com.au/
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-16] (AO Kaspersky Lab)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-11-16] (AO Kaspersky Lab)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-16] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-11-16] (AO Kaspersky Lab)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2012-07-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-12-01]
 
Chrome: 
=======
CHR Profile: C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-25]
CHR Extension: (Google Docs) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-25]
CHR Extension: (Google Drive) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Kaspersky Protection) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-11-16]
CHR Extension: (Google Sheets) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-25]
CHR Extension: (Google Docs Offline) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (Skype) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
CHR Extension: (Gmail) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Profile: C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Profile: C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-17]
CHR Extension: (Google Drive) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17]
CHR Extension: (YouTube) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-17]
CHR Extension: (Google Search) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17]
CHR Extension: (Kaspersky Protection) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-17]
CHR Extension: (Gmail) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-17]
CHR Profile: C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-17]
CHR Extension: (Google Docs) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-17]
CHR Extension: (Google Drive) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17]
CHR Extension: (YouTube) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-17]
CHR Extension: (Google Search) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17]
CHR Extension: (Kaspersky Protection) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-02-17]
CHR Extension: (Google Sheets) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-17]
CHR Extension: (Gmail) - C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-17]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-11-16] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Adobe Licensing Console; %SystemRoot%\SysWOW64\lnsecsl.exe [X] <==== ATTENTION
S2 ihpmServer; "C:\Program Files (x86)\RayDld\ihpmServer.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-11-16] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-11-16] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [940928 2015-12-01] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-11-16] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-19 09:50 - 2016-02-19 09:53 - 00019160 _____ C:\Users\Dad D\Desktop\Fixlog.txt
2016-02-18 13:05 - 2016-02-18 13:05 - 00040491 _____ C:\Users\Dad D\Desktop\Addition.txt
2016-02-18 13:04 - 2016-02-19 10:06 - 00018404 _____ C:\Users\Dad D\Desktop\FRST.txt
2016-02-18 13:04 - 2016-02-19 10:06 - 00000000 ____D C:\FRST
2016-02-18 13:04 - 2016-02-18 13:00 - 02371072 _____ (Farbar) C:\Users\Dad D\Desktop\FRST64.exe
2016-02-18 11:26 - 2016-02-18 11:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-02-18 11:26 - 2016-02-18 11:26 - 00000000 ____D C:\Program Files\CPUID
2016-02-17 14:53 - 2016-02-17 14:54 - 00001648 _____ C:\Windows\SysWOW64\apply.reg
2016-02-17 13:16 - 2016-02-17 14:59 - 00003224 _____ C:\Windows\System32\Tasks\GridinSoft Anti-Malware
2016-02-17 13:15 - 2016-02-17 13:15 - 00000000 ____D C:\ProgramData\GridinSoft
2016-02-17 13:07 - 2016-02-17 15:05 - 00002259 _____ C:\Users\Dad D\Desktop\Google Chrome.lnk
2016-02-17 12:41 - 2016-02-17 12:41 - 00954546 _____ C:\Users\Dad D\Downloads\download (1).htm
2016-02-16 15:48 - 2016-02-16 15:48 - 00000000 ____D C:\Program Files (x86)\Firewatch
2016-02-16 15:35 - 2016-02-17 13:02 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2016-02-16 15:25 - 2016-02-16 15:36 - 00000000 ____D C:\Program Files (x86)\SlySoft
2016-02-16 15:25 - 2016-02-16 15:25 - 00000000 ____D C:\ProgramData\SlySoft
2016-02-16 14:44 - 2016-02-16 14:44 - 00000000 _____ C:\Windows\SysWOW64\x64.txt
2016-02-16 14:38 - 2016-02-16 14:39 - 00000000 ____D C:\Users\Dad D\AppData\Local\Tempfolder
2016-02-16 14:37 - 2016-02-16 14:37 - 00000000 ____D C:\Users\Dad D\AppData\Roaming\DAEMON Tools Lite
2016-02-16 14:36 - 2016-02-16 14:36 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-02-16 12:12 - 2016-02-16 12:15 - 00000000 ____D C:\Users\Dad D\Desktop\Firewatch-CODEX
2016-02-16 12:10 - 2016-02-16 12:25 - 00000000 ____D C:\Users\Dad D\Desktop\Bone.Tomahawk.2015.BRRip.XviD.AC3-EVO
2016-02-11 12:39 - 2016-02-06 21:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-11 12:39 - 2016-02-06 21:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-11 12:39 - 2016-02-06 21:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-11 12:39 - 2016-02-06 21:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-11 12:39 - 2016-02-06 21:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-11 12:39 - 2016-02-06 21:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-11 12:39 - 2016-02-06 20:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-11 12:39 - 2016-02-06 20:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-11 12:39 - 2016-02-06 20:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-11 12:39 - 2016-02-06 20:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-11 12:39 - 2016-02-06 20:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-11 12:39 - 2016-02-06 20:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-11 12:39 - 2016-02-06 20:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-11 12:39 - 2016-02-06 19:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-11 12:39 - 2016-01-23 07:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-11 12:39 - 2016-01-23 07:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-11 12:39 - 2016-01-22 17:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-11 12:39 - 2016-01-22 17:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-11 12:39 - 2016-01-22 17:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-11 12:39 - 2016-01-22 17:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-11 12:39 - 2016-01-22 17:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-11 12:39 - 2016-01-22 17:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-11 12:39 - 2016-01-22 17:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-11 12:39 - 2016-01-22 17:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-11 12:39 - 2016-01-22 17:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-11 12:39 - 2016-01-22 17:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-11 12:39 - 2016-01-22 17:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-11 12:39 - 2016-01-22 17:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-11 12:39 - 2016-01-22 17:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-11 12:39 - 2016-01-22 17:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-11 12:39 - 2016-01-22 17:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-11 12:39 - 2016-01-22 17:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-11 12:39 - 2016-01-22 17:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-11 12:39 - 2016-01-22 17:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-11 12:39 - 2016-01-22 16:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-11 12:39 - 2016-01-22 16:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-11 12:39 - 2016-01-22 16:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-11 12:39 - 2016-01-22 16:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-11 12:39 - 2016-01-22 16:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-11 12:39 - 2016-01-22 16:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-11 12:39 - 2016-01-22 16:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-11 12:39 - 2016-01-22 16:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-11 12:39 - 2016-01-22 16:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-11 12:39 - 2016-01-22 16:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-11 12:39 - 2016-01-22 16:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-11 12:39 - 2016-01-22 16:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-11 12:39 - 2016-01-22 16:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-11 12:39 - 2016-01-22 16:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-11 12:39 - 2016-01-22 16:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-11 12:39 - 2016-01-22 16:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-11 12:39 - 2016-01-22 16:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-11 12:39 - 2016-01-22 16:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-11 12:39 - 2016-01-22 16:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-11 12:39 - 2016-01-22 16:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-11 12:39 - 2016-01-22 16:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-11 12:39 - 2016-01-22 16:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-11 12:38 - 2016-01-22 17:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-11 12:38 - 2016-01-22 17:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-11 12:38 - 2016-01-22 17:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-11 12:38 - 2016-01-22 17:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-11 12:38 - 2016-01-22 17:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-11 12:38 - 2016-01-22 17:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-11 12:38 - 2016-01-22 17:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-11 12:38 - 2016-01-22 16:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-11 12:38 - 2016-01-22 16:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-11 12:38 - 2016-01-22 16:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-11 12:17 - 2016-01-17 06:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-11 12:17 - 2016-01-17 05:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-11 12:17 - 2016-01-12 01:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-11 12:17 - 2016-01-12 01:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-11 12:17 - 2016-01-12 01:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-11 12:17 - 2016-01-12 01:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-11 12:17 - 2016-01-12 01:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-11 12:17 - 2016-01-07 06:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-11 12:17 - 2016-01-07 06:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-11 12:17 - 2016-01-07 05:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-11 12:16 - 2016-01-22 17:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-11 12:16 - 2016-01-22 17:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-11 12:16 - 2016-01-22 17:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-11 12:16 - 2016-01-22 17:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-11 12:16 - 2016-01-22 17:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-11 12:16 - 2016-01-22 17:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-11 12:16 - 2016-01-22 17:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-11 12:16 - 2016-01-22 17:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-11 12:16 - 2016-01-22 17:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-11 12:16 - 2016-01-22 17:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-11 12:16 - 2016-01-22 17:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-11 12:16 - 2016-01-22 17:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-11 12:16 - 2016-01-22 17:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-11 12:16 - 2016-01-22 17:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-11 12:16 - 2016-01-22 17:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-11 12:16 - 2016-01-22 17:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-11 12:16 - 2016-01-22 17:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-11 12:16 - 2016-01-22 17:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-11 12:16 - 2016-01-22 17:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-11 12:16 - 2016-01-22 17:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-11 12:16 - 2016-01-22 17:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-11 12:16 - 2016-01-22 17:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-11 12:16 - 2016-01-22 17:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-11 12:16 - 2016-01-22 17:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-11 12:16 - 2016-01-22 17:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-11 12:16 - 2016-01-22 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-11 12:16 - 2016-01-22 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-11 12:16 - 2016-01-22 17:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-11 12:16 - 2016-01-22 17:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-11 12:16 - 2016-01-22 17:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-11 12:16 - 2016-01-22 17:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-11 12:16 - 2016-01-22 17:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-11 12:16 - 2016-01-22 17:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-11 12:16 - 2016-01-22 17:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-11 12:16 - 2016-01-22 17:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-11 12:16 - 2016-01-22 17:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 17:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-11 12:16 - 2016-01-22 17:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-11 12:16 - 2016-01-22 17:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-11 12:16 - 2016-01-22 17:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-11 12:16 - 2016-01-22 17:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-11 12:16 - 2016-01-22 17:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-11 12:16 - 2016-01-22 17:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-11 12:16 - 2016-01-22 17:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-11 12:16 - 2016-01-22 17:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-11 12:16 - 2016-01-22 17:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-11 12:16 - 2016-01-22 17:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-11 12:16 - 2016-01-22 17:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-11 12:16 - 2016-01-22 17:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-11 12:16 - 2016-01-22 17:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-11 12:16 - 2016-01-22 17:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-11 12:16 - 2016-01-22 17:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-11 12:16 - 2016-01-22 17:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-11 12:16 - 2016-01-22 17:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-11 12:16 - 2016-01-22 17:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-11 12:16 - 2016-01-22 17:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-11 12:16 - 2016-01-22 17:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-11 12:16 - 2016-01-22 17:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 16:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-11 12:16 - 2016-01-22 16:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-11 12:16 - 2016-01-22 16:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-11 12:16 - 2016-01-22 16:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-11 12:16 - 2016-01-22 16:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-11 12:16 - 2016-01-22 16:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-11 12:16 - 2016-01-22 15:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-11 12:16 - 2016-01-22 15:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-11 12:16 - 2016-01-22 15:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-11 12:16 - 2016-01-22 15:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-11 12:16 - 2016-01-22 15:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-11 12:16 - 2016-01-22 15:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-11 12:16 - 2016-01-22 15:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-11 12:16 - 2016-01-22 15:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-11 12:16 - 2016-01-22 15:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-11 12:16 - 2016-01-22 15:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-11 12:16 - 2016-01-22 15:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 15:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 15:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-11 12:16 - 2016-01-22 15:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-11 12:16 - 2016-01-17 06:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-11 12:16 - 2016-01-17 05:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-11 12:16 - 2016-01-12 06:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-11 12:16 - 2016-01-12 06:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-11 12:16 - 2016-01-12 06:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-11 12:16 - 2016-01-12 05:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-11 12:16 - 2016-01-12 05:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-11 12:16 - 2016-01-12 05:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-11 12:16 - 2016-01-12 05:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-11 12:16 - 2016-01-12 05:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-11 12:16 - 2016-01-12 05:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-11 12:16 - 2016-01-12 05:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-11 12:16 - 2016-01-12 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-11 12:16 - 2016-01-12 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-11 12:16 - 2016-01-12 05:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-11 12:16 - 2016-01-12 05:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-11 12:16 - 2016-01-12 05:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-11 12:16 - 2016-01-12 05:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-11 12:16 - 2016-01-08 04:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-11 12:16 - 2016-01-08 04:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-11 12:16 - 2015-12-21 05:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-11 12:16 - 2015-12-21 05:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-11 12:16 - 2015-12-21 01:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-02 22:49 - 2016-02-02 22:49 - 00148516 _____ C:\Users\Dad D\Downloads\QF_Boarding_Pass_4ZKLPE_03FEB.pdf
2016-02-02 22:36 - 2016-02-02 22:56 - 00000000 ____D C:\Users\Dad D\Desktop\Kate and Dan do Japan
2016-02-02 22:35 - 2016-02-02 22:35 - 00344747 _____ C:\Users\Dad D\Downloads\Certificate of Insurance.pdf
2016-02-02 22:33 - 2016-02-02 22:33 - 00146823 _____ C:\Users\Dad D\Downloads\QF_Boarding_Pass_4Z2ZY6_03FEB.pdf
2016-01-27 11:44 - 2016-01-28 17:00 - 00016380 _____ C:\Users\Dad D\Desktop\Expenditure by Month.xlsx
2016-01-26 11:41 - 2016-01-26 11:41 - 00167052 _____ C:\Users\Dad D\Downloads\download.htm
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-19 10:04 - 2015-09-01 15:13 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e46c9198cde3.job
2016-02-19 10:04 - 2014-11-19 16:06 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-02-19 10:04 - 2012-07-04 16:16 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-19 10:04 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-19 09:53 - 2015-04-11 01:10 - 00000000 ____D C:\Users\Dad D\AppData\LocalLow\Temp
2016-02-19 09:40 - 2009-07-14 15:45 - 00021920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-19 09:40 - 2009-07-14 15:45 - 00021920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-19 09:36 - 2015-09-01 15:13 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e46c91b55e67.job
2016-02-19 09:30 - 2009-07-14 16:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-19 09:30 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\inf
2016-02-19 09:26 - 2014-12-10 17:10 - 00000000 ____D C:\Users\Dad D\Documents\Outlook Files
2016-02-17 15:18 - 2015-11-04 18:02 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-17 15:13 - 2012-07-04 17:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-02-17 13:02 - 2014-12-10 18:07 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-02-16 16:10 - 2014-11-19 17:14 - 00000717 _____ C:\Windows\WININIT.INI
2016-02-16 16:08 - 2012-07-04 16:16 - 00000000 ____D C:\Users\UpdatusUser
2016-02-16 14:58 - 2014-11-19 16:00 - 00000000 ____D C:\Users\Dad D\Documents\BitLord
2016-02-16 14:51 - 2014-11-17 17:02 - 00001429 _____ C:\Users\Dad D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-16 14:44 - 2012-07-04 16:39 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-02-16 14:41 - 2012-07-04 16:39 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-02-14 11:35 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\rescache
2016-02-14 10:58 - 2014-11-17 17:02 - 00000000 ___RD C:\Users\Dad D\Virtual Machines
2016-02-14 10:56 - 2014-12-11 13:08 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-14 10:56 - 2014-11-28 12:13 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-14 10:56 - 2011-04-12 19:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-14 10:56 - 2009-07-14 15:45 - 00919104 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-11 21:13 - 2014-04-22 14:50 - 00000000 ____D C:\Windows\system32\MRT
2016-02-11 21:04 - 2012-07-04 16:49 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-11 21:03 - 2009-07-14 13:34 - 00000580 _____ C:\Windows\win.ini
2016-02-02 22:31 - 2015-09-01 15:13 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0e46c91b55e67
2016-02-02 22:31 - 2015-09-01 15:13 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0e46c9198cde3
2016-01-26 18:01 - 2015-08-11 20:22 - 00000000 ____D C:\Users\Dad D\AppData\Local\Battle.net
2016-01-26 11:46 - 2015-08-11 20:30 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-01-26 11:31 - 2015-08-11 20:22 - 00000000 ____D C:\Program Files (x86)\Battle.net
 
==================== Files in the root of some directories =======
 
2014-12-10 21:30 - 2014-12-10 21:30 - 0000218 _____ () C:\Users\Dad D\AppData\Local\recently-used.xbel
2012-07-06 13:38 - 2012-07-06 13:38 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2012-07-06 15:55 - 2012-07-06 15:55 - 0000119 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2014-04-23 12:15 - 2014-04-23 12:15 - 0000105 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-18 12:26
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by Dad D (2016-02-19 10:07:00)
Running from C:\Users\Dad D\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-04-22 03:23:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3199717442-3386205327-3011415108-500 - Administrator - Disabled)
Dad D (S-1-5-21-3199717442-3386205327-3011415108-1008 - Administrator - Enabled) => C:\Users\Dad D
Guest (S-1-5-21-3199717442-3386205327-3011415108-501 - Limited - Enabled)
UpdatusUser (S-1-5-21-3199717442-3386205327-3011415108-1002 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Any Video Converter 5.8.3 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Revit Structure 2012 UR1 (HKLM\...\Autodesk Revit Structure 2012 UR1) (Version: 1 - Autodesk)
Autodesk Revit Structure 2013 UR1 (HKLM\...\Autodesk Revit Structure 2013 UR1) (Version: 1 - Autodesk)
Autodesk Revit Structure 2013 UR2 (HKLM\...\Autodesk Revit Structure 2013 UR2) (Version: 1 - Autodesk)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitLord 2.4 (HKLM-x32\...\BitLord) (Version: 2.4.2-298 - House of Life)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
e-tax 2015 (HKLM-x32\...\{9D19C250-CE9A-4BF0-91C8-031665D54D16}) (Version: 2.7.488 - Australian Taxation Office)
Family Browser 2013 (Version: 13.22.13.1 - Kiwi Codes Solutions Ltd) Hidden
Family Browser 2014 (Version: 14.10.01.1 - Kiwi Codes Solutions Ltd) Hidden
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hero Editor V0.80 (HKLM-x32\...\ST6UNST #1) (Version:  - )
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
jetAudio Basic (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Logitech SetPoint 6.0 (HKLM\...\SP6) (Version: 6.00.68 - Logitech)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\...\MyFreeCodec) (Version:  - )
NavDesk 7.20 (HKLM-x32\...\{AB756389-9A03-44f3-ABAF-3699C01B4868}-Navman-7.20) (Version: 7.20.0011.55 - Navman Technology NZ Limited)
NavDesk 7.50 (HKLM-x32\...\{AB756389-9A03-44f3-ABAF-3699C01B4868}-Navman-7.50) (Version: 7.50.0109.128 - Navman Technology NZ Limited)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Nero Burning ROM 2014 (HKLM-x32\...\{B0E4ACBC-4CFA-4B6D-9B7B-E13C171BCC23}) (Version: 15.0.05300 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
NVIDIA 3D Vision Controller Driver 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version:  - ) <==== ATTENTION
PC Cleaner v3.2 (HKLM-x32\...\PC Cleaner_is1) (Version: 3.2 - PC Help Soft)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinSCP 4.3.6 (HKLM-x32\...\winscp3_is1) (Version: 4.3.6 - Martin Prikryl)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1F318518-7628-4DEB-B378-BDF7004D6668} - System32\Tasks\{7941636A-1D04-4FE9-AA15-7FCFCED02768} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.0.0.102&amp;LastError=-9
Task: {32256008-631A-41AD-A0CC-75D4D24A88B2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {33DF87EB-9BE4-47C4-9927-6D0A30528F2A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-15] (Adobe Systems Incorporated)
Task: {46FEF3AD-A7CB-4390-A2D7-DDA6DC1AFE5D} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe
Task: {56F10CC2-001E-43F1-9AAD-7E7ACE544F15} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {5C7EBB49-B541-4B91-8972-73EB1EC809DA} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-11] (AO Kaspersky Lab)
Task: {606DE769-2289-4422-B5FD-67491B07CFA9} - System32\Tasks\{050D74C6-294B-4D9E-A652-547B32CE03EC} => C:\Program Files (x86)\etax2015\etax2015.exe [2015-06-16] ()
Task: {6ECF3505-66A7-49CC-9B5A-CA3C34BAD7DB} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {76465AA4-552B-473B-98F5-718794EA1355} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e46c91b55e67 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {8228F2A8-7DD4-42B5-94D8-4A2B635BDBC1} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {84EE130C-3984-4448-85FE-5E964BD89EC2} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e46c9198cde3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {8A28154A-5C0D-4E54-B478-FED54B1EAA94} - \Xegxi -> No File <==== ATTENTION
Task: {8AFFD189-6C3A-447A-BA63-B36CB601D70B} - \e20aa047-a2ab-4905-b64f-21f07483fa4f-3 -> No File <==== ATTENTION
Task: {9237D59B-74DA-4797-9017-23DE4BE26B5A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-19] (Piriform Ltd)
Task: {AEC349A2-DC88-4AED-84FC-D1410F8F1DAF} - System32\Tasks\{47FBE209-203B-460F-A314-787D18099A25} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.0.0.102&amp;LastError=-9
Task: {BDA10174-0802-4421-9CC8-5614444F0D9A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {D0223D73-A3E7-461A-9158-749E119DED4A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e46c9198cde3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e46c91b55e67.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-07-04 16:16 - 2014-03-05 00:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-05 23:25 - 2015-04-05 23:25 - 02622464 _____ () C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll
2015-05-13 23:04 - 2015-05-13 23:04 - 02165760 _____ () C:\ProgramData\Microsoft\Security\Client\SecurityHelper.dll
2012-07-04 16:18 - 2012-07-04 15:46 - 00078448 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-07-04 16:18 - 2012-07-04 15:46 - 00386160 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-07-04 16:18 - 2012-07-04 15:46 - 00105584 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2012-07-04 16:18 - 2012-07-04 15:46 - 64643696 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2012-05-30 21:06 - 2012-05-30 21:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 21:06 - 2012-05-30 21:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\Dad D\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 104.197.191.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{21021CB3-45A9-423C-8BAB-273D0BE738A6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{7D1A9A4A-1218-45C2-82AB-0451F4FCB4DB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F6A96F04-CD17-4707-A829-D26B6709A87F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{544C051A-E85D-4145-B61E-F20BC3DEDC44}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E9A391ED-9FB7-4209-88A8-BF19277D6C1A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7D078554-9946-41B6-9E82-9362AB687A6A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC4D5998-14C8-4797-BCA3-599FE6682AAF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3CD450A-9FC0-418E-9B1D-4DCB527E3409}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{E922A4B1-227F-4FAC-A64E-83BA8596FDDB}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{30BF5BB7-49BF-49F7-883A-3815ADE14CBA}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{29FC8CCF-1827-4815-9BDB-FEF2AA902E56}] => (Allow) C:\AutoCAD2014\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
FirewallRules: [{8BDB2D46-EE30-4E34-9215-2E68ADF4EE0D}] => (Allow) C:\AutoCAD2014\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
FirewallRules: [{19E1A624-E6BB-4169-9C44-18D1ED361A6E}] => (Allow) C:\AutoCAD2014\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64.exe
FirewallRules: [{73F8FD96-3C06-4CB3-B780-4FF573BFD367}] => (Allow) C:\AutoCAD2014\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64.exe
FirewallRules: [{C2A3ED28-7B72-4C47-AE77-157AA230A365}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{B62E30D2-1950-4C7C-B904-3ABDC7656221}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{9E024027-769F-4E12-AB2D-A8D3E2D6EB8B}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{55450EB1-E302-40AD-89E6-411D0EE67408}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{475EA248-A2EF-4440-B855-2E9D6AAE3975}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{28146EC9-7073-4B79-8DB2-6CF31E62D7D4}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{2EB4D2BB-DAF7-4790-9B82-EEB60F119A35}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{36E80BD7-3DBC-4B10-8F5D-2E3BBB55DDD1}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{691558CA-A0BB-442A-B3E5-31FF6705AAFC}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{DC8BAA65-73D4-4CB2-8243-00C3A50F2900}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{98E105AB-7397-4802-8CC7-AA8026233F27}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{66800D63-4A39-479E-94F5-BC0D8E2BA590}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{02DED1BD-8549-4922-8877-3472D9908CA6}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{389F3FD4-C4A0-43A3-B547-236EE7902A63}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe
FirewallRules: [{5E05409D-2B79-4489-95A0-621E89DEBD2E}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe
FirewallRules: [{7E61F34A-4530-4F0B-9D46-9C085F5938EE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
02-02-2016 22:26:46 Windows Update
07-02-2016 11:44:02 Windows Update
11-02-2016 12:15:11 Windows Update
11-02-2016 20:56:43 Windows Update
16-02-2016 15:47:31 Device Driver Package Install: Elaborate Bytes AG Storage controllers
19-02-2016 09:50:56 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/19/2016 10:06:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/19/2016 09:50:56 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6c3d1160-09af-4473-bdb0-d147b5280adf}
 
Error: (02/18/2016 11:37:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/18/2016 11:27:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/17/2016 03:18:21 PM) (Source: MsiInstaller) (EventID: 1024) (User: wsw262)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5B00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (02/17/2016 03:01:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/17/2016 02:57:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/17/2016 12:31:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/17/2016 12:26:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/17/2016 10:18:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (02/19/2016 10:04:52 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/19/2016 10:04:49 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/19/2016 10:04:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Adobe Licensing Console service failed to start due to the following error: 
%%2
 
Error: (02/19/2016 09:51:26 AM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002
 
Error: (02/19/2016 09:50:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office  Source Engine service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/19/2016 09:50:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/19/2016 09:50:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (02/19/2016 09:50:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/19/2016 09:50:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Nero Update service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/19/2016 09:50:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2015-07-29 17:25:09.133
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-29 17:25:09.133
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-29 17:25:09.133
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-29 17:25:09.133
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-29 17:25:09.117
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-29 17:25:09.117
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-29 17:25:09.101
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-29 17:25:09.101
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-29 17:25:09.101
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-29 17:25:09.086
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 18%
Total physical RAM: 8190.05 MB
Available physical RAM: 6664.62 MB
Total Virtual: 16378.32 MB
Available Virtual: 14665.35 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:238.37 GB) (Free:95.64 GB) NTFS
Drive d: (FLASH DRIVE) (Removable) (Total:7.2 GB) (Free:4.61 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 4507FCF3)
Partition 1: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.2 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0C)
 
==================== End of Addition.txt ============================

  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello,

First

Please remove these programs from your programs an features list, Start > Control panel > Programs an features. In the list find the program listed below and uninstall it.
  • Optimizer Pro v3.2
  • PC Cleaner v3.2
    If a program will not remove skip it and keep following instructions please.

    Next a few left overs to fix with FRST.

    Download the enclosed =>Attached File  fixlist.txt   654bytes   59 downloads Save it in the location FRST64 is. Run FRST and click on the Fix button. Wait until finished.
    The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.

    Next
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.

    Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.
     
    Next 2 adware scans.

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • The report will be saved in the C:\AdwCleaner folder.

    Next

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.


    In your next reply post;
  • Fixlog.txt
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log
  • Malwarebyteslog

    Thanks
    Joe :)

  • 0

#6
chrisdee

chrisdee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

All done, thanks again Joe.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by Dad D (2016-02-19 10:53:29) Run:2
Running from C:\Users\Dad D\Desktop
Loaded Profiles: UpdatusUser & Dad D (Available Profiles: UpdatusUser & Dad D)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
S2 Adobe Licensing Console; %SystemRoot%\SysWOW64\lnsecsl.exe [X] <==== ATTENTION
S2 ihpmServer; "C:\Program Files (x86)\RayDld\ihpmServer.exe" [X]
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
Task: {8A28154A-5C0D-4E54-B478-FED54B1EAA94} - \Xegxi -> No File <==== ATTENTION
Task: {8AFFD189-6C3A-447A-BA63-B36CB601D70B} - \e20aa047-a2ab-4905-b64f-21f07483fa4f-3 -> No File <==== ATTENTION
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
Adobe Licensing Console => service removed successfully
ihpmServer => service removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => key removed successfully
"HKCR\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A28154A-5C0D-4E54-B478-FED54B1EAA94}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A28154A-5C0D-4E54-B478-FED54B1EAA94}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Xegxi" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8AFFD189-6C3A-447A-BA63-B36CB601D70B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AFFD189-6C3A-447A-BA63-B36CB601D70B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e20aa047-a2ab-4905-b64f-21f07483fa4f-3" => key removed successfully
EmptyTemp: => 4.1 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 10:54:08 ====
 
# AdwCleaner v5.035 - Logfile created 19/02/2016 at 11:22:04
# Updated 18/02/2016 by Xplode
# Database : 2016-02-18.5 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Dad D - WSW262
# Running from : C:\Users\Dad D\Desktop\adwcleaner_5.035.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\BitLord
[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\Program Files (x86)\myfree codec
[-] Folder Deleted : C:\ProgramData\TweakBit
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[-] Folder Deleted : C:\Users\Dad D\AppData\Local\BitLord
[-] Folder Deleted : C:\Users\Dad D\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Dad D\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\Dad D\AppData\Roaming\BitLord
[-] Folder Deleted : C:\Users\Dad D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord
[-] Folder Deleted : C:\Users\Dad D\Documents\BitLord
 
***** [ Files ] *****
 
[-] File Deleted : C:\Windows\SysNative\LavasoftTcpService64.dll
[-] File Deleted : C:\Windows\SysNative\LavasoftTcpServiceOff.ini
[-] File Deleted : C:\Windows\SysWOW64\lavasofttcpservice.dll
[-] File Deleted : C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : HKCU\Software\Bitberry
[-] Key Deleted : HKCU\Software\Bitberry Software
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\Myfree Codec
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\Myfree Codec
[-] Key Deleted : HKLM\SOFTWARE\StormWatchApp
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\data
[!] Key Not Deleted : HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\Software\Bitberry
[!] Key Not Deleted : HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\Software\Bitberry Software
[!] Key Not Deleted : HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\Software\GlobalUpdate
[!] Key Not Deleted : HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\Software\Myfree Codec
[!] Key Not Deleted : HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driverupdate.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\motitags.dl.tb.ask.com
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7670 bytes] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Professional x64 
Ran by Dad D (Administrator) on Fri 19/02/2016 at 11:29:20.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 10 
 
Successfully deleted: C:\Windows\SysWOW64\x64.txt (File) 
Successfully deleted: C:\Windows\wininit.ini (File) 
Successfully deleted: C:\Users\Dad D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7JVEPWF9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dad D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBAL8LU5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dad D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L33BAB4L (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dad D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJQ930CB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7JVEPWF9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBAL8LU5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L33BAB4L (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJQ930CB (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 19/02/2016 at 11:31:32.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 19/02/2016
Scan Time: 11:03 AM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.02.18.05
Rootkit Database: v2016.02.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dad D
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 454635
Time Elapsed: 5 min, 36 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 197
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [f83588da9dfc9b9b66f8c6e823dfae52], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassSvc, Quarantined, [f83588da9dfc9b9b66f8c6e823dfae52], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [f83588da9dfc9b9b66f8c6e823dfae52], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassSvc, Quarantined, [f83588da9dfc9b9b66f8c6e823dfae52], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [f83588da9dfc9b9b66f8c6e823dfae52], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.OnDemandCOMClassSvc, Quarantined, [f83588da9dfc9b9b66f8c6e823dfae52], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [f83588da9dfc9b9b66f8c6e823dfae52], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [f83588da9dfc9b9b66f8c6e823dfae52], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [f83588da9dfc9b9b66f8c6e823dfae52], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [f83588da9dfc9b9b66f8c6e823dfae52], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [f83588da9dfc9b9b66f8c6e823dfae52], 
PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\APPID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}, Quarantined, [d35ae28093065adc48f8215a837fc739], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}, Quarantined, [d35ae28093065adc48f8215a837fc739], 
PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}, Quarantined, [d35ae28093065adc48f8215a837fc739], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [45e8ca98069376c075ec0f9f07fbfc04], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3COMClassService, Quarantined, [45e8ca98069376c075ec0f9f07fbfc04], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3COMClassService.1.0, Quarantined, [45e8ca98069376c075ec0f9f07fbfc04], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3COMClassService, Quarantined, [45e8ca98069376c075ec0f9f07fbfc04], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3COMClassService.1.0, Quarantined, [45e8ca98069376c075ec0f9f07fbfc04], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.Update3COMClassService, Quarantined, [45e8ca98069376c075ec0f9f07fbfc04], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.Update3COMClassService.1.0, Quarantined, [45e8ca98069376c075ec0f9f07fbfc04], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [45e8ca98069376c075ec0f9f07fbfc04], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [45e8ca98069376c075ec0f9f07fbfc04], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [45e8ca98069376c075ec0f9f07fbfc04], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [45e8ca98069376c075ec0f9f07fbfc04], 
PUP.Optional.WinManger, HKLM\SOFTWARE\CLASSES\APPID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}, Quarantined, [fc31431f4d4ce650a06fe0c6b949639d], 
PUP.Optional.WinManger, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}, Quarantined, [fc31431f4d4ce650a06fe0c6b949639d], 
PUP.Optional.WinManger, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}, Quarantined, [fc31431f4d4ce650a06fe0c6b949639d], 
Trojan.SathurBot, HKLM\SOFTWARE\CLASSES\CLSID\{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637}, Quarantined, [be6f2939c8d10c2a15b6911ec0426f91], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}, Quarantined, [be6f75ed3d5c7cba1f40416d38ca857b], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoreClass.1, Quarantined, [be6f75ed3d5c7cba1f40416d38ca857b], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoreClass, Quarantined, [be6f75ed3d5c7cba1f40416d38ca857b], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoreClass, Quarantined, [be6f75ed3d5c7cba1f40416d38ca857b], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.CoreClass, Quarantined, [be6f75ed3d5c7cba1f40416d38ca857b], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoreClass.1, Quarantined, [be6f75ed3d5c7cba1f40416d38ca857b], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.CoreClass.1, Quarantined, [be6f75ed3d5c7cba1f40416d38ca857b], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}, Quarantined, [be6f75ed3d5c7cba1f40416d38ca857b], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [c568b4aee5b484b2abb51995dd25c13f], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [c568b4aee5b484b2abb51995dd25c13f], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [c568b4aee5b484b2abb51995dd25c13f], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdate.OneClickCtrl.10, Quarantined, [c568b4aee5b484b2abb51995dd25c13f], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [c568b4aee5b484b2abb51995dd25c13f], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [c568b4aee5b484b2abb51995dd25c13f], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [c568b4aee5b484b2abb51995dd25c13f], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}, Quarantined, [54d9471b415882b4f66cffaf19e9f709], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickProcessLauncherMachine.1.0, Quarantined, [54d9471b415882b4f66cffaf19e9f709], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickProcessLauncherMachine, Quarantined, [54d9471b415882b4f66cffaf19e9f709], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickProcessLauncherMachine, Quarantined, [54d9471b415882b4f66cffaf19e9f709], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdate.OneClickProcessLauncherMachine, Quarantined, [54d9471b415882b4f66cffaf19e9f709], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickProcessLauncherMachine.1.0, Quarantined, [54d9471b415882b4f66cffaf19e9f709], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdate.OneClickProcessLauncherMachine.1.0, Quarantined, [54d9471b415882b4f66cffaf19e9f709], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}, Quarantined, [54d9471b415882b4f66cffaf19e9f709], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}, Quarantined, [54d9471b415882b4f66cffaf19e9f709], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}, Quarantined, [d65761019801e254ec77a30b7989e31d], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [d65761019801e254ec77a30b7989e31d], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachineFallback, Quarantined, [d65761019801e254ec77a30b7989e31d], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachineFallback, Quarantined, [d65761019801e254ec77a30b7989e31d], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.OnDemandCOMClassMachineFallback, Quarantined, [d65761019801e254ec77a30b7989e31d], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [d65761019801e254ec77a30b7989e31d], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [d65761019801e254ec77a30b7989e31d], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}, Quarantined, [d65761019801e254ec77a30b7989e31d], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}, Quarantined, [63ca451dd4c541f5e77d7a3407fbfb05], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoreMachineClass.1, Quarantined, [63ca451dd4c541f5e77d7a3407fbfb05], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoreMachineClass, Quarantined, [63ca451dd4c541f5e77d7a3407fbfb05], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoreMachineClass, Quarantined, [63ca451dd4c541f5e77d7a3407fbfb05], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.CoreMachineClass, Quarantined, [63ca451dd4c541f5e77d7a3407fbfb05], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoreMachineClass.1, Quarantined, [63ca451dd4c541f5e77d7a3407fbfb05], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.CoreMachineClass.1, Quarantined, [63ca451dd4c541f5e77d7a3407fbfb05], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}, Quarantined, [63ca451dd4c541f5e77d7a3407fbfb05], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}, Quarantined, [fa33273b980159dd92b14437e31f629e], 
PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}, Quarantined, [fa33273b980159dd92b14437e31f629e], 
PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}, Quarantined, [fa33273b980159dd92b14437e31f629e], 
PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}, Quarantined, [fa33273b980159dd92b14437e31f629e], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}, Quarantined, [fa33273b980159dd92b14437e31f629e], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}, Quarantined, [fa33273b980159dd92b14437e31f629e], 
PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}, Quarantined, [fa33273b980159dd92b14437e31f629e], 
PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}, Quarantined, [fa33273b980159dd92b14437e31f629e], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}, Quarantined, [fa33273b980159dd92b14437e31f629e], 
PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}, Quarantined, [fa33273b980159dd92b14437e31f629e], 
PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}, Quarantined, [fa33273b980159dd92b14437e31f629e], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}, Quarantined, [30fd451da5f493a34c1a5d51f80a3ec2], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebSvc.1.0, Quarantined, [30fd451da5f493a34c1a5d51f80a3ec2], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebSvc, Quarantined, [30fd451da5f493a34c1a5d51f80a3ec2], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebSvc, Quarantined, [30fd451da5f493a34c1a5d51f80a3ec2], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.Update3WebSvc, Quarantined, [30fd451da5f493a34c1a5d51f80a3ec2], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebSvc.1.0, Quarantined, [30fd451da5f493a34c1a5d51f80a3ec2], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.Update3WebSvc.1.0, Quarantined, [30fd451da5f493a34c1a5d51f80a3ec2], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}, Quarantined, [30fd451da5f493a34c1a5d51f80a3ec2], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}, Quarantined, [0b22fa6877223204c1a6b3fb0af860a0], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CredentialDialogMachine.1.0, Quarantined, [0b22fa6877223204c1a6b3fb0af860a0], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CredentialDialogMachine, Quarantined, [0b22fa6877223204c1a6b3fb0af860a0], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CredentialDialogMachine, Quarantined, [0b22fa6877223204c1a6b3fb0af860a0], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.CredentialDialogMachine, Quarantined, [0b22fa6877223204c1a6b3fb0af860a0], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CredentialDialogMachine.1.0, Quarantined, [0b22fa6877223204c1a6b3fb0af860a0], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.CredentialDialogMachine.1.0, Quarantined, [0b22fa6877223204c1a6b3fb0af860a0], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}, Quarantined, [0b22fa6877223204c1a6b3fb0af860a0], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}, Quarantined, [f13c9cc63267f5413d2b8e20c53d54ac], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.ProcessLauncher.1.0, Quarantined, [f13c9cc63267f5413d2b8e20c53d54ac], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.ProcessLauncher, Quarantined, [f13c9cc63267f5413d2b8e20c53d54ac], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.ProcessLauncher, Quarantined, [f13c9cc63267f5413d2b8e20c53d54ac], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.ProcessLauncher, Quarantined, [f13c9cc63267f5413d2b8e20c53d54ac], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.ProcessLauncher.1.0, Quarantined, [f13c9cc63267f5413d2b8e20c53d54ac], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.ProcessLauncher.1.0, Quarantined, [f13c9cc63267f5413d2b8e20c53d54ac], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}, Quarantined, [f13c9cc63267f5413d2b8e20c53d54ac], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}, Quarantined, [ff2ebfa349504fe7a2c78b239e649070], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [ff2ebfa349504fe7a2c78b239e649070], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachine, Quarantined, [ff2ebfa349504fe7a2c78b239e649070], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachine, Quarantined, [ff2ebfa349504fe7a2c78b239e649070], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.OnDemandCOMClassMachine, Quarantined, [ff2ebfa349504fe7a2c78b239e649070], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [ff2ebfa349504fe7a2c78b239e649070], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [ff2ebfa349504fe7a2c78b239e649070], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}, Quarantined, [ff2ebfa349504fe7a2c78b239e649070], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [ad80fc66badfe452ea80208e9d65bc44], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [ad80fc66badfe452ea80208e9d65bc44], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [ad80fc66badfe452ea80208e9d65bc44], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdate.Update3WebControl.4, Quarantined, [ad80fc66badfe452ea80208e9d65bc44], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [ad80fc66badfe452ea80208e9d65bc44], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [ad80fc66badfe452ea80208e9d65bc44], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [ad80fc66badfe452ea80208e9d65bc44], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [e04dbda5c8d160d6a1caeec0a06212ee], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [e04dbda5c8d160d6a1caeec0a06212ee], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}, Quarantined, [e34acf933b5e60d6da92feb0b54d9967], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoCreateAsync.1.0, Quarantined, [e34acf933b5e60d6da92feb0b54d9967], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoCreateAsync, Quarantined, [e34acf933b5e60d6da92feb0b54d9967], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoCreateAsync, Quarantined, [e34acf933b5e60d6da92feb0b54d9967], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.CoCreateAsync, Quarantined, [e34acf933b5e60d6da92feb0b54d9967], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoCreateAsync.1.0, Quarantined, [e34acf933b5e60d6da92feb0b54d9967], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.CoCreateAsync.1.0, Quarantined, [e34acf933b5e60d6da92feb0b54d9967], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}, Quarantined, [e34acf933b5e60d6da92feb0b54d9967], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [ac81ca988d0c74c278f5f5b9d032c33d], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [ac81ca988d0c74c278f5f5b9d032c33d], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}, Quarantined, [929bb5ad0792d066eb83416d6a98b050], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebMachineFallback.1.0, Quarantined, [929bb5ad0792d066eb83416d6a98b050], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebMachineFallback, Quarantined, [929bb5ad0792d066eb83416d6a98b050], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebMachineFallback, Quarantined, [929bb5ad0792d066eb83416d6a98b050], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.Update3WebMachineFallback, Quarantined, [929bb5ad0792d066eb83416d6a98b050], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebMachineFallback.1.0, Quarantined, [929bb5ad0792d066eb83416d6a98b050], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.Update3WebMachineFallback.1.0, Quarantined, [929bb5ad0792d066eb83416d6a98b050], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}, Quarantined, [929bb5ad0792d066eb83416d6a98b050], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}, Quarantined, [8e9ff0724f4a69cdbab5901e31d1fb05], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebMachine.1.0, Quarantined, [8e9ff0724f4a69cdbab5901e31d1fb05], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebMachine, Quarantined, [8e9ff0724f4a69cdbab5901e31d1fb05], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebMachine, Quarantined, [8e9ff0724f4a69cdbab5901e31d1fb05], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.Update3WebMachine, Quarantined, [8e9ff0724f4a69cdbab5901e31d1fb05], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebMachine.1.0, Quarantined, [8e9ff0724f4a69cdbab5901e31d1fb05], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdateUpdate.Update3WebMachine.1.0, Quarantined, [8e9ff0724f4a69cdbab5901e31d1fb05], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}, Quarantined, [8e9ff0724f4a69cdbab5901e31d1fb05], 
PUP.Optional.Elex, HKLM\SOFTWARE\CLASSES\TYPELIB\{8DD92279-9B04-4C6F-A862-EF3C24603804}, Quarantined, [f03dea78e3b6f3430a07bac1a062bd43], 
PUP.Optional.Elex, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{8DD92279-9B04-4C6F-A862-EF3C24603804}, Quarantined, [f03dea78e3b6f3430a07bac1a062bd43], 
PUP.Optional.Elex, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{8DD92279-9B04-4C6F-A862-EF3C24603804}, Quarantined, [f03dea78e3b6f3430a07bac1a062bd43], 
PUP.Optional.StormWarnings, HKLM\SOFTWARE\CLASSES\APPID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}, Quarantined, [a38ac49e2c6d1323f6643dccee16768a], 
PUP.Optional.StormWarnings, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}, Quarantined, [5ad36af80a8f75c11d3da762937143bd], 
PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\4832D1BACA6156C53A74A472BE8678EAAABC8CBE, Quarantined, [2c01ed754a4fe84ef257362cde26e818], 
PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\A7BD54B233B5B2F70AF86F5BD1A0C0A772A59FC6, Quarantined, [a687b5ad7a1fb97d506708f2bf43aa56], 
PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\D830B6B8939ACB4928401060203BB648456BB4F8, Quarantined, [d65759091d7cc5714d6b39c19270e51b], 
PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\F53E693DDABF57A88A9B12B608B09B26C0608B74, Quarantined, [64c9342e9efb95a1398026d41de526da], 
PUP.Optional.MintCast, HKLM\SOFTWARE\MICROSOFT\TRACING\hwopt16022016143723_RASAPI32, Quarantined, [2c01a4be445556e09603fafb0ef41ae6], 
PUP.Optional.MintCast, HKLM\SOFTWARE\MICROSOFT\TRACING\hwopt16022016143723_RASMANCS, Quarantined, [8aa361012f6a5fd78713b2439d6558a8], 
PUP.Optional.MintCast, HKLM\SOFTWARE\MICROSOFT\TRACING\hwopt16022016143723_updater_service_RASAPI32, Quarantined, [5fce81e18019e155871239bca45e758b], 
PUP.Optional.MintCast, HKLM\SOFTWARE\MICROSOFT\TRACING\hwopt16022016143723_updater_service_RASMANCS, Quarantined, [b6774f13eaaf0531f7a3af4635cdd22e], 
PUP.Optional.StormWatch, HKLM\SOFTWARE\MICROSOFT\TRACING\StormWatch_RASAPI32, Quarantined, [1b12a9b9e7b2e551f47644c56f9554ac], 
PUP.Optional.StormWatch, HKLM\SOFTWARE\MICROSOFT\TRACING\StormWatch_RASMANCS, Quarantined, [71bc86dcafeae254f57512f78e7648b8], 
PUP.Optional.Cinema, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.9cV02.05, Quarantined, [bf6ec69c712839fd8527bf1b0cf7fc04], 
PUP.Optional.Cinema, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.9cV02.05-nv, Quarantined, [b77675ed7c1d3afc2884f6e45aa9b050], 
PUP.Optional.Elex, HKLM\SOFTWARE\WOW6432NODE\ihpmserver, Quarantined, [2c0162006930cf67fdf863b88b79fd03], 
PUP.Optional.MySites123.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\mysites123Software, Quarantined, [e24b92d0d9c049ed76b651aab84aef11], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\WOW6432NODE\SweetIM, Quarantined, [f934c79b2f6a52e41e5ea466c53fe31d], 
PUP.Optional.SuperOptimizer, HKLM\SOFTWARE\WOW6432NODE\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [59d4560c6a2f191dcf21a2670301728e], 
PUP.Optional.SuperOptimizer, HKLM\SOFTWARE\WOW6432NODE\{6791A2F3-FC80-475C-A002-C014AF797E9C}, Quarantined, [9e8ffb6721780a2cfaf790797f85f60a], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [be6f3d25b0e9d1655f6620c1eb1817e9], 
PUP.Optional.StormWarnings, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}, Quarantined, [929b2d35e9b0b08608529d6ca65e4fb1], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE\Clients, Quarantined, [44e984def9a0e94d9aa411d9b64dfc04], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, Quarantined, [2508d2908d0cbb7bff3bae24808312ee], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\4832D1BACA6156C53A74A472BE8678EAAABC8CBE, Quarantined, [b9744b17fb9e94a281c86ff3c044966a], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\A7BD54B233B5B2F70AF86F5BD1A0C0A772A59FC6, Quarantined, [ec41154d8a0fa4924c6b7288fb07738d], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\D830B6B8939ACB4928401060203BB648456BB4F8, Quarantined, [87a6b7ab920760d66652a75327db1be5], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\F53E693DDABF57A88A9B12B608B09B26C0608B74, Quarantined, [2508db873a5fe94dbaff1ae0a85a2ed2], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [0924461ca3f61026d171f7f3ec17817f], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [220b3230e7b29b9b4ff247a3ec17ea16], 
PUP.Optional.Elex, HKLM\SOFTWARE\WOW6432NODE\RAYDLD, Quarantined, [b776471bc9d0d264174e629c40c27789], 
PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATPopups, Quarantined, [0726c39fc7d23501c9576aa460a42ad6], 
PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATUpdaters, Quarantined, [d35a2a38d3c6ef478f91d03e956f32ce], 
PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\Google Analytics Package, Quarantined, [8e9f342efc9db18564bec94562a2d12f], 
PUP.Optional.MintCast, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\hwopt16022016143723, Quarantined, [82abb0b25c3ddd59108bc82dd9295ca4], 
PUP.Optional.SuperOptimizer, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [eb4279e959401f17f7f543c649bbb64a], 
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-18\SOFTWARE\{12DDF6F8-5BB4-4C46-8237-34A6C589173E}, Quarantined, [0f1e59095f3ae74f7fae22afe41f9967], 
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-19\SOFTWARE\{12DDF6F8-5BB4-4C46-8237-34A6C589173E}, Quarantined, [002d6bf7dbbe280e2d001eb3fb08629e], 
PUP.Optional.SuperOptimizer, HKU\S-1-5-20\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [4be23e245a3fb3832ac202073aca659b], 
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-20\SOFTWARE\{12DDF6F8-5BB4-4C46-8237-34A6C589173E}, Quarantined, [1f0eb2b01f7abb7b70bd14bd6f9416ea], 
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-21-3199717442-3386205327-3011415108-1002\SOFTWARE\{12DDF6F8-5BB4-4C46-8237-34A6C589173E}, Quarantined, [9598fc662a6fde587eaf28a97c8718e8], 
PUP.Optional.Cinema, HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\SOFTWARE\CinemaP-1.9cV02.05-nv, Quarantined, [53da6cf6f7a2d75f21820ad0bf4401ff], 
PUP.Optional.StormWatchApp, HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\SOFTWARE\StormWatchApp, Quarantined, [65c8a9b9f1a89e98fc74010849bbf60a], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [83aa87db14850f275e42518f689bc63a], 
PUP.Optional.TrailerTime, HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\SOFTWARE\APPDATALOW\SOFTWARE\TrailerTime, Quarantined, [d25b73ef1a7f0f2712b363f67c8814ec], 
PUP.Optional.GlobalUpdate, HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, Quarantined, [3bf2c999a5f43303e35acb1f0ef525db], 
PUP.Optional.OutBrowse, HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\SOFTWARE\OB, Quarantined, [31fc2b3733660234002fa358956e1ce4], 
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\SOFTWARE\{12DDF6F8-5BB4-4C46-8237-34A6C589173E}, Quarantined, [210cc39f722766d07fae6a670df6728e], 
 
Registry Values: 12
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [2508d2908d0cbb7bff3bae24808312ee]
PUP.Optional.Elex, HKLM\SOFTWARE\WOW6432NODE\RAYDLD|dir, C:\Program Files (x86)\RayDld, Quarantined, [b776471bc9d0d264174e629c40c27789]
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-18\SOFTWARE\{12DDF6F8-5BB4-4C46-8237-34A6C589173E}|Name, C:\Program Files\groover160220160532\Meafmi.exe, Quarantined, [0f1e59095f3ae74f7fae22afe41f9967]
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-19\SOFTWARE\{12DDF6F8-5BB4-4C46-8237-34A6C589173E}|Name, C:\Program Files\groover160220160532\Meafmi.exe, Quarantined, [002d6bf7dbbe280e2d001eb3fb08629e]
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-20\SOFTWARE\{12DDF6F8-5BB4-4C46-8237-34A6C589173E}|Name, C:\Program Files\groover160220160532\Meafmi.exe, Quarantined, [1f0eb2b01f7abb7b70bd14bd6f9416ea]
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-21-3199717442-3386205327-3011415108-1002\SOFTWARE\{12DDF6F8-5BB4-4C46-8237-34A6C589173E}|Name, C:\Program Files\groover160220160532\Meafmi.exe, Quarantined, [9598fc662a6fde587eaf28a97c8718e8]
PUP.Optional.GlobalUpdate, HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, IE, Quarantined, [3bf2c999a5f43303e35acb1f0ef525db]
PUP.Optional.OutBrowse, HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\SOFTWARE\OB|monitype19, 3/25/15 17:25:36, Quarantined, [31fc2b3733660234002fa358956e1ce4]
PUP.Optional.OutBrowse, HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\SOFTWARE\OB|monitype20, 3/25/15 17:25:36, Quarantined, [bb728ad8980190a62d029a6132d12fd1]
PUP.Optional.OutBrowse, HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\SOFTWARE\OB|monitype38, 3/25/15 17:25:36, Quarantined, [3df088da4d4c092dfa3599625aa9847c]
PUP.Optional.OutBrowse, HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\SOFTWARE\OB|monitype12, 3/25/15 17:26:31, Quarantined, [08257ce6ecad65d10c23f00b58ab3bc5]
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-21-3199717442-3386205327-3011415108-1008\SOFTWARE\{12DDF6F8-5BB4-4C46-8237-34A6C589173E}|Name, C:\Program Files\groover160220160532\Meafmi.exe, Quarantined, [210cc39f722766d07fae6a670df6728e]
 
Registry Data: 2
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[9598e87a9405f2445aea2ac51ce8bd43]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{ABBCF719-9030-4214-A6FC-26F124D73A6F}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[ab82c79b9504a78f97ad846b35cf02fe]
 
Folders: 11
PUP.Optional.GlobalUpdate, C:\Program Files (x86)\globalUpdate\Update, Quarantined, [b578fa683663e94dba15cff5f111b050], 
PUP.Optional.GlobalUpdate, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, Quarantined, [b578fa683663e94dba15cff5f111b050], 
PUP.Optional.GlobalUpdate, C:\Program Files (x86)\globalUpdate\Update\Download, Quarantined, [b578fa683663e94dba15cff5f111b050], 
PUP.Optional.GlobalUpdate, C:\Program Files (x86)\globalUpdate\Update\Install, Quarantined, [b578fa683663e94dba15cff5f111b050], 
PUP.Optional.GlobalUpdate, C:\Program Files (x86)\globalUpdate\Update\Offline, Quarantined, [b578fa683663e94dba15cff5f111b050], 
PUP.Optional.GlobalUpdate, C:\Program Files (x86)\globalUpdate\Update\Offline\{2D20721A-49E2-4C5C-AE16-19959A8CB776}, Quarantined, [b578fa683663e94dba15cff5f111b050], 
PUP.Optional.StormWatch, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\StormWatch, Quarantined, [7ab39dc52277d264699cfcec13ef728e], 
PUP.Optional.TweakBit, C:\ProgramData\TweakBit\FixMyPC, Quarantined, [f03d4121b5e479bded0f2abf0ef4f10f], 
PUP.Optional.TweakBit, C:\ProgramData\TweakBit\FixMyPC\1.x, Quarantined, [f03d4121b5e479bded0f2abf0ef4f10f], 
PUP.Optional.TweakBit, C:\ProgramData\TweakBit\FixMyPC\1.x\Logs, Quarantined, [f03d4121b5e479bded0f2abf0ef4f10f], 
PUP.Optional.TweakBit, C:\ProgramData\TweakBit\FixMyPC\1.x\Queue, Quarantined, [f03d4121b5e479bded0f2abf0ef4f10f], 
 
Files: 12
Trojan.SathurBot, C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll, Delete-on-Reboot, [be6f2939c8d10c2a15b6911ec0426f91], 
Trojan.SathurBot, C:\ProgramData\Microsoft\Security\Client\SecurityHelper.dll, Delete-on-Reboot, [db521949b8e149ed505a01ee30d16a96], 
PUP.Optional.TweakBit, C:\Users\Dad D\Downloads\fix-my-pc-setup (1).exe, Quarantined, [be6fd191f2a711252ed401080afb6e92], 
PUP.Optional.TweakBit, C:\Users\Dad D\Downloads\fix-my-pc-setup.exe, Quarantined, [fb3286dc405956e0dc26a960d1347987], 
PUP.Optional.GlobalUpdate, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, Quarantined, [b578fa683663e94dba15cff5f111b050], 
PUP.Optional.StormWatch, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\StormWatch\StormWatchSrv.dat, Quarantined, [7ab39dc52277d264699cfcec13ef728e], 
PUP.Optional.TweakBit, C:\ProgramData\TweakBit\FixMyPC\1.x\StatDB.json, Quarantined, [f03d4121b5e479bded0f2abf0ef4f10f], 
PUP.Optional.TweakBit, C:\ProgramData\TweakBit\FixMyPC\1.x\Unfixed.err, Quarantined, [f03d4121b5e479bded0f2abf0ef4f10f], 
PUP.Optional.TweakBit, C:\ProgramData\TweakBit\FixMyPC\1.x\Logs\CheckSerialNumber.log, Quarantined, [f03d4121b5e479bded0f2abf0ef4f10f], 
PUP.Optional.TweakBit, C:\ProgramData\TweakBit\FixMyPC\1.x\Logs\FixMyPC.log, Quarantined, [f03d4121b5e479bded0f2abf0ef4f10f], 
PUP.Optional.TweakBit, C:\ProgramData\TweakBit\FixMyPC\1.x\Logs\FixMyPCLogic.log, Quarantined, [f03d4121b5e479bded0f2abf0ef4f10f], 
PUP.Optional.TweakBit, C:\ProgramData\TweakBit\FixMyPC\1.x\Queue\Queue-Report.rpq, Quarantined, [f03d4121b5e479bded0f2abf0ef4f10f], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello,

Better run Combofix with so much being found,

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer


Please post the Log from Combofix
  • 0

#8
chrisdee

chrisdee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ComboFix 16-02-15.01 - Dad D 19/02/2016  11:48:55.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.8190.6285 [GMT 11:00]
Running from: c:\users\Dad D\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
FW: Kaspersky Internet Security *Disabled* {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
SP: Kaspersky Internet Security *Disabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\windows\msdownld.tmp
c:\windows\PFRO.log
c:\windows\SysWow64\DEBUG.log
.
.
(((((((((((((((((((((((((   Files Created from 2016-01-19 to 2016-02-19  )))))))))))))))))))))))))))))))
.
.
2016-02-19 00:55 . 2016-02-19 00:55 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2016-02-19 00:55 . 2016-02-19 00:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-02-19 00:55 . 2016-02-19 00:55 -------- d-----w- c:\users\Admin\AppData\Local\temp
2016-02-19 00:16 . 2016-02-19 00:22 -------- d-----w- C:\AdwCleaner
2016-02-19 00:01 . 2016-02-19 00:23 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-19 00:01 . 2016-02-19 00:01 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-02-19 00:01 . 2016-02-19 00:01 -------- d-----w- c:\programdata\Malwarebytes
2016-02-19 00:01 . 2015-10-04 22:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-02-19 00:01 . 2015-10-04 22:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-02-19 00:01 . 2015-10-04 22:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-02-18 02:04 . 2016-02-18 23:56 -------- d-----w- C:\FRST
2016-02-18 00:26 . 2016-02-18 00:26 -------- d-----w- c:\program files\CPUID
2016-02-17 03:53 . 2016-02-17 03:54 1648 ----a-w- c:\windows\SysWow64\apply.reg
2016-02-17 02:15 . 2016-02-17 02:15 -------- d-----w- c:\programdata\GridinSoft
2016-02-16 04:48 . 2016-02-16 04:48 -------- d-----w- c:\program files (x86)\Firewatch
2016-02-16 04:35 . 2016-02-17 02:02 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2016-02-16 04:25 . 2016-02-16 04:36 -------- d-----w- c:\program files (x86)\SlySoft
2016-02-16 04:25 . 2016-02-16 04:25 -------- d-----w- c:\programdata\SlySoft
2016-02-16 03:38 . 2016-02-16 03:39 -------- d-----w- c:\users\Dad D\AppData\Local\Tempfolder
2016-02-16 03:37 . 2016-02-16 03:37 -------- d-----w- c:\users\Dad D\AppData\Roaming\DAEMON Tools Lite
2016-02-16 03:36 . 2016-02-16 03:36 -------- d-----w- c:\programdata\DAEMON Tools Lite
2016-02-14 00:04 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7AA9A5BD-08D2-42FA-81FD-92B031371089}\mpengine.dll
2016-02-11 01:38 . 2016-01-22 06:29 6052352 ----a-w- c:\windows\system32\jscript9.dll
2016-02-11 01:17 . 2016-01-06 19:06 169984 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\rtscom.dll
2016-02-11 01:16 . 2016-01-07 17:42 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-16 03:41 . 2012-07-04 05:39 357888 ----a-w- c:\windows\system32\dnsapi.dll
2016-02-11 10:04 . 2012-07-04 05:49 146614896 ----a-w- c:\windows\system32\MRT.exe
2016-01-22 05:59 . 2016-02-11 01:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-01-17 22:01 . 2015-11-18 00:17 2444576 ------w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-12-09 11:39 . 2015-12-09 11:39 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2015-12-08 21:54 . 2016-01-12 23:04 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2015-12-08 21:54 . 2016-01-12 23:04 902144 ----a-w- c:\windows\SysWow64\WMADMOD.DLL
2015-12-08 21:54 . 2016-01-12 23:04 815616 ----a-w- c:\windows\SysWow64\WMADMOE.DLL
2015-12-08 21:54 . 2016-01-12 23:04 739328 ----a-w- c:\windows\SysWow64\WMSPDMOD.DLL
2015-12-08 21:54 . 2016-01-12 23:04 541184 ----a-w- c:\windows\SysWow64\WMVSDECD.DLL
2015-12-08 21:54 . 2016-01-12 23:04 740352 ----a-w- c:\windows\SysWow64\wmpmde.dll
2015-12-08 21:54 . 2016-01-12 23:04 665088 ----a-w- c:\windows\SysWow64\WMVXENCD.DLL
2015-12-08 21:54 . 2016-01-12 23:04 358400 ----a-w- c:\windows\SysWow64\WMVSENCD.DLL
2015-12-08 21:54 . 2016-01-12 23:04 1568768 ----a-w- c:\windows\SysWow64\WMVENCOD.DLL
2015-12-08 21:54 . 2016-01-12 23:04 1325056 ----a-w- c:\windows\SysWow64\WMSPDMOE.DLL
2015-12-08 21:54 . 2016-01-12 23:04 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2015-12-08 21:54 . 2016-01-12 23:04 154112 ----a-w- c:\windows\SysWow64\VIDRESZR.DLL
2015-12-08 21:53 . 2016-01-12 23:04 206848 ----a-w- c:\windows\SysWow64\RESAMPLEDMO.DLL
2015-12-08 21:53 . 2016-01-12 23:04 509952 ----a-w- c:\windows\SysWow64\qedit.dll
2015-12-08 21:53 . 2016-01-12 23:04 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2015-12-08 21:53 . 2016-01-12 23:04 206848 ----a-w- c:\windows\SysWow64\qasf.dll
2015-12-08 21:53 . 2016-01-12 23:04 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
2015-12-08 21:53 . 2016-01-12 23:04 970240 ----a-w- c:\windows\SysWow64\msmpeg2adec.dll
2015-12-08 21:53 . 2016-01-12 23:04 829952 ----a-w- c:\windows\SysWow64\MSMPEG2ENC.DLL
2015-12-08 21:53 . 2016-01-12 23:04 241152 ----a-w- c:\windows\SysWow64\MPG4DECD.DLL
2015-12-08 21:53 . 2016-01-12 23:04 79872 ----a-w- c:\windows\SysWow64\MP3DMOD.DLL
2015-12-08 21:53 . 2016-01-12 23:04 415744 ----a-w- c:\windows\SysWow64\MP4SDECD.DLL
2015-12-08 21:53 . 2016-01-12 23:04 241152 ----a-w- c:\windows\SysWow64\MP43DECD.DLL
2015-12-08 21:53 . 2016-01-12 23:04 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2015-12-08 21:53 . 2016-01-12 23:04 609280 ----a-w- c:\windows\SysWow64\MFWMAAEC.DLL
2015-12-08 21:53 . 2016-01-12 23:04 53248 ----a-w- c:\windows\SysWow64\mfvdsp.dll
2015-12-08 21:53 . 2016-01-12 23:04 4608 ----a-w- c:\windows\SysWow64\ksuser.dll
2015-12-08 21:53 . 2016-01-12 23:04 354816 ----a-w- c:\windows\SysWow64\mfplat.dll
2015-12-08 21:53 . 2016-01-12 23:04 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2015-12-08 21:53 . 2016-01-12 23:04 489984 ----a-w- c:\windows\SysWow64\evr.dll
2015-12-08 21:53 . 2016-01-12 23:04 67584 ----a-w- c:\windows\SysWow64\devenum.dll
2015-12-08 21:53 . 2016-01-12 23:04 153600 ----a-w- c:\windows\SysWow64\COLORCNV.DLL
2015-12-08 21:53 . 2016-01-12 23:04 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2015-12-08 21:53 . 2016-01-12 23:04 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2015-12-08 21:53 . 2016-01-12 23:04 193536 ----a-w- c:\windows\SysWow64\ksproxy.ax
2015-12-08 21:52 . 2016-01-12 23:03 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-12-08 21:50 . 2016-01-12 23:04 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2015-12-08 19:07 . 2016-01-12 23:04 978944 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2015-12-08 19:07 . 2016-01-12 23:04 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-12-08 19:07 . 2016-01-12 23:04 1232896 ----a-w- c:\windows\system32\WMADMOD.DLL
2015-12-08 19:07 . 2016-01-12 23:04 666112 ----a-w- c:\windows\system32\WMVSDECD.DLL
2015-12-08 19:07 . 2016-01-12 23:04 1153024 ----a-w- c:\windows\system32\WMADMOE.DLL
2015-12-08 19:07 . 2016-01-12 23:04 1026048 ----a-w- c:\windows\system32\wmpmde.dll
2015-12-08 19:07 . 2016-01-12 23:04 642048 ----a-w- c:\windows\system32\WMVXENCD.DLL
2015-12-08 19:07 . 2016-01-12 23:04 447488 ----a-w- c:\windows\system32\WMVSENCD.DLL
2015-12-08 19:07 . 2016-01-12 23:04 1955328 ----a-w- c:\windows\system32\WMVENCOD.DLL
2015-12-08 19:07 . 2016-01-12 23:04 1575424 ----a-w- c:\windows\system32\WMSPDMOE.DLL
2015-12-08 19:07 . 2016-01-12 23:04 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-12-08 19:07 . 2016-01-12 23:04 292352 ----a-w- c:\windows\system32\VIDRESZR.DLL
2015-12-08 19:07 . 2016-01-12 23:04 225792 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL
2015-12-08 19:07 . 2016-01-12 23:04 624640 ----a-w- c:\windows\system32\qedit.dll
2015-12-08 19:07 . 2016-01-12 23:04 1573888 ----a-w- c:\windows\system32\quartz.dll
2015-12-08 19:07 . 2016-01-12 23:04 371712 ----a-w- c:\windows\system32\qdvd.dll
2015-12-08 19:07 . 2016-01-12 23:04 254464 ----a-w- c:\windows\system32\qasf.dll
2015-12-08 19:07 . 2016-01-12 23:04 1307136 ----a-w- c:\windows\system32\msmpeg2adec.dll
2015-12-08 19:07 . 2016-01-12 23:04 1160192 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL
2015-12-08 19:07 . 2016-01-12 23:04 4121600 ----a-w- c:\windows\system32\mf.dll
2015-12-08 19:07 . 2016-01-12 23:04 1010688 ----a-w- c:\windows\system32\mcmde.dll
2015-12-08 19:07 . 2016-01-12 23:04 70144 ----a-w- c:\windows\system32\mfvdsp.dll
2015-12-08 19:07 . 2016-01-12 23:04 653824 ----a-w- c:\windows\system32\MP4SDECD.DLL
2015-12-08 19:07 . 2016-01-12 23:04 484864 ----a-w- c:\windows\system32\MFWMAAEC.DLL
2015-12-08 19:07 . 2016-01-12 23:04 432128 ----a-w- c:\windows\system32\mfplat.dll
2015-12-08 19:07 . 2016-01-12 23:04 224768 ----a-w- c:\windows\system32\MPG4DECD.DLL
2015-12-08 19:07 . 2016-01-12 23:04 223744 ----a-w- c:\windows\system32\MP43DECD.DLL
2015-12-08 19:07 . 2016-01-12 23:04 206848 ----a-w- c:\windows\system32\mfps.dll
2015-12-08 19:07 . 2016-01-12 23:04 100864 ----a-w- c:\windows\system32\MP3DMOD.DLL
2015-12-08 19:07 . 2016-01-12 23:04 5120 ----a-w- c:\windows\system32\ksuser.dll
2015-12-08 19:07 . 2016-01-12 23:04 632320 ----a-w- c:\windows\system32\evr.dll
2015-12-08 19:07 . 2016-01-12 23:03 405504 ----a-w- c:\windows\system32\gdi32.dll
2015-12-08 19:07 . 2016-01-12 23:04 76288 ----a-w- c:\windows\system32\devenum.dll
2015-12-08 19:07 . 2016-01-12 23:04 189952 ----a-w- c:\windows\system32\COLORCNV.DLL
2015-12-08 19:07 . 2016-01-12 23:04 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2015-12-08 19:06 . 2016-01-12 23:04 24576 ----a-w- c:\windows\system32\mfpmp.exe
2015-12-08 19:06 . 2016-01-12 23:04 250880 ----a-w- c:\windows\system32\ksproxy.ax
2015-12-08 19:04 . 2016-01-12 23:04 2048 ----a-w- c:\windows\system32\mferror.dll
2015-12-08 18:54 . 2016-01-12 23:04 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-12-08 18:12 . 2016-01-12 23:04 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2015-12-08 18:11 . 2016-01-12 23:04 5632 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2015-12-02 02:18 . 2010-11-21 03:27 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-12-01 08:34 . 2015-11-16 06:51 940928 ----a-w- c:\windows\system32\drivers\klif.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-07-04 2472048]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2015-04-28 311616]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
c:\users\Dad D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2015-10-13 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3706235283-1535132436-712934397-1241\Scripts\Logoff\0\0]
"Script"=ae_scan.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3706235283-1535132436-712934397-1241\Scripts\Logon\0\0]
"Script"=logon.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3706235283-1535132436-712934397-500\Scripts\Logoff\0\0]
"Script"=ae_scan.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3706235283-1535132436-712934397-500\Scripts\Logon\0\0]
"Script"=logon.vbs
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.Sys;c:\windows\SYSNATIVE\drivers\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.Sys;c:\windows\SYSNATIVE\drivers\LHidEqd.Sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam C210(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\drivers\point64.sys;c:\windows\SYSNATIVE\drivers\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vssbrigde64;vssbrigde64;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 cm_km;Kaspersky Lab ZAO Cryptographic Module x64 (Weak);c:\windows\system32\DRIVERS\cm_km.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km.sys [x]
S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupdisk.sys [x]
S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupflt.sys [x]
S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AVP16.0.0;Kaspersky Anti-Virus Service 16.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-18 23:37 1088664 ----a-w- c:\program files (x86)\Google\Chrome\Application\48.0.2564.116\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-12-18 15:42 286904 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-06 04:52]
.
2015-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23 04:13]
.
2016-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0e46c9198cde3.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23 04:13]
.
2015-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23 04:13]
.
2016-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0e46c91b55e67.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23 04:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-03-20 1797064]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.theage.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
TCP: DhcpNameServer = 198.142.0.51 211.29.132.12 198.142.235.14
FF - ProfilePath - 
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} - (no file)
AddRemove-BitLord - c:\program files (x86)\BitLord\Bitlord-uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3199717442-3386205327-3011415108-1008_Classes\Wow6432Node\CLSID]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-02-19  12:05:03
ComboFix-quarantined-files.txt  2016-02-19 01:05
.
Pre-Run: 104,221,638,656 bytes free
Post-Run: 104,605,298,688 bytes free
.
- - End Of File - - C305F529AA3DCF44655B3D6DF8375EFA
A36C5E4F47E84449FF07ED3517B43A31

  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Next

Download zoek.exe to your Desktop: http://hijackthis.nl/smeenk/
Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe.
  • on Windows Vista, 7, 8 and 10 right-click Zoek.exe and select: Run as Administrator give it a few seconds to appear.
  • copy/paste the entire script inside the codebox below into the input field of Zoek:
    autoclean;
    emptyalltemp;
    emptyclsid;
  • close any open programs.
  • click the Run script button, and wait. It takes a few minutes to run.
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
  • if a reboot is needed, the log will be opened after the reboot.

    Next

    Better reset browsers again, see below;
    http://www.howtogeek...fault-settings/

    Next :This scan may take a long time, when you're done at the computer tonite start the scan.
    ESET Online Scanner
    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
    • Please go >>HERE<< then click on: ESET1st.jpg
      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on: EOLS3.gif
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
    • Copy and paste that log as a reply to this topic.
    • Now click on: EOLS4.gif
      (Selecting Uninstall application on close if you so wish)
  • NOTE: In some instances if no malware is found there will be no log produced.



  • 0

#10
chrisdee

chrisdee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Dad D on Fri 19/02/2016 at 12:16:32.49.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Dad D\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

19/02/2016 12:17:17 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AppName deleted successfully
C:\PROGRA~2\Elaborate Bytes deleted successfully
C:\PROGRA~2\SlySoft deleted successfully
C:\PROGRA~2\VideoLAN deleted successfully
C:\Program Files\Google deleted successfully
C:\Users\Dad D\AppData\Roaming\DAEMON Tools Lite deleted successfully
C:\Users\Dad D\AppData\Roaming\EncryptStick deleted successfully
C:\Users\Dad D\AppData\Roaming\uTorrent deleted successfully
C:\Users\Admin\AppData\Local\VirtualStore deleted successfully
C:\Users\Dad D\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Dad D\AppData\Local\EmieSiteList deleted successfully
C:\Users\Dad D\AppData\Local\EmieUserList deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\AppName not found
C:\PROGRA~2\Elaborate Bytes not found
C:\PROGRA~2\SlySoft not found
C:\PROGRA~2\VideoLAN not found
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox" [01/12/2015 07:34 PM]

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eahebamiopdhefndnmappcihfajigkka - https://chrome.googl...mappcihfajigkka[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[12/10/2015 09:31 AM]

Skype - Dad D\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.theage.com.au/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.theage.com.au/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.co...?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...Box&FORM=IE8SRC

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dad D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dad D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Dad D\AppData\Local\Google\Chrome\User Data\Profile 3\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4 folders=3 2842 bytes)

==== Empty Temp Folders ======================

C:\Users\Admin\AppData\Local\temp emptied successfully
C:\Users\Dad D\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\mshaban\AppData\Local\temp emptied successfully
C:\Users\peter\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\DADD~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on Fri 19/02/2016 at 12:38:23.72 ======================

 

The ESET scan didn't produce a log but it did compile this list of threats.

 

C:\AdwCleaner\Quarantine\C\Windows\SysNative\LavasoftTcpService64.dll.vir a variant of Win64/Packed.Komodia.A suspicious application
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\lavasofttcpservice.dll.vir a variant of Win32/Packed.Komodia.A suspicious application
C:\FRST\Quarantine\C\Program Files (x86)\RayDld\ihpmServer.exe a variant of Win32/ELEX.FZ potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\RayDld\Raydld.exe a variant of Win32/ELEX.GJ potentially unwanted application
C:\FRST\Quarantine\C\Users\Dad D\AppData\Local\TrailerTime\Cache\1eae0b41bb45170d_0 HTML/Refresh.BC trojan
C:\FRST\Quarantine\C\Users\Dad D\AppData\Local\TrailerTime\Cache\790b8fb91b552803_0 HTML/FakeAlert.BK trojan
C:\ProgramData\Microsoft\Security\Client\SecurityCache\31638e7c368ed8fe588ee98852621b94 a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\5e75f71a9582a18eb95abf5b0d3401ba a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\a6067fb5b9f79ffe3462e8490458020c a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\047cb87f7732f4bdc021d818be1deaf9\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\09d0c175d10c95b656c22afca935b0ff\Appnimi ZIP Password Unlocker.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\11e6f018c99bb34ec7f93e781450feaa\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\1a893054ad30d839c2b92976d07801f7\Multilizer PDF Translator.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\1bed3be69dd61893beaa25bbaeb87933\PDFIn PDF to DWG Converter.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\26f0bf3b0271f5cd4dd21bdc08b78b6b\AVG Internet Security.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\2d0ef40ca9e4d12e528b1a094368dc03\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\3c018748181a5fc2b42c8c274df8f887\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\409c81a9f0f15534feaae83e86165539\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\43407641eaccce3ac6071da523dd528e\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\51b0f66e096545a577181dcb1356024b\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\56544066001d76a0686b18bd18486d50\Windows 8.1 Loader.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\5cb70b94b9feca71c1a65619f291bdcd\Windows XP Embedded with SP2.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\5d602d76803e396bf43bf040c38ca8ec\Xara Designer Pro X.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\6480e87d46182e1be7125b381ac8130d\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\77031d30cb8704f8ff98af23c708443c\PC Doc Pro (formerly PC Doctor Pro).exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\8e29e0475ff3eaf3172fef9096954b60\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\9a79233c53d2aca2cb5b8d840c8a760b\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\ab0f0dad7271c9f1b8ae0144b4fc0cd6\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\b895dc68d961236f28fcf2eedaf37325\Arial Audio Converter.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\b9aea6e6cdec73bd22fa453dfac04fc0\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\bc0b5b2f295efee5ab1ffc88aa3752b5\Recovery Toolbox for Excel.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\be2e1ba155abd68be0d6270488058299\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\be4e1c2fb2151b56e5a518d8d5bb8cde\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\c6d2996a148ee164ef0b722069be80d3\[email protected] Boot Disk.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\c8546c2f8f5c499356d4c2f9866d6b45\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\dbc07056776bbda3722282e649b46702\Xpadder.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\dd94dac8e44f996ab28ff33b71df1c04\Xilisoft Audio Converter.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\eb453aacb4110db34f6b5b55b3f1f872\Allok MPEG4 Converter.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\f395e1e8914e6cd2ea3e9ceb9b719f71\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\ProgramData\Microsoft\Security\Client\SecurityCache\data\ff15b77949fade12f15529bb6e8249a0\StationPlaylist Studio.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\31638e7c368ed8fe588ee98852621b94 a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\5e75f71a9582a18eb95abf5b0d3401ba a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\a6067fb5b9f79ffe3462e8490458020c a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\047cb87f7732f4bdc021d818be1deaf9\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\09d0c175d10c95b656c22afca935b0ff\Appnimi ZIP Password Unlocker.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\11e6f018c99bb34ec7f93e781450feaa\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\1a893054ad30d839c2b92976d07801f7\Multilizer PDF Translator.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\1bed3be69dd61893beaa25bbaeb87933\PDFIn PDF to DWG Converter.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\26f0bf3b0271f5cd4dd21bdc08b78b6b\AVG Internet Security.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\2d0ef40ca9e4d12e528b1a094368dc03\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\3c018748181a5fc2b42c8c274df8f887\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\409c81a9f0f15534feaae83e86165539\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\43407641eaccce3ac6071da523dd528e\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\51b0f66e096545a577181dcb1356024b\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\56544066001d76a0686b18bd18486d50\Windows 8.1 Loader.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\5cb70b94b9feca71c1a65619f291bdcd\Windows XP Embedded with SP2.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\5d602d76803e396bf43bf040c38ca8ec\Xara Designer Pro X.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\6480e87d46182e1be7125b381ac8130d\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\77031d30cb8704f8ff98af23c708443c\PC Doc Pro (formerly PC Doctor Pro).exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\8e29e0475ff3eaf3172fef9096954b60\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\9a79233c53d2aca2cb5b8d840c8a760b\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\ab0f0dad7271c9f1b8ae0144b4fc0cd6\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\b895dc68d961236f28fcf2eedaf37325\Arial Audio Converter.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\b9aea6e6cdec73bd22fa453dfac04fc0\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\bc0b5b2f295efee5ab1ffc88aa3752b5\Recovery Toolbox for Excel.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\be2e1ba155abd68be0d6270488058299\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\be4e1c2fb2151b56e5a518d8d5bb8cde\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\c6d2996a148ee164ef0b722069be80d3\[email protected] Boot Disk.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\c8546c2f8f5c499356d4c2f9866d6b45\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\dbc07056776bbda3722282e649b46702\Xpadder.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\dd94dac8e44f996ab28ff33b71df1c04\Xilisoft Audio Converter.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\eb453aacb4110db34f6b5b55b3f1f872\Allok MPEG4 Converter.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\f395e1e8914e6cd2ea3e9ceb9b719f71\Lite x264 Codec Pack.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\All Users\Microsoft\Security\Client\SecurityCache\data\ff15b77949fade12f15529bb6e8249a0\StationPlaylist Studio.exe a variant of Win32/Packed.NSISmod.B suspicious application
C:\Users\Dad D\Downloads\avc-free.exe a variant of Win32/OpenCandy.A potentially unsafe application
 


  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello,

How is the computer now ? What browser is causing issues if any ?
  • 0

#12
chrisdee

chrisdee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

The browser issue seems to be resolved. Dare I hope.....?


  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello,

A few things to do and I will leave the topic open a few days.

Download the enclosed =>Attached File  fixlist.txt   86bytes   45 downloads file. Save it in the location FRST64 is. Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.

Next

Uninstall Combofix
  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and paste the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

    Next

    The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
    Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


    Why we need to remove some of our tools:
    Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight. They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

    Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#14
chrisdee

chrisdee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Slight problem, I ran the delfix program before copying the fixlog and it got deleted!

 

# DelFix v1.011 - Logfile created 20/02/2016 at 11:11:18
# Updated 18/08/2015 by Xplode
# Username : Dad D - WSW262
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\Users\Dad D\Desktop\adwcleaner_5.035.exe
Deleted : C:\Users\Dad D\Desktop\Fixlog.txt
Deleted : C:\Users\Dad D\Desktop\FRST64.exe
Deleted : C:\Users\Dad D\Desktop\JRT.txt
Deleted : C:\Users\Dad D\Desktop\zoek-results.log
Deleted : C:\Users\Dad D\Desktop\zoek.exe
Deleted : C:\Users\Dad D\Downloads\JRT.exe
Deleted : HKLM\SOFTWARE\Swearware
 
~ Cleaning system restore ...
 
Deleted : RP #255 [ComboFix created restore point | 02/20/2016 00:10:11]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts

Slight problem, I ran the delfix program before copying the fixlog and it got deleted!


Do it this way

delete files
  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    rd /s /q "C:\ProgramData\Microsoft\Security\"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: batfileicon.gif<--XPvista_bat_icon.png<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP