This topic is locked
I have a system that seems to be running alright, but I know the EU may have gotten roped into one of those "remote support" scams. He called some number and needed a "Cisco level 11 anti-hacking specialist" to remote in, but he's not sure if he ever let the guy in. So I ran a FRST check just to be safe. May I have some help looking at them? I've attached the FRST and Addition logs.
EDIT: By the way, I've already undone the immunization and uninstalled Spybot S&D.
======================================
======================================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-04-2016
Ran by Administrator (administrator) on WINDOWS-J3FVPIM (26-04-2016 12:38:21)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(© 2015 Microsoft Corporation) C:\Users\Administrator\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\948\g2ax_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\948\g2ax_comm_customer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\948\g2ax_system_customer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\948\g2ax_user_customer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\948\g2ax_host_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\948\g2ax_user_medium_customer.exe
(Farbar) C:\Users\Administrator\Desktop\frst.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [3106936 2016-02-01] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\948\g2ax_winlogonx64.dll (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\Run: [BingSvc] => C:\Users\Administrator\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-04] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1477392 2016-04-25] (Lavasoft)
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 4500 series.lnk [2016-04-26]
ShortcutTarget: Monitor Ink Alerts - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9-x64 01 C:\windows\system32\LavasoftTcpService64.dll [425744 2016-04-25] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\windows\system32\LavasoftTcpService64.dll [425744 2016-04-25] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\windows\system32\LavasoftTcpService64.dll [425744 2016-04-25] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\windows\system32\LavasoftTcpService64.dll [425744 2016-04-25] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\windows\system32\LavasoftTcpService64.dll [425744 2016-04-25] (Lavasoft Limited)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9A41BE4A-9FAC-4030-9C3D-D5EA360F81B9}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKU\S-1-5-21-3102950768-1916709398-1516765199-500 -> DefaultScope {9514D0B2-F57E-41D0-B422-751E5B2136C5} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3102950768-1916709398-1516765199-500 -> {6EA2C39B-F705-4703-B5E6-05B81E5DFAFB} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3102950768-1916709398-1516765199-500 -> {9514D0B2-F57E-41D0-B422-751E5B2136C5} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3102950768-1916709398-1516765199-500 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-02-01] (Qihu 360 Software Co., Ltd.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-22] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-02-01] (Qihu 360 Software Co., Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-22] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zw4dlek6.default
FF DefaultSearchEngine: Bing®
FF DefaultSearchEngine.US: Bing®
FF DefaultSearchUrl: hxxp://search.yahoo.com/search?fr=mkg030&p=
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing®
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2GDF&PC=SK2G&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-22] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3102950768-1916709398-1516765199-500: @citrixonline.com/appdetectorplugin -> C:\Users\Administrator\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-04-26] (Citrix Online)
FF Plugin HKU\S-1-5-21-3102950768-1916709398-1516765199-500: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-4bc75dd7e05f4feb\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3102950768-1916709398-1516765199-500: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-4bc75dd7e05f4feb\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3102950768-1916709398-1516765199-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zw4dlek6.default\searchplugins\bing-lavasoft.xml [2016-04-25]
FF Extension: Bing Search - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zw4dlek6.default\Extensions\[email protected] [2016-02-04]
FF Extension: Generous Deal - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zw4dlek6.default\Extensions\{81d89d30-981c-4cc9-8717-ec03edd19746}.xpi [2016-04-25] [not signed]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF Extension: 360 Internet Protection - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2016-02-18]
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR Extension: (Call of Duty Black Ops 3) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkjbkgacgmdjnihnkpnkhadjfpjcaleg [2016-03-19]
CHR HKU\S-1-5-21-3102950768-1916709398-1516765199-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\948\g2ax_service.exe [610528 2016-04-26] (Citrix Systems, Inc.)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-04-25] (Lavasoft Limited)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [907384 2016-02-01] (QIHU 360 SOFTWARE CO. LIMITED)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [17168 2016-04-25] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\ADMINI~1\AppData\Local\Temp\7zS31D1\hpslpsvc64.dll [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137808 2015-12-10] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2016-02-01] (360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [77904 2016-02-01] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2016-02-01] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-05-18] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [368720 2016-02-01] (360.cn)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-12-05] (AVG Technologies)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [181328 2015-12-10] (360.cn)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 xhunter1; \??\C:\windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-26 12:38 - 2016-04-26 12:39 - 00018987 _____ C:\Users\Administrator\Desktop\FRST.txt
2016-04-26 12:36 - 2016-04-26 12:38 - 00000000 ____D C:\FRST
2016-04-26 12:35 - 2016-04-26 11:21 - 02376192 _____ (Farbar) C:\Users\Administrator\Desktop\frst.exe
2016-04-26 12:31 - 2016-04-26 12:31 - 00001584 _____ C:\Users\Administrator\Desktop\GoToAssist Customer.lnk
2016-04-26 12:31 - 2016-04-26 12:31 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2016-04-26 12:31 - 2016-04-26 12:31 - 00000000 ____D C:\Users\Administrator\AppData\Local\Citrix
2016-04-26 12:31 - 2016-04-26 12:31 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-04-25 12:45 - 2016-04-25 12:45 - 00269128 _____ C:\windows\system32\FNTCACHE.DAT
2016-04-25 10:44 - 2016-04-25 10:44 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-25 10:44 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-04-25 10:37 - 2016-04-25 12:52 - 00001399 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-04-25 10:37 - 2016-04-25 12:52 - 00001387 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-04-25 10:37 - 2016-04-25 12:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-04-25 10:37 - 2016-04-25 10:37 - 00058816 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-25 10:37 - 2016-04-25 10:37 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2016-04-25 10:36 - 2016-04-25 12:53 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-04-25 10:36 - 2015-06-16 17:32 - 00020760 _____ (Safer-Networking Ltd.) C:\windows\system32\sdnclean64.exe
2016-04-25 10:35 - 2016-04-25 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-04-25 10:34 - 2016-04-25 10:34 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-04-19 13:22 - 2016-04-26 12:22 - 00001126 _____ C:\Users\Administrator\Desktop\nativelog.txt
2016-04-19 13:22 - 2016-04-19 13:23 - 00000000 ____D C:\Users\Administrator\Desktop\game
2016-04-19 13:22 - 2016-04-19 13:22 - 00000000 ____D C:\Users\Administrator\Desktop\runtime
2016-04-19 12:30 - 2016-04-25 10:31 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TeamViewer
2016-04-19 11:36 - 2016-04-19 12:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn Rescue Applet
2016-04-18 21:42 - 2016-04-18 21:42 - 01247112 _____ (Mojang) C:\Users\Administrator\Desktop\Minecraft (10).exe
2016-04-18 21:42 - 2016-04-18 21:42 - 00000000 ____D C:\Users\Administrator\Downloads\tools
2016-04-18 18:25 - 2016-04-18 18:26 - 02314240 _____ C:\Users\Administrator\Downloads\MinecraftInstaller.msi
2016-04-15 03:09 - 2016-03-31 14:25 - 00394952 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-04-15 03:09 - 2016-03-31 13:41 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-04-15 03:09 - 2016-03-30 19:54 - 25817600 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-04-15 03:09 - 2016-03-30 19:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-04-15 03:09 - 2016-03-30 19:40 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-04-15 03:09 - 2016-03-30 19:31 - 02892800 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-04-15 03:09 - 2016-03-30 19:28 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-04-15 03:09 - 2016-03-30 19:28 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-04-15 03:09 - 2016-03-30 19:27 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-04-15 03:09 - 2016-03-30 19:27 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-04-15 03:09 - 2016-03-30 19:27 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-04-15 03:09 - 2016-03-30 19:25 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-04-15 03:09 - 2016-03-30 19:22 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-04-15 03:09 - 2016-03-30 19:21 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-04-15 03:09 - 2016-03-30 19:19 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-04-15 03:09 - 2016-03-30 19:17 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-04-15 03:09 - 2016-03-30 19:17 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-04-15 03:09 - 2016-03-30 19:17 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-04-15 03:09 - 2016-03-30 19:17 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-04-15 03:09 - 2016-03-30 19:11 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-04-15 03:09 - 2016-03-30 19:08 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-04-15 03:09 - 2016-03-30 19:03 - 20352512 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-04-15 03:09 - 2016-03-30 19:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-04-15 03:09 - 2016-03-30 19:00 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-04-15 03:09 - 2016-03-30 18:59 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-04-15 03:09 - 2016-03-30 18:57 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-04-15 03:09 - 2016-03-30 18:56 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-04-15 03:09 - 2016-03-30 18:55 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-04-15 03:09 - 2016-03-30 18:53 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-04-15 03:09 - 2016-03-30 18:53 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-04-15 03:09 - 2016-03-30 18:52 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-04-15 03:09 - 2016-03-30 18:52 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-04-15 03:09 - 2016-03-30 18:52 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-04-15 03:09 - 2016-03-30 18:52 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-04-15 03:09 - 2016-03-30 18:51 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-04-15 03:09 - 2016-03-30 18:48 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-04-15 03:09 - 2016-03-30 18:48 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-04-15 03:09 - 2016-03-30 18:46 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-04-15 03:09 - 2016-03-30 18:45 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-04-15 03:09 - 2016-03-30 18:45 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-04-15 03:09 - 2016-03-30 18:45 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-04-15 03:09 - 2016-03-30 18:45 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-04-15 03:09 - 2016-03-30 18:43 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-04-15 03:09 - 2016-03-30 18:43 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-04-15 03:09 - 2016-03-30 18:42 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-04-15 03:09 - 2016-03-30 18:42 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-04-15 03:09 - 2016-03-30 18:39 - 15415808 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-04-15 03:09 - 2016-03-30 18:38 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-04-15 03:09 - 2016-03-30 18:34 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-15 03:09 - 2016-03-30 18:33 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-04-15 03:09 - 2016-03-30 18:31 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-04-15 03:09 - 2016-03-30 18:31 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-04-15 03:09 - 2016-03-30 18:30 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-04-15 03:09 - 2016-03-30 18:30 - 02596864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-04-15 03:09 - 2016-03-30 18:30 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-04-15 03:09 - 2016-03-30 18:29 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-04-15 03:09 - 2016-03-30 18:24 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-04-15 03:09 - 2016-03-30 18:23 - 02056192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-04-15 03:09 - 2016-03-30 18:23 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-04-15 03:09 - 2016-03-30 18:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-04-15 03:09 - 2016-03-30 18:21 - 13811712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-04-15 03:09 - 2016-03-30 18:18 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-04-15 03:09 - 2016-03-30 18:06 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-04-15 03:09 - 2016-03-30 18:05 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-04-15 03:09 - 2016-03-30 18:02 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-04-15 03:09 - 2016-03-30 18:00 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-04-13 10:06 - 2016-03-29 12:53 - 03216896 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-04-13 10:06 - 2016-03-17 18:04 - 05551336 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-04-13 10:06 - 2016-03-17 18:04 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-04-13 10:06 - 2016-03-17 18:04 - 00154344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-04-13 10:06 - 2016-03-17 18:04 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-04-13 10:06 - 2016-03-17 18:01 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-04-13 10:06 - 2016-03-17 18:01 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-04-13 10:06 - 2016-03-17 17:58 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-04-13 10:06 - 2016-03-17 17:58 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-04-13 10:06 - 2016-03-17 17:58 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-04-13 10:06 - 2016-03-17 17:58 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-04-13 10:06 - 2016-03-17 17:58 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-04-13 10:06 - 2016-03-17 17:58 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-04-13 10:06 - 2016-03-17 17:58 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-04-13 10:06 - 2016-03-17 17:58 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-04-13 10:06 - 2016-03-17 17:58 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-04-13 10:06 - 2016-03-17 17:58 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-04-13 10:06 - 2016-03-17 17:57 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-04-13 10:06 - 2016-03-17 17:57 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-04-13 10:06 - 2016-03-17 17:57 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-04-13 10:06 - 2016-03-17 17:57 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-04-13 10:06 - 2016-03-17 17:57 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-04-13 10:06 - 2016-03-17 17:56 - 02084864 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-04-13 10:06 - 2016-03-17 17:56 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-04-13 10:06 - 2016-03-17 17:54 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-04-13 10:06 - 2016-03-17 17:54 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-04-13 10:06 - 2016-03-17 17:54 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-04-13 10:06 - 2016-03-17 17:54 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-04-13 10:06 - 2016-03-17 17:53 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-04-13 10:06 - 2016-03-17 17:53 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-04-13 10:06 - 2016-03-17 17:53 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-04-13 10:06 - 2016-03-17 17:53 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:36 - 03998952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-04-13 10:06 - 2016-03-17 17:36 - 03943144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-04-13 10:06 - 2016-03-17 17:33 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-04-13 10:06 - 2016-03-17 17:31 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-04-13 10:06 - 2016-03-17 17:31 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-04-13 10:06 - 2016-03-17 17:31 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-04-13 10:06 - 2016-03-17 17:31 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-04-13 10:06 - 2016-03-17 17:31 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-04-13 10:06 - 2016-03-17 17:30 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-04-13 10:06 - 2016-03-17 17:30 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-04-13 10:06 - 2016-03-17 17:30 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-04-13 10:06 - 2016-03-17 17:29 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-04-13 10:06 - 2016-03-17 17:29 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-04-13 10:06 - 2016-03-17 17:29 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-04-13 10:06 - 2016-03-17 17:28 - 01414144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-04-13 10:06 - 2016-03-17 17:27 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-04-13 10:06 - 2016-03-17 17:27 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-04-13 10:06 - 2016-03-17 17:27 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-04-13 10:06 - 2016-03-17 17:27 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-04-13 10:06 - 2016-03-17 17:26 - 00553984 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-04-13 10:06 - 2016-03-17 17:25 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 16:53 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-04-13 10:06 - 2016-03-17 16:52 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-04-13 10:06 - 2016-03-17 16:52 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-04-13 10:06 - 2016-03-17 16:51 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-04-13 10:06 - 2016-03-17 16:44 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-04-13 10:06 - 2016-03-17 16:43 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-04-13 10:06 - 2016-03-17 16:41 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-04-13 10:06 - 2016-03-17 16:38 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-04-13 10:06 - 2016-03-17 16:37 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-04-13 10:06 - 2016-03-17 16:37 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-04-13 10:06 - 2016-03-17 16:35 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-04-13 10:06 - 2016-03-17 16:35 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-04-13 10:06 - 2016-03-17 16:30 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-04-13 10:06 - 2016-03-17 16:30 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-04-13 10:06 - 2016-03-17 16:30 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-04-13 10:06 - 2016-03-17 16:30 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-04-13 10:06 - 2016-03-17 16:29 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-04-13 10:06 - 2016-03-17 16:29 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 16:29 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 16:29 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 16:29 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-13 10:06 - 2016-03-16 13:50 - 00156672 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll
2016-04-13 10:06 - 2016-03-16 13:28 - 00176128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msorcl32.dll
2016-04-13 10:06 - 2016-03-16 13:28 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mtxoci.dll
2016-04-13 10:06 - 2016-03-06 13:53 - 01885696 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2016-04-13 10:06 - 2016-03-06 13:53 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2016-04-13 10:06 - 2016-03-06 13:38 - 01240576 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2016-04-13 10:06 - 2016-03-06 13:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2016-04-13 10:05 - 2016-04-04 13:14 - 00038120 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-04-13 10:05 - 2016-04-04 13:02 - 01169408 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-04-13 10:05 - 2016-04-02 08:08 - 01386496 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-04-13 10:05 - 2016-03-23 09:02 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-04-13 10:05 - 2016-03-17 13:04 - 00698368 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-04-13 10:05 - 2016-03-17 13:04 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-04-13 10:05 - 2016-03-17 13:04 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-04-13 10:05 - 2016-03-17 13:04 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-04-13 10:05 - 2016-03-15 19:16 - 00760320 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2016-04-13 10:05 - 2016-03-15 19:16 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2016-04-13 10:05 - 2016-03-15 18:53 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2016-04-13 10:05 - 2016-03-11 13:57 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-04-13 10:05 - 2016-03-11 13:35 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-03-30 23:30 - 2016-03-30 23:30 - 00000000 ____D C:\Users\Public\Documents\AlawarWrapper
2016-03-30 23:30 - 2016-03-30 23:30 - 00000000 ____D C:\ProgramData\AlawarWrapper
2016-03-30 13:28 - 2016-03-30 13:28 - 00001761 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-03-30 13:28 - 2016-03-30 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-03-30 13:27 - 2016-03-30 13:28 - 00000000 ____D C:\Program Files\iTunes
2016-03-30 13:27 - 2016-03-30 13:27 - 00000000 ____D C:\Program Files\iPod
2016-03-30 13:27 - 2016-03-30 13:27 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-03-30 13:26 - 2016-03-30 13:26 - 00000000 ____D C:\windows\System32\Tasks\Apple
2016-03-30 13:26 - 2016-03-30 13:26 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-30 13:25 - 2016-03-30 13:25 - 00000000 ____D C:\Program Files\Bonjour
2016-03-30 13:25 - 2016-03-30 13:25 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-03-30 13:23 - 2016-03-30 13:23 - 169713992 _____ (Apple Inc.) C:\Users\Administrator\Downloads\iTunes6464Setup (1).exe
2016-03-29 19:24 - 2016-03-29 19:24 - 00006774 _____ C:\Users\Administrator\Documents\cc_20160329_192410.reg
2016-03-29 13:25 - 2016-04-25 11:29 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-29 13:24 - 2016-03-29 13:24 - 00001110 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-29 13:24 - 2016-03-29 13:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-29 13:24 - 2016-03-29 13:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-29 13:24 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-03-29 13:24 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-03-29 13:24 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-03-29 13:20 - 2016-03-29 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-03-29 13:20 - 2016-03-29 13:20 - 00000000 ____D C:\Program Files\7-Zip
2016-03-29 13:19 - 2016-03-29 13:20 - 00057356 _____ C:\Users\Administrator\Documents\cc_20160329_131942.reg
2016-03-29 13:18 - 2016-03-29 13:18 - 00002820 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2016-03-29 13:18 - 2016-03-29 13:18 - 00000983 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-29 13:18 - 2016-03-29 13:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-03-29 13:13 - 2016-03-29 13:13 - 06868672 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup516.exe
2016-03-29 13:12 - 2016-03-29 13:12 - 01371668 _____ (Igor Pavlov) C:\Users\Administrator\Downloads\7z1514-x64.exe
2016-03-29 13:11 - 2016-03-29 13:11 - 22851472 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mbam-setup-2.2.1.1043.exe
2016-03-29 12:58 - 2016-03-29 13:02 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-29 12:58 - 2016-03-29 12:58 - 00002055 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-03-29 12:58 - 2016-03-29 12:58 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-03-29 11:42 - 2016-02-05 13:56 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\tbs.dll
2016-03-29 11:42 - 2016-02-05 13:54 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\fveapibase.dll
2016-03-29 11:42 - 2016-02-05 12:33 - 00015360 _____ (Microsoft Corporation) C:\windows\SysWOW64\tbs.dll
2016-03-29 11:42 - 2016-02-02 13:57 - 00511488 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2016-03-29 11:42 - 2016-02-01 14:08 - 00114624 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-03-29 11:42 - 2016-02-01 13:59 - 03243008 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-03-29 11:42 - 2016-02-01 13:59 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2016-03-29 11:42 - 2016-02-01 13:59 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2016-03-29 11:42 - 2016-02-01 13:56 - 01940992 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-03-29 11:42 - 2016-02-01 13:56 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-03-29 11:42 - 2016-02-01 13:49 - 02364928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-03-29 11:42 - 2016-02-01 13:49 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2016-03-29 11:42 - 2016-02-01 13:49 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2016-03-29 11:42 - 2016-02-01 13:45 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-03-29 11:42 - 2016-01-20 19:51 - 00073664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2016-03-29 11:42 - 2015-08-05 12:56 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\icaapi.dll
2016-03-29 11:42 - 2015-08-05 12:06 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2016-03-29 11:42 - 2015-06-03 15:21 - 00451080 _____ (Microsoft Corporation) C:\windows\system32\fveapi.dll
2016-03-29 11:39 - 2015-12-16 13:55 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
2016-03-29 11:39 - 2015-12-16 13:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll
2016-03-29 11:39 - 2015-12-16 13:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL
2016-03-29 11:39 - 2015-12-16 13:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL
2016-03-29 11:39 - 2015-12-16 13:48 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL
2016-03-29 11:39 - 2015-12-16 13:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll
2016-03-29 11:39 - 2015-12-16 13:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL
2016-03-29 11:39 - 2015-12-16 13:47 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll
2016-03-29 11:33 - 2016-03-29 11:33 - 00000000 ____D C:\c568631cd916dba732f5f71a1b1b
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-26 12:34 - 2015-12-22 20:05 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\360WD
2016-04-26 12:34 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-04-26 12:19 - 2015-08-29 12:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\.minecraft
2016-04-25 18:09 - 2016-01-09 21:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-25 13:43 - 2014-11-19 13:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2016-04-25 12:54 - 2009-07-13 23:45 - 00023040 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-25 12:54 - 2009-07-13 23:45 - 00023040 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-25 12:53 - 2009-07-14 00:13 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-25 12:53 - 2009-07-13 22:20 - 00000000 ____D C:\windows\inf
2016-04-25 12:52 - 2014-11-16 00:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-04-25 12:49 - 2015-12-22 19:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2016-04-25 11:26 - 2016-01-31 13:26 - 00000000 __SHD C:\$360Section
2016-04-25 11:26 - 2015-12-22 20:06 - 00000000 ____D C:\ProgramData\360Quarant
2016-04-25 10:35 - 2015-12-21 00:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Lavasoft
2016-04-25 10:34 - 2015-12-21 00:07 - 00425744 _____ (Lavasoft Limited) C:\windows\system32\LavasoftTcpService64.dll
2016-04-25 10:34 - 2015-12-21 00:07 - 00345360 _____ (Lavasoft Limited) C:\windows\SysWOW64\LavasoftTcpService.dll
2016-04-25 10:33 - 2015-12-21 00:06 - 00000000 ____D C:\ProgramData\Lavasoft
2016-04-25 10:14 - 2015-12-22 20:29 - 00000000 ____D C:\ProgramData\ProductData
2016-04-25 10:13 - 2014-11-15 23:14 - 00000000 ____D C:\Users\Administrator
2016-04-25 10:12 - 2014-11-16 00:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-25 10:12 - 2009-07-13 22:20 - 00000000 ____D C:\windows\registration
2016-04-21 20:30 - 2014-05-05 22:01 - 00453288 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-04-20 11:58 - 2015-12-22 20:05 - 00000000 _RSHD C:\360SANDBOX
2016-04-20 11:50 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF
2016-04-19 13:06 - 2015-01-21 22:09 - 00001138 _____ C:\Users\Administrator\Downloads\nativelog.txt
2016-04-19 12:20 - 2015-12-22 20:06 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\360safe
2016-04-18 21:42 - 2015-01-21 22:09 - 00000000 ____D C:\Users\Administrator\Downloads\game
2016-04-16 03:55 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2016-04-14 03:26 - 2014-12-10 04:21 - 00000000 ____D C:\windows\system32\appraiser
2016-04-14 03:07 - 2014-05-06 00:55 - 00000000 ____D C:\windows\system32\MRT
2016-04-14 03:02 - 2014-05-06 00:55 - 135176864 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-04-11 16:29 - 2014-11-16 00:12 - 00002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-11 16:29 - 2014-11-16 00:12 - 00002191 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-11 16:27 - 2014-12-06 19:40 - 00000000 ____D C:\windows\Minidump
2016-04-11 15:15 - 2015-12-29 13:57 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-08 07:57 - 2016-02-04 18:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2016-04-08 07:54 - 2014-11-16 00:09 - 00000000 ___RD C:\Users\Public\Desktop\Antivirus & Antispyware Tools
2016-03-30 22:31 - 2015-03-13 01:19 - 00002012 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2016-03-30 13:27 - 2015-01-10 21:35 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-30 13:26 - 2015-04-16 16:00 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-29 15:47 - 2015-05-28 05:24 - 00007587 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2016-03-29 13:18 - 2014-11-16 00:11 - 00000000 ____D C:\Program Files\CCleaner
2016-03-29 13:05 - 2015-05-11 14:15 - 00003888 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-03-29 13:01 - 2015-02-09 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2016-03-29 12:58 - 2014-11-16 00:21 - 00000000 ____D C:\ProgramData\Adobe
2016-03-29 12:54 - 2015-12-22 20:29 - 00000000 ____D C:\Users\Administrator\IObit Uninstaller
2016-03-29 12:44 - 2014-11-16 00:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2016-03-29 12:41 - 2014-11-16 00:22 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-03-29 12:40 - 2014-11-16 00:11 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-03-29 12:39 - 2014-12-01 17:53 - 00000000 ____D C:\Program Files\paint.net
2016-03-27 10:22 - 2009-07-13 21:34 - 00000430 _____ C:\windows\win.ini
==================== Files in the root of some directories =======
2015-11-21 05:22 - 2015-11-21 05:22 - 0005120 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-28 05:24 - 2016-03-29 15:47 - 0007587 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2015-12-21 00:11 - 2015-12-22 16:54 - 0023099 _____ () C:\Users\Administrator\AppData\Local\ZedgeLog.txt
2015-07-02 15:43 - 2015-07-24 10:25 - 0000906 _____ () C:\Users\Administrator\AppData\Local\_settings.ini
2015-02-26 14:01 - 2015-02-26 14:01 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-08-02 09:20 - 2015-06-03 09:20 - 0000032 ____R () C:\ProgramData\hash.dat
2015-02-19 17:48 - 2015-02-19 17:48 - 0045595 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-02-19 17:48 - 2015-02-19 17:48 - 0000288 _____ () C:\ProgramData\HELP_DECRYPT.URL
Files to move or delete:
====================
C:\ProgramData\hash.dat
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-04-25 13:35
==================== End of FRST.txt ============================
========================================
========================================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-04-2016
Ran by Administrator (2016-04-26 12:40:37)
Running from C:\Users\Administrator\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-11-16 04:14:32)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3102950768-1916709398-1516765199-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-3102950768-1916709398-1516765199-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3102950768-1916709398-1516765199-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: 360 Total Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Total Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 8.2.0.1098 - 360 Security Center)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
FUJIFILM MyFinePix Studio 4.1 (HKLM-x32\...\MyFinePix Studio_is1) (Version: - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM-x32\...\{DFE68F5B-7344-3954-A9E5-449AF9278FB4}) (Version: 49.0.2623.112 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToAssist Customer 2.6.0.948 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.6.0.948 - Citrix Online)
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Mahjongg Mania (HKLM-x32\...\Mahjongg Mania) (Version: 1.00.10.07.16 - Selectsoft Publishing)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
Pluto TV version 0.1.5 (HKLM-x32\...\Pluto TV_is1) (Version: 0.1.5 - Pluto TV)
Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
QuickTime (HKLM-x32\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.111 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
Unity Web Player (HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
Web Companion (HKLM-x32\...\{8fa53e11-6632-4c55-9412-cf39a6725ecd}) (Version: 2.3.1411.2698 - Lavasoft)
World of Mahjongg 1,000,000 (HKLM-x32\...\World of Mahjongg 1,000,000) (Version: 1.00.08.27.08 - Selectsoft Publishing)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yin-Yang Mahjongg (HKLM-x32\...\Yin-Yang Mahjongg) (Version: 1.00.10.07.16 - Selectsoft Publishing)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {035B4CEF-BCA9-428E-A053-48592571D3A5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {09F7152F-6208-4E2B-BB9B-8887B3265B8C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {0E5B532F-5CD4-4E25-AA0A-D325188E6187} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {19FEED1D-3356-4E54-8CC9-09F2D5E5C8FD} - System32\Tasks\googleupdatetaskmachineua => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2879B316-4DFA-49F7-BE89-01D748FCC100} - System32\Tasks\{52E18FAE-E51E-4A3C-930C-C8DC361A3241} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.0.60.102/en/abandoninstall?page=tsMain
Task: {4B6832EA-133E-44BD-AE3C-F2E89701DAD2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {5A877178-88BF-4076-9DCA-CCC41101B6F0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {8AC64203-FE8B-40C7-8B26-8DE0BBD36B64} - System32\Tasks\googleupdatetaskmachinecore1d12d0d5d746dca => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8DF6658D-3AAD-47BB-B63B-4F57539721E5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {9B7277FF-A519-41B8-A0E8-DA613899CF26} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-21] (Adobe Systems Incorporated)
Task: {9E6B2026-56A6-4629-84FF-62EA57B6CC9C} - System32\Tasks\Open Chrome => Chrome.exe --new-window hxxp://toolbar.avg.com/almost-done?pid=safeguard&lang=en
Task: {D7D3EA13-C792-444C-A015-5E1918204A24} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {FE208205-364F-476C-BBCB-1C63E20EEBDC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exeF--new-window hxxp:/toolbar.avg.com/
Task: C:\windows\Tasks\XboxStatTask.job => C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-12-22 20:05 - 2016-02-01 01:20 - 00614480 _____ () C:\Program Files (x86)\360\Total Security\MenuEx64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-25 10:34 - 2016-04-25 10:34 - 00017168 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2016-04-25 10:34 - 2016-04-25 10:34 - 00008976 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2016-04-25 10:34 - 2016-04-25 10:34 - 00028944 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2015-12-22 20:05 - 2016-02-01 01:20 - 00088184 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll
2016-04-25 10:34 - 2016-04-25 10:34 - 00121104 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2016-04-25 10:34 - 2016-04-25 10:34 - 00050448 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Common.Platform.dll
2016-04-25 10:34 - 2016-04-25 10:34 - 00010000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.UpdateComponents.dll
2016-04-25 10:34 - 2016-04-25 10:34 - 00295696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2016-04-25 10:34 - 2016-04-25 10:34 - 00022288 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AvastWrapper.dll
2016-04-25 10:34 - 2016-04-25 10:34 - 00046864 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2016-04-25 10:34 - 2016-04-25 10:34 - 00012560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2016-04-25 10:34 - 2016-04-25 10:34 - 00120080 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2016-04-25 10:36 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-04-25 10:36 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-04-25 10:36 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-04-25 10:36 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\myradioplayer => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\.DEFAULT\...\dlappzonenorth.com -> www.dlappzonenorth.com
IE trusted site: HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\dlappzonenorth.com -> www.dlappzonenorth.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2016-04-26 12:41 - 00000768 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{8D2E535F-F986-49BC-8446-486F00BDE4D2}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{82ADF36D-2BA8-4881-809C-536D875A290D}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [TCP Query User{7C9CCFA7-71B6-454B-8879-7A960A04AAAE}C:\users\administrator\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\administrator\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{C28D2056-6EBB-4086-B768-37EF2D4B3D06}C:\users\administrator\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\administrator\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{C1F016DB-E35C-4AF2-BAAC-F05815FED1CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7067DB5E-C03A-492F-9E2B-3B222510D3DD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{11B35B7E-5518-4E02-9BAB-3582256949B0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{263C9298-8BD4-443F-8FD9-BF7AB3E95813}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6287D70C-A0B1-4696-A107-7CC347042963}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5852F8CF-5BE2-4A2B-9F40-A7D1C3C23FCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{4B8BCE6F-A447-4773-9D19-67A61DE950F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{8D7EE0E3-BB89-4A06-819D-3F267996CC4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{FA3CDD0B-600C-48D9-8F98-D481539E9705}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{9A0E9F30-803A-4AD3-9D1F-69317BD31D8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{3255B84B-A812-45DE-9EFA-37DEC4E55D61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{81939920-53C6-432B-978E-508981DBE035}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{02D162BA-2C15-4D67-9DF8-99B2AA40F8EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{29676E4C-C437-4B99-AF57-E20C7F7FD9BD}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{A2A50D2B-EAA4-46D6-868E-0FC795E2B6B6}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{27809215-36D3-4BDE-9430-3FE5DD3F9BBA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1E3D8832-D476-4E4A-85FE-31318C859E80}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{681D4F37-C8A6-4BBE-98AA-D3A1F5C5F16E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4BAE5BC8-64E5-4B60-9C88-3A0FEBDC2E0C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5E63735F-6CBF-41EE-8598-31E2841755C1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8C990317-C395-48DB-B295-E2758DB973CC}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS61F1\HPDiagnosticCoreUI.exe
FirewallRules: [{24F57D6F-501C-4B81-85C4-2EFB6631AA1D}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS61F1\HPDiagnosticCoreUI.exe
FirewallRules: [{0E05FACC-276D-44CA-99B7-E5D5435D39B3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{7415F8F8-16B9-4E05-8EA5-2679C0BC0EE5}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [UDP Query User{1F67CBCD-9CB1-4349-B90F-3C8780BEB0BB}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [TCP Query User{744FEAC2-68DD-40D0-87E3-44829291FD30}C:\users\administrator\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\administrator\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{50472F2F-68E5-4009-9804-1FADF6F86BE9}C:\users\administrator\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\administrator\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{45B809B9-1287-4D6D-B392-FD95B0C43877}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{10383D8A-9CFD-4A30-AE6B-B5E63887F616}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
30-03-2016 13:26:22 Installed iTunes
02-04-2016 08:59:42 Windows Update
06-04-2016 08:59:23 Windows Update
09-04-2016 19:08:29 Windows Update
14-04-2016 03:00:15 Windows Update
15-04-2016 03:00:13 Windows Update
16-04-2016 03:00:11 Windows Update
19-04-2016 08:53:02 Windows Update
22-04-2016 12:10:55 Windows Update
25-04-2016 10:01:21 Restore Operation
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/25/2016 12:49:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Itibiti.exe, version: 2.0.1747.0, time stamp: 0x51d46fa5
Faulting module name: Flash32_20_0_0_228.ocx, version: 20.0.0.228, time stamp: 0x565123f2
Exception code: 0xc0000005
Fault offset: 0x006d042a
Faulting process id: 0xcf4
Faulting application start time: 0xItibiti.exe0
Faulting application path: Itibiti.exe1
Faulting module path: Itibiti.exe2
Report Id: Itibiti.exe3
Error: (04/25/2016 12:46:29 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (04/25/2016 12:46:29 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (04/25/2016 12:46:29 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (04/25/2016 12:46:29 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Error: (04/25/2016 12:46:28 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (04/25/2016 12:46:28 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
Context: Windows Application, SystemIndex Catalog
Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)
Error: (04/25/2016 12:46:28 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (04/25/2016 12:46:28 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (04/25/2016 12:46:28 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.
Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))
System errors:
=============
Error: (04/26/2016 12:36:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126
Error: (04/26/2016 12:30:38 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (04/26/2016 12:30:38 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (04/26/2016 12:30:35 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.
Error: (04/26/2016 07:34:55 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (04/26/2016 07:34:55 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (04/26/2016 07:34:17 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (04/26/2016 07:34:17 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (04/26/2016 07:34:14 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (04/26/2016 07:34:14 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
==================== Memory info ===========================
Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz
Percentage of memory in use: 65%
Total physical RAM: 3036.98 MB
Available physical RAM: 1048.33 MB
Total Virtual: 6072.16 MB
Available Virtual: 3978.6 MB
==================== Drives ================================
Drive c: (Ayy Lmao) (Fixed) (Total:465.27 GB) (Free:324.53 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F1EC6595)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Edited by RegularDude, 26 April 2016 - 12:00 PM.
Sign In
Create Account
