Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

chrome virus. blocked by malwarebytes, but still disturbing

This is a discussion on chrome virus. blocked by malwarebytes, but still disturbing within the Resolved HJT Threads forums, part of the Tech Support Forum category. Chrome.exe is trying to access harmful sites... DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.18315 BrowserJavaVersion: 11.77.2 Run by user at


 
 
Thread Tools Search this Thread
Old 05-20-2016, 12:57 PM   #1
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

Chrome.exe is trying to access harmful sites...

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18315 BrowserJavaVersion: 11.77.2
Run by user at 15:51:57 on 2016-05-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3966.1130 [GMT -4:00]
.
AV: Kaspersky Total Security *Enabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
SP: Kaspersky Total Security *Enabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security *Enabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\AMT\atchksrv.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Intel\AMT\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe
C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files (x86)\Intel\AMT\UNS.exe
C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\tv_w32.exe
C:\Program Files (x86)\TeamViewer\tv_x64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Intel\AMT\atchk.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Classic Start Menu\ClassicStartMenu.exe
C:\Program Files (x86)\Pamela\Pamela.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Users\user\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Antification\Ant Rapunzel\AntRapunzel.exe
C:\Program Files (x86)\Classic Start Menu\VistaHookApp.exe
C:\Program Files (x86)\MediatekWiFi\Common\ApUI.exe
C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
C:\Windows\V0690Mon.exe
C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files (x86)\Logitech\H760\H760.exe
C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\splwow64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\EditPlus 3\editplus.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
C:\Program Files (x86)\Citrix\GoToMeeting\4911\g2mstart.exe
C:\Program Files (x86)\Citrix\GoToMeeting\4911\g2mcomm.exe
C:\Program Files (x86)\Citrix\GoToMeeting\4911\g2mlauncher.exe
C:\Program Files (x86)\linkalchemist\LinkAlchemist.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon-x64.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Kaspersky Protection plugin: {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Kaspersky Protection toolbar: {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll
uRun: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\4911\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [ClassicStartMenu] "C:\Program Files (x86)\Classic Start Menu\ClassicStartMenu.exe"
uRun: [pamela.exe] "C:\Program Files (x86)\Pamela\Pamela.exe"
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [BingSvc] C:\Users\user\AppData\Local\Microsoft\BingSvc\BingSvc.exe
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [Live! Central 3] "C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" /mode2
mRun: [V0690Mon.exe] C:\Windows\V0690Mon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Logitech H760] C:\Program Files (x86)\Logitech\H760\H760.exe
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ANTRAP~1.LNK - C:\Program Files (x86)\Antification\Ant Rapunzel\AntRapunzel.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MEDIAT~1.LNK - C:\Program Files (x86)\MediatekWiFi\Common\ApUI.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Customize Menu - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: Fill Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Save Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show RoboForm Toolbar - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
Trusted Zone: localhost
Trusted Zone: webcompanion.com
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8F5475E8-F566-41D2-8C5B-4FA095ACFC01} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Kaspersky Protection plugin: {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
x64-TB: Kaspersky Protection toolbar: {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll
x64-Run: [atchk] "C:\Program Files (x86)\Intel\AMT\atchk.exe"
x64-Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\mz4cbpw5.default-1446683940283\
FF - prefs.js: browser.startup.homepage - hxxp://www.outcall.net/toplist/
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Stamps.com Web Postage Plug-in\npsdcwc.dll
FF - plugin: C:\Users\user\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll
.
============= SERVICES / DRIVERS ===============
.
R0 cm_km;Kaspersky Lab ZAO Cryptographic Module x64 (Weak);C:\Windows\System32\drivers\cm_km.sys [2015-7-6 389816]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;C:\Windows\System32\drivers\klbackupdisk.sys [2015-6-6 53432]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2015-11-23 55280]
R1 klbackupflt;Kaspersky Lab klbackupflt;C:\Windows\System32\drivers\klbackupflt.sys [2015-6-27 70000]
R1 klhk;Kaspersky Lab service driver;C:\Windows\System32\drivers\klhk.sys [2015-7-4 227000]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2015-6-11 39096]
R1 klpd;Kaspersky Lab format recognizer driver;C:\Windows\System32\drivers\klpd.sys [2015-6-8 41352]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2015-6-11 65208]
R1 Klwtp;Klwtp;C:\Windows\System32\drivers\klwtp.sys [2015-6-16 103096]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2015-6-23 187056]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-3-2 83768]
R2 AVP16.0.0;Kaspersky Anti-Virus Service 16.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [2015-7-9 194000]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 kldisk;kldisk;C:\Windows\System32\drivers\kldisk.sys [2015-6-6 77728]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-11-9 1514464]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-11-9 1136608]
R2 MediatekRegistryWriter;MediatekRegistryWriter;C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe [2015-9-18 405136]
R2 MediatekRegistryWriter64;MediatekRegistryWriter64;C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe [2015-9-18 454288]
R3 busenum;Synology Virtual USB Hub;C:\Windows\System32\drivers\busenum.sys [2012-8-3 55776]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-2-8 176000]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-8-1 70424]
R3 klflt;Kaspersky Lab Kernel DLL;C:\Windows\System32\drivers\klflt.sys [2015-8-19 181640]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2015-6-6 41144]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2015-6-7 41648]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-11-9 27008]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-11-9 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-11-9 64896]
R3 V0690Vid;Creative Live! Cam Socialize HD AF / ZiiCam Driver;C:\Windows\System32\drivers\V0690Vid.sys [2013-2-8 393952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S3 Brpu3sapw;Brpu3sapw;C:\Windows\System32\drivers\wimmount.sys [2009-7-13 22096]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-5-19 114688]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-5 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-11 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-5 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== Created Last 30 ================
.
2016-05-19 19:27:56 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{21D52005-5752-44B8-AA65-C1B100DD6179}\offreg.2416.dll
2016-05-19 12:19:36 11695896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{21D52005-5752-44B8-AA65-C1B100DD6179}\mpengine.dll
2016-05-19 11:27:28 30720 ----a-w- C:\Windows\System32\seclogon.dll
2016-05-19 11:26:59 8192 ----a-w- C:\Windows\System32\drivers\en-US\tpm.sys.mui
2016-05-19 11:25:55 511488 ----a-w- C:\Windows\System32\rpcss.dll
2016-05-19 11:18:50 1424896 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2016-05-19 11:18:49 1230848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2016-05-17 20:50:11 -------- d-----w- C:\Program Files (x86)\RssAuthoritySniper2
2016-05-16 16:38:25 -------- d-----w- C:\searchplugins
2016-05-16 16:38:25 -------- d-----w- C:\extensions
2016-05-14 14:37:44 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160514_103744
2016-05-07 17:12:59 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160507_131259
2016-05-03 18:13:50 192216 ----a-w- C:\Windows\System32\drivers\10551806.sys
2016-05-03 14:41:20 225976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2016-05-03 14:41:20 225976 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2016-05-01 18:12:40 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160501_141240
2016-05-01 18:12:39 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160501_141239
2016-04-25 1805 192216 ----a-w- C:\Windows\System32\drivers\339E2107.sys
2016-04-24 10:41:59 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160424_064159
2016-04-24 10:41:58 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160424_064158
2016-04-24 10:41:57 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160424_064157
2016-04-24 10:41:56 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160424_064156
2016-04-24 10:41:55 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160424_064155
2016-04-24 10:40:53 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160424_064053
2016-04-24 10:40:52 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160424_064052
2016-04-24 10:40:51 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160424_064051
2016-04-24 10:40:50 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160424_064050
2016-04-22 18:12:06 192216 ----a-w- C:\Windows\System32\drivers\1F153B3C.sys
2016-04-22 16:37:28 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160422_123728
2016-04-22 15:56:05 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160422_115605
2016-04-22 15:56:04 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160422_115604
2016-04-22 15:56:03 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160422_115603
2016-04-22 15:56:02 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160422_115602
2016-04-22 15:56:01 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160422_115601
2016-04-22 15:56:00 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160422_115600
2016-04-22 15:55:59 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160422_115559
2016-04-22 15:55:58 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160422_115558
2016-04-22 15:55:57 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160422_115557
2016-04-22 15:55:56 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160422_115556
2016-04-22 15:55:55 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160422_115555
2016-04-22 15:55:54 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160422_115554
2016-04-22 15:55:53 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160422_115553
2016-04-22 15:55:52 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160422_115552
2016-04-22 15:55:51 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160422_115551
2016-04-22 15:55:50 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160422_115550
2016-04-22 15:55:49 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160422_115549
2016-04-22 15:55:48 -------- d-----w- C:\Users\user\AppData\Roaming\ebook_convert_20160422_115548
.
==================== Find3M ====================
.
2016-05-20 18:15:33 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-05-13 16:07:18 797376 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-05-13 16:07:18 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-04-23 05:16:10 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-04-23 05:16:00 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-04-23 05:01:23 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-04-23 05:00:39 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-04-23 05:00:32 417792 ----a-w- C:\Windows\System32\html.iec
2016-04-23 05:00:10 571904 ----a-w- C:\Windows\System32\vbscript.dll
2016-04-23 05:00:01 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-04-23 04:47:35 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-04-23 04:47:34 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-04-23 04:47:20 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-04-23 04:46:47 6052352 ----a-w- C:\Windows\System32\jscript9.dll
2016-04-23 04:40:13 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-04-23 04:29:15 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-04-23 04:20:51 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-04-23 04:08:47 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-04-23 04:08:47 497152 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-04-23 04:08:09 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-04-23 04:07:58 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-04-23 04:07:05 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-04-23 0409 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-04-23 04:05:05 2131968 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-04-23 03:58:33 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-04-23 03:58:14 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-04-23 03:51:54 2596864 ----a-w- C:\Windows\System32\wininet.dll
2016-04-23 03:45:54 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-04-23 03:36:58 4611072 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-04-23 03:30:55 2056192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-04-23 03:30:34 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-04-23 03:12:38 2121216 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-04-21 19:05:02 453288 ------w- C:\Windows\System32\MpSigStub.exe
2016-04-20 18:08:40 192216 ----a-w- C:\Windows\System32\drivers\4FA91C57.sys
2016-04-19 18:16:03 192216 ----a-w- C:\Windows\System32\drivers\344953DC.sys
2016-04-19 18:13:07 192216 ----a-w- C:\Windows\System32\drivers\56C2519D.sys
2016-04-18 18:11:23 192216 ----a-w- C:\Windows\System32\drivers\05100228.sys
2016-04-15 18:10:16 192216 ----a-w- C:\Windows\System32\drivers\3E8916E7.sys
2016-04-14 13:49:13 603648 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2016-04-14 13:21:17 647680 ----a-w- C:\Windows\System32\d3d10level9.dll
2016-04-11 18:09:05 192216 ----a-w- C:\Windows\System32\drivers\0CE95D77.sys
2016-04-09 07:02:34 631176 ----a-w- C:\Windows\System32\winresume.efi
2016-04-09 07:01:44 706280 ----a-w- C:\Windows\System32\winload.efi
2016-04-09 07:01:43 5546216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-04-09 07:01:42 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-04-09 07:01:42 154344 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-04-09 07:01:41 986344 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2016-04-09 07:01:41 264936 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2016-04-09 06:59:48 3998952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-04-09 06:59:48 3943144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-04-09 06:59:27 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2016-04-09 06:57:59 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2016-04-09 06:54:54 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-04-09 05:52:09 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2016-04-09 05:52:04 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2016-04-09 05:52:04 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2016-04-09 05:51:21 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-04-09 05:49:33 3217408 ----a-w- C:\Windows\System32\win32k.sys
2016-04-09 05:48:16 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-04-09 05:47:23 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-04-09 05:44:39 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-04-09 05:44:06 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-04-09 05:44:03 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-04-09 05:43:20 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-04-09 05:43:17 112640 ----a-w- C:\Windows\System32\smss.exe
2016-04-09 05:42:19 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-04-09 05:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2016-04-09 05:38:24 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2016-04-09 05:38:24 2048 ----a-w- C:\Windows\SysWow64\user.exe
2016-04-09 05:38:24 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2016-04-09 05:37:37 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-04-09 05:37:29 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2016-04-09 05:37:29 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-09 05:37:29 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-09 05:37:29 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2016-04-06 17:48:37 192216 ----a-w- C:\Windows\System32\drivers\565E4722.sys
2016-04-06 15:27:53 24576 ----a-w- C:\Windows\System32\jnwmon.dll
2016-04-05 18:17:24 192216 ----a-w- C:\Windows\System32\drivers\50F80F08.sys
2016-04-04 18:14:42 192216 ----a-w- C:\Windows\System32\drivers\7C173ED5.sys
2016-04-04 18:14:06 38120 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-04-04 18:02:17 1169408 ----a-w- C:\Windows\System32\aeinv.dll
2016-04-02 13:08:13 1386496 ----a-w- C:\Windows\System32\appraiser.dll
2016-04-01 18:12:46 192216 ----a-w- C:\Windows\System32\drivers\2C4052F4.sys
2016-03-29 20:54:51 97856 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2016-03-23 14:02:01 215040 ----a-w- C:\Windows\System32\aepic.dll
2016-03-20 14:51:46 192216 ----a-w- C:\Windows\System32\drivers\17AC0F84.sys
2016-03-17 22:56:24 2084864 ----a-w- C:\Windows\System32\ole32.dll
2016-03-17 22:28:21 1414144 ----a-w- C:\Windows\SysWow64\ole32.dll
2016-03-17 18:04:39 698368 ----a-w- C:\Windows\System32\generaltel.dll
2016-03-17 18:04:39 499200 ----a-w- C:\Windows\System32\devinv.dll
2016-03-17 18:04:39 279040 ----a-w- C:\Windows\System32\invagent.dll
2016-03-17 18:04:38 76800 ----a-w- C:\Windows\System32\acmigration.dll
2016-03-16 18:50:06 156672 ----a-w- C:\Windows\System32\mtxoci.dll
2016-03-16 18:28:15 111616 ----a-w- C:\Windows\SysWow64\mtxoci.dll
2016-03-16 18:28:12 176128 ----a-w- C:\Windows\SysWow64\msorcl32.dll
2016-03-16 00:16:10 760320 ----a-w- C:\Windows\System32\samsrv.dll
2016-03-16 00:16:10 106496 ----a-w- C:\Windows\System32\samlib.dll
2016-03-15 23:53:30 60416 ----a-w- C:\Windows\SysWow64\samlib.dll
2016-03-14 15:00:05 192216 ----a-w- C:\Windows\System32\drivers\5BBC4116.sys
2016-03-10 18:09:06 64896 ----a-w- C:\Windows\System32\drivers\mwac.sys
.
============= FINISH: 15:53:33.90 ===============
Attached Files
File Type: txt attach.txt (13.3 KB, 290 views)
mavensophie is offline  
Sponsored Links
Advertisement
 
Old 05-22-2016, 09:32 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Back up your files - Windows Help

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------

CCleaner
PC Pitstop Optimize


We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling PC Pitstop Optimize via Programs and Features in your Control Panel.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-22-2016, 10:06 AM   #3
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

# AdwCleaner v5.117 - Logfile created 22/05/2016 at 12:57:16
# Updated 15/05/2016 by Xplode
# Database : 2016-05-15.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option : Clean
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd

***** [ Files ] *****

[-] File Deleted : C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Windows\SysNative\LavasoftTcpService64.dll
[-] File Deleted : C:\Windows\SysNative\LavasoftTcpServiceOff.ini

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By Sweetpacks
[-] Key Deleted : HKLM\SOFTWARE\Lavasoft\Web Companion

***** [ Web browsers ] *****

[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch.ask.com
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2885 bytes] - [22/05/2016 12:57:16]
C:\AdwCleaner\AdwCleaner[S1].txt - [2816 bytes] - [22/05/2016 12:50:49]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3031 bytes] ##########
mavensophie is offline  
Sponsored Links
Advertisement
 
Old 05-22-2016, 10:13 AM   #4
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:22-05-2016 01
Ran by user (administrator) on USER-PC (22-05-2016 13:07:42)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & UpdatusUser & Sophie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchksrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(Intel) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe
(Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel) C:\Program Files (x86)\Intel\AMT\UNS.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
() C:\Program Files\Everything\Everything.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\4911\g2mstart.exe
(OrdinarySoft) C:\Program Files (x86)\Classic Start Menu\ClassicStartMenu.exe
(PamConsult GmbH) C:\Program Files (x86)\Pamela\Pamela.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
( 2015 Microsoft Corporation) C:\Users\user\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\4911\g2mcomm.exe
() C:\Program Files (x86)\Classic Start Menu\VistaHookApp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(OzProducts) C:\Program Files (x86)\Antification\Ant Rapunzel\AntRapunzel.exe
(Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\ApUI.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\4911\g2mlauncher.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
(Creative Technology Ltd.) C:\Windows\V0690Mon.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
(Logitech) C:\Program Files (x86)\Logitech\H760\H760.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1282048 2007-08-01] (Analog Devices, Inc.)
HKLM-x32\...\Run: [Live! Central 3] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [503948 2010-10-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [V0690Mon.exe] => C:\Windows\V0690Mon.exe
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [Logitech H760] => C:\Program Files (x86)\Logitech\H760\H760.exe [275800 2010-07-09] (Logitech)
HKU\S-1-5-21-4103537104-1711098450-1323067865-1000\...\Run: [GoToMeeting] => C:\Program Files (x86)\Citrix\GoToMeeting\4911\g2mstart.exe [41536 2016-05-12] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-4103537104-1711098450-1323067865-1000\...\Run: [ClassicStartMenu] => C:\Program Files (x86)\Classic Start Menu\ClassicStartMenu.exe [4150688 2011-04-29] (OrdinarySoft)
HKU\S-1-5-21-4103537104-1711098450-1323067865-1000\...\Run: [pamela.exe] => C:\Program Files (x86)\Pamela\Pamela.exe [12116400 2014-08-20] (PamConsult GmbH)
HKU\S-1-5-21-4103537104-1711098450-1323067865-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-4103537104-1711098450-1323067865-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [52142720 2016-04-29] (Skype Technologies S.A.)
HKU\S-1-5-21-4103537104-1711098450-1323067865-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-03-30] (Siber Systems)
HKU\S-1-5-21-4103537104-1711098450-1323067865-1000\...\Run: [BingSvc] => C:\Users\user\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] ( 2015 Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2012-09-16]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AntRapunzel.lnk [2016-02-03]
ShortcutTarget: AntRapunzel.lnk -> C:\Program Files (x86)\Antification\Ant Rapunzel\AntRapunzel.exe (OzProducts)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mediatek Wireless Utility.lnk [2016-05-22]
ShortcutTarget: Mediatek Wireless Utility.lnk -> C:\Program Files (x86)\MediatekWiFi\Common\ApUI.exe (Mediatek Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk [2013-11-26]
ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-07-09]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{8F5475E8-F566-41D2-8C5B-4FA095ACFC01}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4103537104-1711098450-1323067865-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4103537104-1711098450-1323067865-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=en-us
HKU\S-1-5-21-4103537104-1711098450-1323067865-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/SKY2_FRPage
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2010-04-13] (TechSmith Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-03-30] (Siber Systems Inc.)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-21] (AO Kaspersky Lab)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-03-30] (Siber Systems Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-29] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-06-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-10-21] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-29] (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-03-30] (Siber Systems Inc.)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-21] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-03-30] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-10-21] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-4103537104-1711098450-1323067865-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-03-30] (Siber Systems Inc.)
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\mz4cbpw5.default-1446683940283
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.outcall.net/toplist/
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-29] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2012-12-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2012-12-27] (RealPlayer)
FF Plugin-x32: @stamps.com/Web client plug-in,version=1.1.0.41 -> C:\Program Files (x86)\Stamps.com Web Postage Plug-in\npsdcwc.dll [2012-06-12] (Stamps.com, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4103537104-1711098450-1323067865-1000: @citrixonline.com/appdetectorplugin -> C:\Users\user\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-06-15] (Citrix Online)
FF Plugin HKU\S-1-5-21-4103537104-1711098450-1323067865-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll [2013-01-23] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Extension: MozBar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\mz4cbpw5.default-1446683940283\extensions\[email protected] [2016-01-17]
FF Extension: NoScript - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\mz4cbpw5.default-1446683940283\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-07]
FF Extension: DownThemAll! AntiContainer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\mz4cbpw5.default-1446683940283\extensions\[email protected] [2016-04-15]
FF Extension: DownThemAll! - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\mz4cbpw5.default-1446683940283\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-04-15]
FF Extension: RankChecker - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\mz4cbpw5.default-1446683940283\extensions\[email protected] [2016-04-23]
FF Extension: YesScript - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\mz4cbpw5.default-1446683940283\extensions\[email protected] [2016-04-28]
FF Extension: Bookmark All - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\mz4cbpw5.default-1446683940283\extensions\{a76cd07b-f0d7-4ef9-9566-8faef6e290e4}.xpi [2016-04-28]
FF Extension: MP4 Downloader - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\mz4cbpw5.default-1446683940283\extensions\mp4d[email protected] [2016-04-28]
FF Extension: Seo Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\mz4cbpw5.default-1446683940283\extensions\[email protected] [2016-05-15]
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-03-01]
FF Extension: Youtube Mp3 Downloader - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\mz4cbpw5.default-1446683940283\Extensions\[email protected] [2016-03-23]
FF Extension: Download YouTube Videos as MP4 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\mz4cbpw5.default-1446683940283\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-03-20]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-03-30]
FF HKU\S-1-5-21-4103537104-1711098450-1323067865-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\gcswf32.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Users\user\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll => No File
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SEOquake) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2016-05-20]
CHR Extension: (Kudani FeedGrabber) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf [2014-10-20]
CHR Extension: (Send to Kindle for Google Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2015-10-07]
CHR Extension: (ShotPin) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dndakgjimmmhpepokndjigkcpmmohkaj [2015-02-25]
CHR Extension: (Facebook Select All) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdnihiaohmbcoloifejkebjbddjaaiba [2012-12-17]
CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2016-05-20]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2016-05-06]
CHR Extension: (Smart Member: Speed Blogging) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjflkobldlandnjdidahdjocjjmagnfn [2016-05-13]
CHR Extension: (Facebook Invite All Friends 2016) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkifjigoeilijkcnpfdjbpdjgnbfibec [2016-05-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-13]
CHR Extension: (RoboForm Password Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-03-26]
CHR Extension: (Auto Select All Facebook Friends) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcjiigginhdhihbdlejjoekeemjaiml [2013-04-27]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-27]
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2012-09-16] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-08-19] (Kaspersky Lab ZAO)
S3 Brpu3sapw; C:\Windows\system32\drivers\wimmount.sys [22096 2009-07-13] (Microsoft Corporation)
S3 Brpu3sapw; C:\Windows\SysWOW64\drivers\wimmount.sys [19008 2009-07-13] (Microsoft Corporation)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MediatekRegistryWriter; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe [405136 2014-12-04] (Mediatek Inc.)
R2 MediatekRegistryWriter64; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe [454288 2014-12-04] (Mediatek Inc.)
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2015-03-17] (The OpenVPN Project)
S3 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [90352 2009-04-26] (PC Pitstop LLC)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248704 2012-08-31] () [File not signed]
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [77728 2016-03-01] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-10-21] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-10-21] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934808 2016-03-01] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-09-26] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-22] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [2225808 2014-12-08] (MediaTek Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 ute3otkw; C:\Windows\SysWOW64\Drivers\ute3otkw.sys [7168 2015-11-07] () [File not signed]
R3 V0690Vid; C:\Windows\System32\DRIVERS\V0690Vid.sys [393952 2010-08-11] (Creative Technology Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-22 13:07 - 2016-05-22 13:10 - 00027667 _____ C:\Users\user\Desktop\FRST.txt
2016-05-22 13:07 - 2016-05-22 13:07 - 00000000 ____D C:\FRST
2016-05-22 12:50 - 2016-05-22 12:57 - 00000000 ____D C:\AdwCleaner
2016-05-22 12:50 - 2016-05-22 12:50 - 02383360 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-05-22 12:49 - 2016-05-22 12:49 - 03651136 _____ C:\Users\user\Desktop\AdwCleaner.exe
2016-05-21 15:24 - 2016-05-21 15:24 - 190380682 _____ C:\Users\user\Desktop\20160521-whatsthetruth.mp4
2016-05-21 10:39 - 2016-05-21 14:47 - 00001229 _____ C:\Users\user\Desktop\20160521-whats.txt
2016-05-21 08:07 - 2016-05-21 09:37 - 00786070 _____ C:\Users\user\Desktop\can-you-grow.pptx
2016-05-20 15:53 - 2016-05-20 15:53 - 00029293 _____ C:\Users\user\Desktop\dds.txt
2016-05-20 15:53 - 2016-05-20 15:53 - 00013612 _____ C:\Users\user\Desktop\attach.txt
2016-05-20 15:51 - 2016-05-20 15:51 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.scr
2016-05-20 15:42 - 2016-05-20 15:42 - 00002311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-20 15:42 - 2016-05-20 15:42 - 00002299 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-20 15:41 - 2016-05-22 13:01 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-20 15:41 - 2016-05-22 12:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-20 15:41 - 2016-05-20 15:48 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-20 15:41 - 2016-05-20 15:48 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-19 09:47 - 2016-05-19 09:47 - 06513888 _____ (Tim Kosse) C:\Users\user\Downloads\FileZilla_3.17.0.1_win64-setup.exe
2016-05-19 07:34 - 2016-05-19 07:34 - 00002293 _____ C:\Users\user\Desktop\20160518.txt
2016-05-19 07:28 - 2016-04-23 13:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-19 07:28 - 2016-04-23 12:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-19 07:28 - 2016-04-23 01:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-19 07:28 - 2016-04-23 01:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-19 07:28 - 2016-04-23 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-19 07:28 - 2016-04-23 01:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-19 07:28 - 2016-04-23 01:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-19 07:28 - 2016-04-23 01:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-19 07:28 - 2016-04-23 01:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-19 07:28 - 2016-04-23 01:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-19 07:28 - 2016-04-23 01:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-19 07:28 - 2016-04-23 00:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-19 07:28 - 2016-04-23 00:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-19 07:28 - 2016-04-23 00:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-19 07:28 - 2016-04-23 00:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-19 07:28 - 2016-04-23 00:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-19 07:28 - 2016-04-23 00:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-19 07:28 - 2016-04-23 00:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-19 07:28 - 2016-04-23 00:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-19 07:28 - 2016-04-23 00:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-19 07:28 - 2016-04-23 00:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-19 07:28 - 2016-04-23 00:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-19 07:28 - 2016-04-23 00:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-19 07:28 - 2016-04-23 00:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-19 07:28 - 2016-04-23 00:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-19 07:28 - 2016-04-23 00:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-19 07:28 - 2016-04-23 00:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-19 07:28 - 2016-04-23 00:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-19 07:28 - 2016-04-23 00:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-19 07:28 - 2016-04-23 00:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-19 07:28 - 2016-04-23 00:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-19 07:28 - 2016-04-23 00:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-19 07:28 - 2016-04-23 00:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-19 07:28 - 2016-04-23 00:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-19 07:28 - 2016-04-23 00:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-19 07:28 - 2016-04-23 00:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-19 07:28 - 2016-04-23 00:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-19 07:28 - 2016-04-23 00:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-19 07:28 - 2016-04-23 00:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-19 07:28 - 2016-04-23 00:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-19 07:28 - 2016-04-23 00:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-19 07:28 - 2016-04-23 00:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-19 07:28 - 2016-04-23 00:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-19 07:28 - 2016-04-22 23:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-19 07:28 - 2016-04-22 23:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-19 07:28 - 2016-04-22 23:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-19 07:28 - 2016-04-22 23:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-19 07:28 - 2016-04-22 23:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-19 07:28 - 2016-04-22 23:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-19 07:28 - 2016-04-22 23:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-19 07:28 - 2016-04-22 23:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-19 07:28 - 2016-04-22 23:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-19 07:28 - 2016-04-22 23:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-19 07:28 - 2016-04-22 23:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-19 07:28 - 2016-04-22 23:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-19 07:28 - 2016-04-22 23:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-19 07:28 - 2016-04-22 23:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-19 07:28 - 2016-04-22 23:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-19 07:28 - 2016-04-22 23:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-19 07:28 - 2016-04-22 23:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-19 07:28 - 2016-04-22 23:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-19 07:28 - 2016-04-22 23:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-19 07:28 - 2016-04-22 23:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-19 07:28 - 2016-04-22 23:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-19 07:28 - 2016-04-22 23:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-19 07:28 - 2016-04-22 23:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-19 07:28 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-19 07:28 - 2016-04-14 09:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-19 07:28 - 2016-03-16 14:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-05-19 07:28 - 2016-03-16 14:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-05-19 07:28 - 2016-03-16 14:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-05-19 07:27 - 2016-04-04 14:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-05-19 07:27 - 2016-04-04 14:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-05-19 07:27 - 2016-04-02 09:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-05-19 07:27 - 2016-03-23 10:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-05-19 07:27 - 2016-03-17 18:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-05-19 07:27 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-05-19 07:27 - 2016-03-17 14:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-05-19 07:27 - 2016-03-17 14:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-05-19 07:27 - 2016-03-17 14:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-05-19 07:27 - 2016-03-17 14:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-05-19 07:27 - 2016-03-06 14:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-05-19 07:27 - 2016-03-06 14:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-05-19 07:27 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-05-19 07:27 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-05-19 07:27 - 2016-02-09 05:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-05-19 07:26 - 2016-04-09 03:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-19 07:26 - 2016-04-09 03:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-19 07:26 - 2016-04-09 02:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-19 07:26 - 2016-04-09 02:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-19 07:26 - 2016-04-09 02:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-19 07:26 - 2016-04-09 01:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-19 07:26 - 2016-04-06 11:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-19 07:26 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-05-19 07:26 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-05-19 07:26 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-05-19 07:26 - 2016-03-09 14:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-19 07:26 - 2016-03-09 14:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-19 07:26 - 2016-02-12 14:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-05-19 07:26 - 2016-02-12 14:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-05-19 07:26 - 2016-02-12 14:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-05-19 07:26 - 2016-02-12 14:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-05-19 07:26 - 2016-02-12 14:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-05-19 07:26 - 2016-02-12 14:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-05-19 07:26 - 2016-02-12 14:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-05-19 07:26 - 2016-02-12 14:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-05-19 07:26 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-05-19 07:26 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-05-19 07:26 - 2016-02-12 14:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-05-19 07:26 - 2016-02-12 14:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-05-19 07:26 - 2016-02-12 14:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-05-19 07:26 - 2016-02-12 14:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-05-19 07:26 - 2016-02-12 14:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-05-19 07:26 - 2016-02-12 14:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-05-19 07:26 - 2016-02-09 05:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-05-19 07:26 - 2016-02-09 05:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-05-19 07:26 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-05-19 07:26 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-05-19 07:26 - 2016-02-09 05:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-05-19 07:26 - 2016-02-09 05:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-05-19 07:26 - 2016-02-09 05:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-05-19 07:26 - 2016-02-09 05:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-05-19 07:26 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-05-19 07:26 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-05-19 07:26 - 2016-02-05 14:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-05-19 07:26 - 2016-02-05 14:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-05-19 07:26 - 2016-02-05 14:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-05-19 07:26 - 2016-02-05 14:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-05-19 07:26 - 2016-02-05 14:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-05-19 07:26 - 2016-02-05 14:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-05-19 07:26 - 2016-02-05 14:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-05-19 07:26 - 2016-02-05 14:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-05-19 07:26 - 2016-02-05 14:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-05-19 07:26 - 2016-02-05 13:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-05-19 07:26 - 2016-02-05 13:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-05-19 07:26 - 2016-02-05 13:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-05-19 07:26 - 2016-02-05 13:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-05-19 07:26 - 2016-02-04 21:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-05-19 07:26 - 2016-02-04 14:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-05-19 07:26 - 2016-02-03 14:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-05-19 07:26 - 2016-02-03 14:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-05-19 07:26 - 2016-02-03 14:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-05-19 07:26 - 2016-02-03 14:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-05-19 07:26 - 2016-02-03 14:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-05-19 07:26 - 2016-01-20 20:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-05-19 07:26 - 2016-01-11 15:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-05-19 07:26 - 2015-11-19 10:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-05-19 07:26 - 2015-11-19 10:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-05-19 07:26 - 2015-11-19 10:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-05-19 07:26 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-05-19 07:26 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-05-19 07:26 - 2015-11-19 10:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-05-19 07:26 - 2015-11-19 10:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-05-19 07:26 - 2015-11-19 10:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-05-19 07:26 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-05-19 07:26 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-05-19 07:26 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-05-19 07:26 - 2015-06-03 16:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-05-19 07:25 - 2016-04-09 03:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-19 07:25 - 2016-04-09 03:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-19 07:25 - 2016-04-09 03:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-19 07:25 - 2016-04-09 03:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-19 07:25 - 2016-04-09 03:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-19 07:25 - 2016-04-09 02:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-19 07:25 - 2016-04-09 02:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-19 07:25 - 2016-04-09 02:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-19 07:25 - 2016-04-09 02:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-19 07:25 - 2016-04-09 02:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-19 07:25 - 2016-04-09 02:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-19 07:25 - 2016-04-09 02:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-19 07:25 - 2016-04-09 02:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-19 07:25 - 2016-04-09 02:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-19 07:25 - 2016-04-09 02:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-19 07:25 - 2016-04-09 02:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-19 07:25 - 2016-04-09 02:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-19 07:25 - 2016-04-09 02:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-19 07:25 - 2016-04-09 02:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-19 07:25 - 2016-04-09 02:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-19 07:25 - 2016-04-09 02:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-19 07:25 - 2016-04-09 02:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-19 07:25 - 2016-04-09 02:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 01:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-19 07:25 - 2016-04-09 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-19 07:25 - 2016-04-09 01:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-19 07:25 - 2016-04-09 01:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-19 07:25 - 2016-04-09 01:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-19 07:25 - 2016-04-09 01:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-19 07:25 - 2016-04-09 01:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-19 07:25 - 2016-04-09 01:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-19 07:25 - 2016-04-09 01:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-19 07:25 - 2016-04-09 01:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-19 07:25 - 2016-04-09 01:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-19 07:25 - 2016-04-09 01:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-19 07:25 - 2016-04-09 01:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-19 07:25 - 2016-04-09 01:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-19 07:25 - 2016-04-09 01:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-19 07:25 - 2016-04-09 01:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-19 07:25 - 2016-04-09 01:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-19 07:25 - 2016-04-09 01:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 01:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 01:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-19 07:25 - 2016-04-09 01:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-19 07:25 - 2016-02-02 14:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-05-19 07:18 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-19 07:18 - 2016-04-08 23:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-18 22:57 - 2016-05-18 22:57 - 147987265 _____ C:\Users\user\Desktop\20160518-Whatsthetruthabout you.mp4
2016-05-18 21:29 - 2016-05-21 15:24 - 00000000 ____D C:\Users\user\Desktop\original
2016-05-18 21:29 - 2016-05-18 21:29 - 98482042 _____ C:\Users\user\Desktop\20160501- Let_s learn to craft an empowering context .mp4
2016-05-17 16:50 - 2016-05-17 16:50 - 00000000 ____D C:\Program Files (x86)\RssAuthoritySniper2
2016-05-16 12:38 - 2016-05-16 12:38 - 00000000 ____D C:\searchplugins
2016-05-16 12:38 - 2016-05-16 12:38 - 00000000 ____D C:\extensions
2016-05-14 10:37 - 2016-05-14 10:37 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160514_103744
2016-05-12 13:31 - 2016-05-12 13:31 - 00001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-05-09 13:17 - 2016-05-09 13:17 - 00000082 _____ C:\Users\user\Desktop\reinvent.txt
2016-05-07 13:12 - 2016-05-07 13:12 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160507_131259
2016-05-05 22:17 - 2016-05-08 15:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-05 20:30 - 2016-05-05 20:30 - 00156172 _____ C:\Users\user\Desktop\amen01.pdf
2016-05-03 14:13 - 2016-05-03 14:13 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\10551806.sys
2016-05-01 18:44 - 2016-05-01 18:44 - 00000000 ____D C:\Users\user\Desktop\Peak_ Secrets from the New Science (122)
2016-05-01 18:42 - 2016-05-01 18:42 - 00000000 ____D C:\Users\user\Desktop\New folder
2016-05-01 15:13 - 2016-05-01 15:13 - 00001062 _____ C:\Users\user\Desktop\notes-for-science-of-mastery.txt
2016-05-01 14:12 - 2016-05-01 14:12 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160501_141240
2016-05-01 14:12 - 2016-05-01 14:12 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160501_141239
2016-04-27 17:23 - 2016-04-27 17:23 - 00000146 _____ C:\Users\user\Desktop\Sound - Shortcut.lnk
2016-04-27 15:15 - 2016-04-27 15:15 - 00000227 _____ C:\Users\user\Desktop\theta.txt
2016-04-25 14:06 - 2016-04-25 14:06 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\339E2107.sys
2016-04-24 06:42 - 2016-04-24 06:42 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064216
2016-04-24 06:42 - 2016-04-24 06:42 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064215
2016-04-24 06:42 - 2016-04-24 06:42 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064214
2016-04-24 06:42 - 2016-04-24 06:42 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064213
2016-04-24 06:42 - 2016-04-24 06:42 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064212
2016-04-24 06:42 - 2016-04-24 06:42 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064211
2016-04-24 06:42 - 2016-04-24 06:42 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064210
2016-04-24 06:42 - 2016-04-24 06:42 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064209
2016-04-24 06:42 - 2016-04-24 06:42 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064208
2016-04-24 06:42 - 2016-04-24 06:42 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064207
2016-04-24 06:42 - 2016-04-24 06:42 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064206
2016-04-24 06:42 - 2016-04-24 06:42 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064205
2016-04-24 06:42 - 2016-04-24 06:42 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064204
2016-04-24 06:42 - 2016-04-24 06:42 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064203
2016-04-24 06:42 - 2016-04-24 06:42 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064202
2016-04-24 06:42 - 2016-04-24 06:42 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064201
2016-04-24 06:42 - 2016-04-24 06:42 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064200
2016-04-24 06:41 - 2016-04-24 06:41 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064159
2016-04-24 06:41 - 2016-04-24 06:41 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064158
2016-04-24 06:41 - 2016-04-24 06:41 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064157
2016-04-24 06:41 - 2016-04-24 06:41 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064156
2016-04-24 06:41 - 2016-04-24 06:41 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064155
2016-04-24 06:40 - 2016-04-24 06:40 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064053
2016-04-24 06:40 - 2016-04-24 06:40 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064052
2016-04-24 06:40 - 2016-04-24 06:40 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064051
2016-04-24 06:40 - 2016-04-24 06:40 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160424_064050
2016-04-22 14:12 - 2016-04-22 14:12 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\1F153B3C.sys
2016-04-22 12:37 - 2016-04-22 12:37 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160422_123728
2016-04-22 12:30 - 2016-04-22 12:30 - 00002038 _____ C:\Users\user\Desktop\Kindle.lnk
2016-04-22 11:56 - 2016-04-22 11:56 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160422_115605
2016-04-22 11:56 - 2016-04-22 11:56 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160422_115604
2016-04-22 11:56 - 2016-04-22 11:56 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160422_115603
2016-04-22 11:56 - 2016-04-22 11:56 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160422_115602
2016-04-22 11:56 - 2016-04-22 11:56 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160422_115601
2016-04-22 11:56 - 2016-04-22 11:56 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160422_115600
2016-04-22 11:55 - 2016-04-22 11:55 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160422_115559
2016-04-22 11:55 - 2016-04-22 11:55 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160422_115558
2016-04-22 11:55 - 2016-04-22 11:55 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160422_115557
2016-04-22 11:55 - 2016-04-22 11:55 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160422_115556
2016-04-22 11:55 - 2016-04-22 11:55 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160422_115555
2016-04-22 11:55 - 2016-04-22 11:55 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160422_115554
2016-04-22 11:55 - 2016-04-22 11:55 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160422_115553
2016-04-22 11:55 - 2016-04-22 11:55 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160422_115552
2016-04-22 11:55 - 2016-04-22 11:55 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160422_115551
2016-04-22 11:55 - 2016-04-22 11:55 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160422_115550
2016-04-22 11:55 - 2016-04-22 11:55 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160422_115549
2016-04-22 11:55 - 2016-04-22 11:55 - 00000000 ____D C:\Users\user\AppData\Roaming\ebook_convert_20160422_115548

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-22 13:07 - 2012-10-04 14:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-22 13:06 - 2012-11-12 13:12 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2016-05-22 13:04 - 2015-09-18 18:23 - 00000500 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-05-22 13:04 - 2013-03-11 18:15 - 00000000 ____D C:\Users\user\AppData\Roaming\AntRapunzel
2016-05-22 13:02 - 2012-09-16 11:17 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-05-22 13:01 - 2015-11-09 11:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-22 13:01 - 2013-08-08 20:03 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-05-22 13:01 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-22 12:59 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing
2016-05-22 12:48 - 2015-05-31 18:35 - 00000632 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4103537104-1711098450-1323067865-1000.job
2016-05-22 12:47 - 2009-07-14 00:45 - 00026704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-22 12:47 - 2009-07-14 00:45 - 00026704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-22 12:43 - 2013-04-01 10:20 - 00000000 ____D C:\Users\user\Desktop\___software
2016-05-22 12:34 - 2014-02-01 12:48 - 00000536 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4103537104-1711098450-1323067865-1000.job
2016-05-22 10:58 - 2015-11-23 11:59 - 00000000 ____D C:\Users\user\Desktop\__icd-bm1_Sophie
2016-05-21 19:15 - 2016-01-15 15:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-21 08:26 - 2014-08-06 20:16 - 00000000 ____D C:\Users\user\AppData\Roaming\Everything
2016-05-20 15:41 - 2012-09-15 18:55 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-20 15:14 - 2016-02-21 07:52 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-20 15:14 - 2016-02-21 07:52 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-20 15:13 - 2015-11-15 23:05 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-20 15:12 - 2012-08-01 16:22 - 00000000 ____D C:\Users\user\AppData\Local\Google
2016-05-19 19:41 - 2012-11-27 08:33 - 00000000 ____D C:\Users\user\AppData\Roaming\EditPlus 3
2016-05-19 15:41 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-05-19 15:40 - 2012-09-15 18:40 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-05-19 15:40 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-05-19 15:38 - 2009-07-14 01:13 - 00789228 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-19 15:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-19 15:31 - 2009-07-14 00:45 - 00307064 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-19 15:29 - 2015-11-06 18:02 - 00547149 _____ C:\Windows\system32\RAIHVDump.dmp
2016-05-19 15:27 - 2011-04-12 04:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-19 15:24 - 2013-04-24 22:13 - 00000000 ____D C:\Users\user\AppData\Roaming\FileZilla
2016-05-19 09:56 - 2016-04-13 15:41 - 00002137 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2016-05-19 09:56 - 2013-04-24 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-05-19 09:56 - 2013-04-24 22:13 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2016-05-19 09:45 - 2012-10-04 13:25 - 00000000 ____D C:\Users\user\Documents\My RoboForm Data
2016-05-19 07:54 - 2013-07-12 10:31 - 00000000 ____D C:\Windows\system32\MRT
2016-05-19 07:35 - 2012-12-04 18:48 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-19 07:30 - 2013-12-16 12:08 - 00000036 ____H C:\Windows\SysWOW64\f9t.dat
2016-05-19 02:26 - 2015-05-31 18:35 - 00003658 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-4103537104-1711098450-1323067865-1000
2016-05-19 02:26 - 2014-02-01 12:48 - 00003562 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4103537104-1711098450-1323067865-1000
2016-05-17 17:22 - 2015-12-18 18:18 - 00000000 ____D C:\Users\user\Documents\RSS Authority Sniper 2.0
2016-05-17 16:50 - 2015-12-18 18:18 - 00001033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RssAuthoritySniper2.lnk
2016-05-16 12:37 - 2015-12-16 21:23 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-16 12:37 - 2012-11-12 13:12 - 00000000 ____D C:\ProgramData\Skype
2016-05-16 07:33 - 2013-12-25 15:41 - 00000000 ____D C:\Users\user\Documents\Calibre Library
2016-05-15 15:54 - 2015-03-19 14:30 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2016-05-14 11:47 - 2014-08-29 15:48 - 00000000 ____D C:\Users\user\Documents\My Kindle Content
2016-05-14 10:40 - 2016-04-14 20:27 - 00000000 ____D C:\Users\user\decrypt
2016-05-14 10:40 - 2014-08-29 15:52 - 00000000 ____D C:\Users\user\AllDRMRemoval
2016-05-14 10:38 - 2014-08-29 15:52 - 00000000 ____D C:\Users\user\AppData\Roaming\.AllDRMRemoval
2016-05-14 10:37 - 2016-04-14 20:27 - 00000000 ____D C:\Users\user\AppData\Roaming\epubor_log
2016-05-13 12:07 - 2012-10-04 14:07 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 12:07 - 2012-10-04 14:07 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-13 12:07 - 2012-10-04 14:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-12 14:56 - 2012-09-16 08:20 - 00069704 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-12 01:14 - 2014-12-24 14:26 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-10 17:25 - 2009-07-14 01:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-09 15:26 - 2012-10-04 13:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-01 18:33 - 2016-02-01 09:07 - 00001000 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2016-05-01 18:33 - 2013-12-25 15:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2016-05-01 18:33 - 2013-12-25 15:41 - 00000000 ____D C:\Program Files (x86)\Calibre2
2016-04-23 19:08 - 2013-02-25 08:05 - 00000000 ____D C:\ProgramData\PCPitstop
2016-04-23 13:10 - 2013-11-23 14:57 - 00000000 ___RD C:\Users\user\Desktop\_stuff
2016-04-22 12:36 - 2012-11-27 08:23 - 00000000 ____D C:\Users\user\AppData\Roaming\Classic Start Menu
2016-04-22 12:30 - 2013-02-03 10:12 - 00000000 ____D C:\Program Files (x86)\Amazon

==================== Files in the root of some directories =======

2013-02-28 18:35 - 2013-04-02 15:57 - 0001019 _____ () C:\Program Files (x86)\EasySocialRanker.lnk
2013-04-16 19:21 - 2013-04-16 19:21 - 0001031 _____ () C:\Program Files (x86)\OnlinePRSubmitter.lnk
2015-07-22 15:57 - 2015-07-22 15:57 - 0000088 _____ () C:\Users\user\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
2014-08-19 13:43 - 2014-08-19 13:43 - 0000000 _____ () C:\Users\user\AppData\Roaming\fonts.txt
2015-07-22 16:02 - 2015-07-22 16:02 - 0000128 _____ () C:\Users\user\AppData\Roaming\GWMC-I92M
2013-11-13 13:28 - 2013-11-13 13:28 - 0000084 _____ () C:\Users\user\AppData\Roaming\kdmlic.txt
2013-12-07 18:33 - 2013-12-07 18:33 - 0000082 _____ () C:\Users\user\AppData\Roaming\kflic.txt
2015-07-22 15:57 - 2015-10-10 19:20 - 0000256 _____ () C:\Users\user\AppData\Roaming\RO39-2M3Q
2013-02-08 16:14 - 2016-04-21 14:47 - 0007680 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-10 17:23 - 2015-03-10 17:23 - 0000119 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-04-30 18:09 - 2015-04-30 18:09 - 0000097 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\user\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-08 21:25

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (47.1 KB, 27 views)
mavensophie is offline  
Old 05-22-2016, 01:09 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello mavensophie. How is the machine behaving? Any improvement since running AdwCleaner?

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CustomCLSID: HKU\S-1-5-21-4103537104-1711098450-1323067865-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-4103537104-1711098450-1323067865-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-4103537104-1711098450-1323067865-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
    CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\gcswf32.dll => No File
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
    CHR Plugin: (Google Update) - C:\Users\user\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll => No File
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-22-2016, 01:41 PM   #6
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

Hi Chemist, and thank you.
I opened Chrome and there were no issues. I hope this means that it is fixed... it feels that way.

thank you so much for your help.

Fix result of Farbar Recovery Scan Tool (x64) Version:22-05-2016 01
Ran by user (2016-05-22 16:20:10) Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & UpdatusUser & Sophie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-4103537104-1711098450-1323067865-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4103537104-1711098450-1323067865-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4103537104-1711098450-1323067865-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\gcswf32.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Users\user\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll => No File
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKU\S-1-5-21-4103537104-1711098450-1323067865-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKU\S-1-5-21-4103537104-1711098450-1323067865-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-4103537104-1711098450-1323067865-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{FFB3A759-98B1-446F-BDA9-909C6EB18CC7}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FFB3A759-98B1-446F-BDA9-909C6EB18CC7}" => key removed successfully
C:\Users\user\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\gcswf32.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => not found.
C:\Users\user\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll => not found.
EmptyTemp: => 1.2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 16:22:42 ====
mavensophie is offline  
Old 05-23-2016, 06:31 AM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, mavensophie. You're very welcome. Glad to hear it. Just a bit more to go to be sure.

Did you uninstall PC Pitstop Optimize?

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Your Java is out of date.

Java(TM) 8 Update 77 can be updated from the Java Control Panel. Go Start > Control Panel > Programs > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it. Also, let Java remove older versions if prompted.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-23-2016, 08:23 AM   #8
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/23/2016
Scan Time: 9:48 AM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.23.03
Rootkit Database: v2016.05.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 426059
Time Elapsed: 1 hr, 22 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

uninstalled pc optimize... :-(
updated Java
will post eset... it takes ages to scan my pc because I have so many files.
mavensophie is offline  
Old 05-23-2016, 11:14 AM   #9
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

it's taking forever.

here are the results for now...
C:\Program Files (x86)\The Creative Bots\Article Factory\autobots.exe a variant of MSIL/Ubot.D potentially unsafe application
C:\Program Files (x86)\The Creative Bots Inc\Keywords Demon\KDUbot.exe a variant of MSIL/Ubot.D potentially unsafe application
C:\Users\user\Desktop\_stuff\KeywordsDemonInstallShield.exe a variant of MSIL/Ubot.D potentially unsafe application
C:\Users\user\Desktop\_stuff\oz-bonus\DomainValuator.zip a variant of MSIL/Ubot.C potentially unsafe application
C:\Users\user\Desktop\___software\ArticleFactoryPro-Installshield.exe a variant of MSIL/Ubot.D potentially unsafe application
C:\Users\user\Desktop\___software\FB-Engage-setup.zip a variant of MSIL/Ubot.D potentially unsafe application
C:\Users\user\Desktop\___software\UniversalSQLEditorSetup.exe Win32/WinWrapper.M potentially unwanted application

I have to restart it: I need my computer and I need my virus protection on...

I'll post the complete scan tomorrow. I'll do the scanning overnight.

thank you
mavensophie is offline  
Old 05-23-2016, 11:20 AM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're welcome! No hurry, let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-24-2016, 04:27 AM   #11
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

Hi Chemist. good morning.
eset finished and found only the same seven... so I won't post it again.

On the other hand when I woke up this morning I found an error message saying that Microsoft Bing service Crashed.

Is that the "service" that pushed Windows 10?

Please let me know.

Thank you.

Sophie
mavensophie is offline  
Old 05-24-2016, 05:55 AM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Sophie. You're very welcome.

Bing is just Microsoft's search engine. It doesn't push Win10.

Reboot and see if you get the same error.

I will be away from the keyboard for about an hour or so.

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

sc stop PCPitstop Scheduling

A DOS window will open and close again, this is normal.

Repeat for this command:

sc delete PCPitstop Scheduling

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Program Files (x86)\The Creative Bots\Article Factory\autobots.exe"
"C:\Program Files (x86)\The Creative Bots Inc\Keywords Demon\KDUbot.exe"
"C:\Users\user\Desktop\_stuff\KeywordsDemonInstallShield.exe"
"C:\Users\user\Desktop\_stuff\oz-bonus\DomainValuator.zip"
"C:\Users\user\Desktop\___software\ArticleFactoryPro-Installshield.exe"
"C:\Users\user\Desktop\___software\FB-Engage-setup.zip"
"C:\Users\user\Desktop\___software\UniversalSQLEditorSetup.exe"


) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

for %%g in (

"C:\ProgramData\PCPitstop"
"C:\Program Files (x86)\PCPitstop"

) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files to your desktop then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-24-2016, 08:51 AM   #13
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

I was away myself... grocery shopping.

I ran fix.bat and it says: successfully deleted, click and key to continue...

I also ran the pc pitstop commands.
I thought I have uninstalled pc pitstop
mavensophie is offline  
Old 05-24-2016, 08:54 AM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



One of those commands was just to be sure the PC Pitstop service was deleted.

Are you still getting the Bing service error?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-24-2016, 09:26 AM   #15
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

no bing error.

one thing I noticed that every time I start chrome, it says that another program has altered its settings...
mavensophie is offline  
Old 05-24-2016, 10:24 AM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Can you show a pic of the message? Do you see what settings have been altered?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-24-2016, 10:27 AM   #17
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

go figure, it held onto the settings. let me reboot and see if it makes a difference.
mavensophie is offline  
Old 05-24-2016, 11:05 AM   #18
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

ok. no more chrome errors.
mavensophie is offline  
Old 05-24-2016, 12:43 PM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Congratulations. Well done! Your logs appear clean. You should be good to go.
  • Go to Computer > System properties > System protection > Configure.
  • Check 'Turn off system protection' > Apply > Yes > OK.
  • Now turn it back on > Configure
  • Check 'Restore system settings and previous versions of files'.
  • Click Apply > OK > OK.
This will flush out older possibly infected System Restore Points and create one fresh, clean System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

Help BleepingComputer Defend Freedom of Speech

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Support - Windows Help

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-24-2016, 02:18 PM   #20
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

thank you. I will figure out the hard stuff.

You went way beyond the call of duty, and were kind, I appreciate it. Thank you for that.
I have donated on bleepingcomputers.

Thank you again.
Sophie
mavensophie is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
I think malware has affected my computer's internet
First of all I must say that I don't know if this is the correct place to post this since I am new to the forum but I'm too stressed out to deal with having to pay for online tech support and whatnot. Getting straight to the problem, it's the first time this has happened to me on this computer...
XToxicAsassinzX Inactive Malware Help Topics 5 05-29-2014 05:13 AM
computer freezes redirects to different sites on google
Please help. My computer has been running slow and many times when I upload a page it says it is not responding. The other issue is that when I do a search on google and click on the correct search,it directs me to another soliciting site. I have tried to run GMER both ways and it just will not...
lubo1 Inactive Malware Help Topics 8 02-21-2011 09:28 PM
Browser Redirect Issue
I have been having an issue with both IE and Firefox redirecting Google search results a majority of the time. I had done a scan with Spybot Search & Destroy prior to posting here and "Fraud.WindowsProtectionSuite" (15 entries) and "Microsoft.Windows.RedirectedHosts" (3 entries) were the only...
bob2881 Resolved HJT Threads 21 02-21-2011 06:48 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:56 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts