Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Hacked by "Fake" microsoft representative from Supremo

This is a discussion on Hacked by "Fake" microsoft representative from Supremo within the Resolved HJT Threads forums, part of the Tech Support Forum category. I received a phone call from a man claiming to work for Microsoft. He told me my computer was being


 
 
Thread Tools Search this Thread
Old 09-17-2016, 06:30 PM   #1
Registered Member
 
Tdoggy187's Avatar
 
Join Date: Feb 2010
Location: NC
Posts: 253
OS: Windows 7


Idea

I received a phone call from a man claiming to work for Microsoft. He told me my computer was being hacked from people
from another country. He brought me to a box that showed errors in red and warning symbols in yellow with yesterday's date. He then had me download supremo software which allowed him to access my computer. He then showed me my ip address and other ip addresses right next to it that said established. And he said that was the hackers getting into my computer. Then I lost connection with him and I signed out of everything. I thought he was going to try to sell me some kind of virus program but he said no on the phone. I was outside and couldn't get back to my computer and he must have called me 50 times. No joke. I didn't answer. I wasn't going to buy anything. Then he called again maybe an hour later and I told him to call me at night and shut my phone off. And became very worried. Especially when today I was trying to play my game called "Evony" using opera and it wasn't working. I uninstalled opera. And deleted the supremo. And now I have contaced the pros ;-) You guys. I am very nervous that my system has indeed been hacked by this man ;-( Please help. I have done the steps and attached the logs. Thanks I do not have a boot cd or Windows Install cd for this computer.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18450
Run by User at 21:03:05 on 2016-09-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8053.5631 [GMT -4:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: IObit Malware Fighter *Disabled/Outdated* {4D381C57-3C7A-6F22-07EB-639F49E836D4}
SP: Kaspersky Anti-Virus *Enabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files (x86)\SuperBoost\Superb Game Boost\SuperbGameBoostMain.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = Google
mWinlogon: Userinit = userinit.exe,
BHO: True Key Helper: {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Advanced SystemCare Surfing Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll
TB: True Key: {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
uPolicies-Explorer: NoSimpleNetIDList = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{485967DD-11D1-470A-8F30-03041C948D3F} : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{65F7A15D-77CF-4E0A-A913-9CD717566798} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8C1621D8-C15F-4397-9481-159674F36310} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8C1621D8-C15F-4397-9481-159674F36310}\144545332393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{9C169257-4C15-4092-8A2E-22693D94B6D4} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skypec2c - <Clsid value has no data>
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = Google
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
x64-BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll
x64-TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skypec2c - <Clsid value has no data>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 spywareinfo.com¬*-¬*This website is for sale!¬*-¬*spywareinfo Resources and Information.
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kh0o9kx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL -
FF - plugin: c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll
FF - plugin: c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrlui.dll
FF - plugin: C:\Users\User\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_22_0_0_192.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_23_0_0_162.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 cm_km;AO Kaspersky Lab Cryptographic Module x64 (56 bit);C:\Windows\System32\drivers\cm_km.sys [2016-6-10 238936]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;C:\Windows\System32\drivers\klbackupdisk.sys [2016-6-7 63920]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2014-5-22 53488]
R1 GUBootStartup;GUBootStartup;C:\Windows\System32\drivers\GUBootStartup.sys [2015-2-11 20160]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2015-4-15 26528]
R1 klbackupflt;Kaspersky Lab klbackupflt;C:\Windows\System32\drivers\klbackupflt.sys [2016-6-15 86352]
R1 klhk;Kaspersky Lab service driver;C:\Windows\System32\drivers\klhk.sys [2016-6-20 305496]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2016-6-20 50008]
R1 klpd;Kaspersky Lab format recognizer driver;C:\Windows\System32\drivers\klpd.sys [2016-5-31 45488]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2016-5-17 75696]
R1 Klwtp;KLwtp - WFP callout traffic inspector;C:\Windows\System32\drivers\klwtp.sys [2016-6-2 126360]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2016-6-14 194480]
R2 AVP17.0.0;Kaspersky Anti-Virus Service 17.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [2016-6-28 241544]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2015-4-15 1600288]
R2 kldisk;kldisk;C:\Windows\System32\drivers\kldisk.sys [2016-5-31 78216]
R2 KSDE1.0.0;Kaspersky Secure Connection Service 1.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [2016-6-28 241544]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2016-8-6 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2016-8-6 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2016-8-6 171928]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2015-4-15 70168]
R3 klflt;Kaspersky Lab Kernel DLL;C:\Windows\System32\drivers\klflt.sys [2016-9-17 189264]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2016-5-19 52144]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2015-6-7 41648]
R3 kltap;Kaspersky Security Data Escort Adapter;C:\Windows\System32\drivers\kltap.sys [2016-6-7 52152]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2016-7-17 33960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2015-4-15 3046688]
S2 sgbupt;SuperBoost Software Updater;C:\Program Files (x86)\SuperBoost\SuperBoost Software Updater\SuperBoostUpdater.exe [2016-8-4 2600256]
S3 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe [2015-3-28 89840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-9-16 114688]
S3 IntelBCAsvc;Intel(R) Biometric and Context Agent Service;C:\Program Files\Intel\BCA\pabeSvc64.exe [2015-11-25 3020440]
S3 klvssbrigde64;klvssbrigde64;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [2016-6-28 77328]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2015-3-4 133816]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-22 19456]
S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2016-5-12 34848]
S3 rtl8192U;Realtek RTL8192u 802.11n Wireless LAN USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192u.sys [2010-4-13 1631264]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-7-25 324224]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-22 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-5-22 30208]
S3 WatAdminSvc;WatAdminSvc;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-22 1255736]
S4 IMFFilter;IMFFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [2016-5-12 22208]
S4 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2014-11-26 25056]
.
=============== Created Last 30 ================
.
2016-09-18 01:00:50 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{874E10C1-4094-4D86-9986-B3C2614F0FD3}\offreg.3852.dll
2016-09-17 14:22:42 -------- dc----w- C:\ProgramData\Kaspersky Lab Setup Files
2016-09-17 08:49:05 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{874E10C1-4094-4D86-9986-B3C2614F0FD3}\offreg.2608.dll
2016-09-17 08:48:02 12221144 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2016-09-17 08:47:52 11847048 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{874E10C1-4094-4D86-9986-B3C2614F0FD3}\mpengine.dll
2016-09-17 08:14:11 110176 -c--a-w- C:\Windows\System32\klfphc.dll
2016-09-17 08:13:52 -------- dc----w- C:\Windows\ELAMBKUP
2016-09-17 08:13:48 -------- dc----w- C:\ProgramData\Kaspersky Lab
2016-09-17 08:13:48 -------- dc----w- C:\Program Files (x86)\Kaspersky Lab
2016-09-17 08:13:33 189264 -c--a-w- C:\Windows\System32\drivers\klflt.sys
2016-09-16 23:09:16 -------- dc----w- C:\Program Files\CCleaner
2016-09-16 21:23:59 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-09-16 21:16:21 5548264 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-09-16 21:15:59 666112 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2016-09-16 21:10:48 877056 ----a-w- C:\Windows\System32\oleaut32.dll
2016-09-16 21:10:48 581632 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2016-09-16 18:27:30 -------- dc----w- C:\ProgramData\SupremoRemoteDesktop
2016-08-25 17:13:44 327112 -c--a-w- C:\Program Files (x86)\Mozilla Firefox\tobedeleted\rep630A.tmp
2016-08-19 20:44:54 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2016-08-19 20:44:54 2048 ----a-w- C:\Windows\System32\tzres.dll
.
==================== Find3M ====================
.
2016-09-17 16:05:29 796352 -c--a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-09-17 16:05:29 142528 -c--a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-09-17 14:44:57 50008 -c--a-w- C:\Windows\System32\drivers\klim6.sys
2016-09-17 14:44:32 126360 -c--a-w- C:\Windows\System32\drivers\klwtp.sys
2016-09-17 14:40:10 305496 -c--a-w- C:\Windows\System32\drivers\klhk.sys
2016-09-17 01:28:28 192216 -c--a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-09-16 22:11:11 464896 ----a-w- C:\Windows\System32\drivers\srv.sys
2016-09-16 22:11:11 405504 ----a-w- C:\Windows\System32\drivers\srv2.sys
2016-09-16 22:11:11 168960 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2016-09-16 2206 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-09-16 2205 2921472 ----a-w- C:\Windows\System32\wininet.dll
2016-09-16 2203 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-09-16 2200 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-09-16 2200 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-09-16 22:03:11 690688 ----a-w- C:\Windows\SysWow64\adtschema.dll
2016-09-16 22:02:58 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-09-16 22:02:58 706280 ----a-w- C:\Windows\System32\winload.efi
2016-09-16 22:02:58 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2016-09-16 22:02:58 631176 ----a-w- C:\Windows\System32\winresume.efi
2016-09-16 22:02:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2016-09-16 22:02:58 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-09-16 22:02:58 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2016-09-16 22:02:57 44032 ----a-w- C:\Windows\System32\csrsrv.dll
2016-09-16 22:02:57 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-09-16 22:02:57 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2016-09-16 22:02:57 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-09-16 21:56:50 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2016-09-16 21:56:50 3218432 ----a-w- C:\Windows\System32\win32k.sys
2016-09-16 21:56:50 1009152 ----a-w- C:\Windows\System32\user32.dll
2016-09-04 01:29:59 110144 -c--a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2016-08-03 02:36:19 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
2016-08-03 02:35:49 970240 ----a-w- C:\Windows\System32\localspl.dll
2016-08-03 02:35:49 756736 ----a-w- C:\Windows\System32\win32spl.dll
2016-08-03 02:35:49 61952 ----a-w- C:\Windows\SysWow64\ntprint.exe
2016-08-03 02:35:49 61952 ----a-w- C:\Windows\System32\ntprint.exe
2016-08-03 02:35:49 497152 ----a-w- C:\Windows\SysWow64\win32spl.dll
2016-08-03 02:35:49 48640 ----a-w- C:\Windows\System32\wpnpinst.exe
2016-08-03 02:35:49 344576 ----a-w- C:\Windows\System32\ntprint.dll
2016-08-03 02:35:49 297472 ----a-w- C:\Windows\SysWow64\ntprint.dll
2016-08-03 02:35:49 22528 ----a-w- C:\Windows\System32\inetppui.dll
2016-08-03 02:35:49 166400 ----a-w- C:\Windows\System32\inetpp.dll
2016-07-27 19:25:34 504488 -c----w- C:\Windows\System32\MpSigStub.exe
2016-07-17 13:02:56 33960 -c--a-w- C:\Windows\System32\drivers\Smb_driver_Intel.sys
2016-06-23 00:00:29 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2016-06-23 00:00:29 46080 ----a-w- C:\Windows\System32\atmlib.dll
2016-06-23 00:00:29 41472 ----a-w- C:\Windows\System32\lpk.dll
2016-06-23 00:00:29 382184 ----a-w- C:\Windows\System32\atmfd.dll
2016-06-23 00:00:29 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2016-06-23 00:00:29 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2016-06-23 00:00:29 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2016-06-23 00:00:29 14336 ----a-w- C:\Windows\System32\dciman32.dll
2016-06-23 00:00:29 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2016-06-23 00:00:29 100864 ----a-w- C:\Windows\System32\fontsub.dll
2016-06-23 00:00:04 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2016-06-23 00:00:04 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2016-06-22 23:59:37 444928 ----a-w- C:\Windows\System32\winhttp.dll
2016-06-22 23:59:37 351744 ----a-w- C:\Windows\SysWow64\winhttp.dll
2016-06-22 23:59:37 327168 ----a-w- C:\Windows\System32\mswsock.dll
2016-06-22 23:59:37 296448 ----a-w- C:\Windows\System32\ws2_32.dll
2016-06-22 23:59:37 26624 ----a-w- C:\Windows\SysWow64\netbtugc.exe
2016-06-22 23:59:37 262144 ----a-w- C:\Windows\System32\drivers\netbt.sys
2016-06-22 23:59:37 25088 ----a-w- C:\Windows\System32\netbtugc.exe
2016-06-22 23:59:37 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2016-06-22 23:59:37 206336 ----a-w- C:\Windows\SysWow64\ws2_32.dll
2016-06-22 23:58:38 405504 ----a-w- C:\Windows\System32\gdi32.dll
2016-06-22 23:58:38 312832 ----a-w- C:\Windows\SysWow64\gdi32.dll
2016-06-22 23:58:10 96256 ----a-w- C:\Windows\System32\gpapi.dll
2016-06-22 23:58:10 794624 ----a-w- C:\Windows\System32\gpsvc.dll
2016-06-22 23:58:09 79360 ----a-w- C:\Windows\SysWow64\gpapi.dll
2016-06-22 23:58:09 75776 ----a-w- C:\Windows\System32\FwRemoteSvr.dll
2016-06-22 23:58:09 70144 ----a-w- C:\Windows\SysWow64\winipsec.dll
2016-06-22 23:58:09 502272 ----a-w- C:\Windows\System32\IPSECSVC.DLL
2016-06-22 23:58:09 44032 ----a-w- C:\Windows\SysWow64\FwRemoteSvr.dll
2016-06-22 23:58:09 373760 ----a-w- C:\Windows\System32\polstore.dll
2016-06-22 23:58:09 274944 ----a-w- C:\Windows\SysWow64\polstore.dll
2016-06-22 23:58:09 105472 ----a-w- C:\Windows\System32\winipsec.dll
2016-06-22 23:57:24 459640 ----a-w- C:\Windows\System32\drivers\cng.sys
2016-06-22 23:57:22 297984 ----a-w- C:\Windows\System32\bcryptprimitives.dll
2016-06-22 23:57:22 249352 ----a-w- C:\Windows\SysWow64\bcryptprimitives.dll
.
============= FINISH: 21:03:42.38 ===============
Attached Files
File Type: txt dds.txt (22.5 KB, 45 views)
File Type: txt attach.txt (12.6 KB, 106 views)
Tdoggy187 is offline  
Sponsored Links
Advertisement
 
Old 09-18-2016, 02:13 PM   #2
Registered Member
 
Tdoggy187's Avatar
 
Join Date: Feb 2010
Location: NC
Posts: 253
OS: Windows 7



While I wait for some help. Can I try opera again or should I hold off? Please answer this as soon as you can. I know thew above takes time and work..... I will be patient
Tdoggy187 is offline  
Old 09-18-2016, 02:26 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

It appears that you have two antivirus programs installed and running, IObit Malware Fighter and Kaspersky.

While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs.

Please uninstall IObit Malware Fighter/IObit Uninstaller via Programs and Features in your Control Panel.

------------------------------------------------------

Please uninstall Spybot while we clean your machine. It sometimes interferes with our fixes.

You can reinstall it when we are done here.

------------------------------------------------------

CCleaner
Glary Utilities


We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling Glary Utilities via Programs and Features in your Control Panel.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------

Check for additional security risks:
  • Please download CKScanner© by askey127 and save it to your desktop.
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, just click OK.
  • Post the contents of ckfiles.txt in your next reply. It is located on your desktop.
------------------------------------------------------

You can try Opera again now.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 09-18-2016, 05:24 PM   #4
Registered Member
 
Tdoggy187's Avatar
 
Join Date: Feb 2010
Location: NC
Posts: 253
OS: Windows 7


Pin

# AdwCleaner v6.020 - Logfile created 18/09/2016 at 19:58:54
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-18.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\AdwCleaner (6).exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}


***** [ Web browsers ] *****

[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bbmegnmpleoagolcnjnejdacakedpcgd
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: igjjkeeamkpihpncmmbgdkhdnjpcfmfb


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C2].txt - [3824 Bytes] - [17/09/2016 22:45:08]
C:\AdwCleaner\AdwCleaner[C3].txt - [1308 Bytes] - [18/09/2016 19:58:54]
C:\AdwCleaner\AdwCleaner[C4].txt - [3471 Bytes] - [10/09/2015 20:58:06]
C:\AdwCleaner\AdwCleaner[R0].txt - [13649 Bytes] - [08/08/2015 17:45:11]
C:\AdwCleaner\AdwCleaner[R1].txt - [5721 Bytes] - [08/08/2015 17:56:34]
C:\AdwCleaner\AdwCleaner[R2].txt - [6347 Bytes] - [14/08/2015 01:42:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [8942 Bytes] - [08/08/2015 17:47:37]
C:\AdwCleaner\AdwCleaner[S1].txt - [1082 Bytes] - [08/08/2015 17:58:33]
C:\AdwCleaner\AdwCleaner[S2].txt - [1715 Bytes] - [14/08/2015 02:03:28]
C:\AdwCleaner\AdwCleaner[S4].txt - [3371 Bytes] - [10/09/2015 20:39:30]
C:\AdwCleaner\AdwCleaner[S5].txt - [3913 Bytes] - [17/09/2016 22:40:07]
C:\AdwCleaner\AdwCleaner[S6].txt - [2265 Bytes] - [18/09/2016 19:58:23]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [2112 Bytes] ##########

Then FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-09-2016
Ran by User (administrator) on USER-PC (18-09-2016 20:05:53)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(SuperBoost Software) C:\Program Files (x86)\SuperBoost\Superb Game Boost\SuperbGameBoostMain.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\User\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{41D35E91-538F-4BAC-BA66-20BE726CF3AA}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{485967DD-11D1-470A-8F30-03041C948D3F}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{65F7A15D-77CF-4E0A-A913-9CD717566798}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8C1621D8-C15F-4397-9481-159674F36310}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9C169257-4C15-4092-8A2E-22693D94B6D4}: [DhcpNameServer] 192.168.1.254
ManualProxies:

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3259328756-1958504469-239463446-1000 -> DefaultScope {F26E26FA-F38E-4687-95E8-15CDD569B54F} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3259328756-1958504469-239463446-1000 -> {86FD2513-F657-4C8B-954F-56E45AD43BCF} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3259328756-1958504469-239463446-1000 -> {F26E26FA-F38E-4687-95E8-15CDD569B54F} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-09-03] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-09-03] (Oracle Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-04-25] (Intel Security)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-04-25] (Intel Security)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-3259328756-1958504469-239463446-1000 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Handler: skypec2c - No CLSID Value
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kh0o9kx.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: Google
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-14] ()
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-09-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-09-03] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-14] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3259328756-1958504469-239463446-1000: @citrixonline.com/appdetectorplugin -> C:\Users\User\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-15] (Citrix Online)
FF Plugin HKU\S-1-5-21-3259328756-1958504469-239463446-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\User\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1411300-0-npoctoshape.dll [2014-11-30] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-3259328756-1958504469-239463446-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kh0o9kx.default\user.js [2016-09-17]
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-04-26] (Octoshape ApS)
FF Extension: (Firefox Hotfix) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kh0o9kx.default\Extensions\[email protected] [2016-09-09]
FF Extension: (Video AdBlocker) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kh0o9kx.default\Extensions\[email protected] [2016-08-04]
FF Extension: (Widevine Media Optimizer) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kh0o9kx.default\Extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d} [2015-04-26] [not signed]
FF Extension: (WebSlingPlayer) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kh0o9kx.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2016-01-10]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-06-28]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi

Chrome:
=======
CHR HomePage: Default -> hxxp://www.cbssports.com/
CHR StartupUrls: Default -> "chrome://newtab/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2016-09-18]
CHR Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2016-09-18]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-09]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-09]
CHR Extension: (Kaspersky Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2016-09-17]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-16]
CHR Extension: (Grammarly for Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-09-08]
CHR Extension: (Autodesk Homestyler) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2016-08-18]
CHR Extension: (Adblock Super) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-09-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-09]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-15]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
S3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S3 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel(R) Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 sgbupt; C:\Program Files (x86)\SuperBoost\SuperBoost Software Updater\SuperBoostUpdater.exe [2600256 2016-04-21] (SuperBoost Software)
S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2014-05-22] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\User\AppData\Local\Temp\7zS1E81\hpslpsvc64.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-04-15] (REALiX(tm))
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [189264 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [305496 2016-09-17] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1027984 2016-09-17] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50008 2016-09-17] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [126360 2016-09-17] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 rtl8192U; C:\Windows\System32\DRIVERS\rtl8192U.sys [1631264 2010-04-13] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33960 2016-07-17] (Synaptics Incorporated)
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh664.sys [X]
S1 itztprez; \??\C:\Windows\system32\drivers\itztprez.sys [X]
S1 loxfgsqx; \??\C:\Windows\system32\drivers\loxfgsqx.sys [X]
S3 NPF; system32\DRIVERS\npf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-18 20:04 - 2016-09-18 20:05 - 02400256 ____C (Farbar) C:\Users\User\Downloads\FRST64 (1).exe
2016-09-18 19:55 - 2016-09-18 19:56 - 03861056 ____C C:\Users\User\Downloads\AdwCleaner (6).exe
2016-09-17 22:38 - 2016-09-17 22:38 - 03861056 ____C C:\Users\User\Downloads\AdwCleaner (5).exe
2016-09-17 21:03 - 2016-09-17 21:03 - 00023068 ____C C:\Users\User\Desktop\dds.txt
2016-09-17 21:03 - 2016-09-17 21:03 - 00012884 ____C C:\Users\User\Desktop\attach.txt
2016-09-17 21:02 - 2016-09-17 21:02 - 00688992 ___RC (Swearware) C:\Users\User\Downloads\dds (1).scr
2016-09-17 14:40 - 2016-09-17 14:40 - 00019524 ____C C:\Users\User\Documents\duplicate.txt
2016-09-17 14:39 - 2016-09-17 14:39 - 00002824 ____C C:\Users\User\Documents\cc_20160917_143934.reg
2016-09-17 13:17 - 2016-09-17 13:17 - 00962992 ____C (Opera Software) C:\Users\User\Downloads\OperaSetup (1).exe
2016-09-17 12:03 - 2016-09-17 12:04 - 01198288 ____C (Adobe Systems Incorporated) C:\Users\User\Downloads\flashplayer23pp_da_install.exe
2016-09-17 10:28 - 2016-09-17 23:19 - 00003032 ____C C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2016-09-17 10:22 - 2016-09-17 10:22 - 02405040 ____C (Kaspersky Lab) C:\Users\User\Downloads\startup.exe
2016-09-17 10:22 - 2016-09-17 10:22 - 00000000 ___DC C:\ProgramData\Kaspersky Lab Setup Files
2016-09-17 04:15 - 2016-09-17 04:15 - 00001374 ____C C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2016-09-17 04:15 - 2016-09-17 04:15 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2016-09-17 04:14 - 2016-09-17 04:14 - 00002083 ____C C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2016-09-17 04:14 - 2016-09-17 04:14 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2016-09-17 04:14 - 2013-05-06 08:13 - 00110176 ____C (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2016-09-17 04:13 - 2016-09-18 20:03 - 00000000 ___DC C:\ProgramData\Kaspersky Lab
2016-09-17 04:13 - 2016-09-17 10:44 - 01027984 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-09-17 04:13 - 2016-09-17 04:15 - 00000000 ___DC C:\Program Files (x86)\Kaspersky Lab
2016-09-17 04:13 - 2016-09-17 04:13 - 00000000 ___DC C:\Windows\ELAMBKUP
2016-09-17 04:13 - 2016-06-26 15:10 - 00189264 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2016-09-17 04:03 - 2016-09-17 04:03 - 00000000 ___HC C:\asc_rdflag
2016-09-17 04:00 - 2016-09-17 04:00 - 02596896 ____C (Kaspersky Lab) C:\Users\User\Downloads\kav17.0.0.611en_10738.exe
2016-09-16 22:22 - 2016-09-16 22:22 - 00002600 ____C C:\Users\User\Documents\mbam-log-2016-09-16 (21-27-30).xml
2016-09-16 21:14 - 2016-09-16 22:50 - 00000244 ____C C:\Users\User\Documents\00EvonyChestsWhatisinthem.txt
2016-09-16 19:18 - 2016-09-16 19:18 - 00032056 ____C C:\Users\User\Documents\cc_20160916_191836.reg
2016-09-16 19:09 - 2016-09-16 19:14 - 00000000 ___DC C:\Program Files\CCleaner
2016-09-16 19:09 - 2016-09-16 19:09 - 00002786 ____C C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-09-16 19:09 - 2016-09-16 19:09 - 00000822 ____C C:\Users\Public\Desktop\CCleaner.lnk
2016-09-16 19:09 - 2016-09-16 19:09 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-09-16 17:24 - 2016-09-16 18:06 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-09-16 17:24 - 2016-09-16 18:06 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-16 17:24 - 2016-09-16 18:06 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-09-16 17:24 - 2016-09-16 18:06 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-09-16 17:24 - 2016-09-16 18:06 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-09-16 17:24 - 2016-09-16 18:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-09-16 17:24 - 2016-09-16 18:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-09-16 17:24 - 2016-09-16 18:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-16 17:24 - 2016-09-16 18:05 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-09-16 17:24 - 2016-09-16 18:05 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-16 17:24 - 2016-09-16 18:05 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-09-16 17:24 - 2016-09-16 18:05 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-09-16 17:24 - 2016-09-16 18:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-09-16 17:23 - 2016-09-16 18:06 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-16 17:23 - 2016-09-16 18:06 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-16 17:23 - 2016-09-16 18:06 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-16 17:23 - 2016-09-16 18:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-16 17:23 - 2016-09-16 18:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-16 17:23 - 2016-09-16 18:06 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-16 17:23 - 2016-09-16 18:06 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-16 17:23 - 2016-09-16 18:05 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-16 17:23 - 2016-09-16 18:05 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-16 17:23 - 2016-09-16 18:05 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-16 17:23 - 2016-09-16 18:05 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-16 17:23 - 2016-09-16 18:05 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-16 17:23 - 2016-09-16 18:05 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-16 17:23 - 2016-09-16 18:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-09-16 17:23 - 2016-09-16 18:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-09-16 17:23 - 2016-09-16 18:05 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-16 17:23 - 2016-09-16 18:05 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-16 17:23 - 2016-09-16 18:05 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-16 17:23 - 2016-09-16 18:05 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-16 17:23 - 2016-09-16 18:05 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-09-16 17:23 - 2016-09-16 18:05 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-16 17:23 - 2016-09-16 18:05 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-09-16 17:23 - 2016-09-16 18:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-16 17:23 - 2016-09-16 18:05 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-09-16 17:23 - 2016-09-16 18:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-09-16 17:23 - 2016-09-16 18:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-16 17:23 - 2016-09-16 18:05 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-16 17:23 - 2016-09-16 18:05 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-09-16 17:23 - 2016-09-16 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-09-16 17:16 - 2016-09-16 18:03 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-09-16 17:16 - 2016-09-16 18:03 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-09-16 17:16 - 2016-09-16 18:03 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-16 17:16 - 2016-09-16 18:03 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-16 17:16 - 2016-09-16 18:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-16 17:16 - 2016-09-16 18:03 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-16 17:16 - 2016-09-16 18:03 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-16 17:16 - 2016-09-16 18:03 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-16 17:16 - 2016-09-16 18:03 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-09-16 17:16 - 2016-09-16 18:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-16 17:16 - 2016-09-16 18:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-09-16 17:16 - 2016-09-16 18:03 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-16 17:16 - 2016-09-16 18:02 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-16 17:16 - 2016-09-16 18:02 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-16 17:16 - 2016-09-16 18:02 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-16 17:16 - 2016-09-16 18:02 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-16 17:16 - 2016-09-16 18:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-16 17:16 - 2016-09-16 18:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-16 17:15 - 2016-09-16 18:11 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-16 17:15 - 2016-09-16 18:11 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-16 17:15 - 2016-09-16 18:11 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-16 17:15 - 2016-09-16 18:03 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-16 17:15 - 2016-09-16 18:03 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-09-16 17:15 - 2016-09-16 18:03 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-16 17:15 - 2016-09-16 18:03 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-16 17:15 - 2016-09-16 18:03 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-09-16 17:15 - 2016-09-16 18:02 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-16 17:15 - 2016-09-16 18:02 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-16 17:15 - 2016-09-16 18:02 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-16 17:15 - 2016-09-16 18:02 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-16 17:15 - 2016-09-16 18:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-09-16 17:15 - 2016-09-16 18:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-09-16 17:15 - 2016-09-16 17:56 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-16 17:15 - 2016-09-16 17:56 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-16 17:15 - 2016-09-16 17:56 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-16 17:10 - 2016-09-16 17:48 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-16 17:10 - 2016-09-16 17:48 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-16 14:27 - 2016-09-17 13:11 - 00000000 ___DC C:\ProgramData\SupremoRemoteDesktop
2016-09-15 18:07 - 2016-09-16 05:34 - 00000289 ____C C:\Users\User\Documents\000AcctsWhatToDo.txt
2016-09-15 10:23 - 2016-09-16 17:47 - 00000286 ____C C:\Users\User\Documents\000TomsEligibility appointment.txt
2016-09-14 20:49 - 2016-09-14 20:49 - 00000553 ____C C:\Users\User\Documents\000NOOBAccounts.txt
2016-09-12 09:55 - 2016-09-12 09:55 - 00000012 ____C C:\Users\User\Documents\000Stufftodo.txt
2016-09-12 07:49 - 2016-09-14 08:20 - 00000000 ___DC C:\Users\User\Desktop\FactionAccounts
2016-09-12 02:00 - 2016-09-12 02:00 - 01198288 ____C (Adobe Systems Incorporated) C:\Users\User\Downloads\flashplayer22pp_fa_install.exe
2016-09-11 13:38 - 2016-09-11 13:38 - 00000095 ____C C:\Users\User\Documents\00Jizzabellescities.txt
2016-09-08 19:15 - 2016-09-08 19:15 - 00001714 ____C C:\Users\User\Desktop\0Donnapaystub20161.lnk
2016-09-07 20:17 - 2016-09-07 20:17 - 00002600 ____C C:\Users\User\Documents\mbam-log-2016-09-07 (19-52-14).xml
2016-09-07 13:17 - 2016-09-07 13:17 - 00000105 ____C C:\Users\User\Downloads\00RENT.txt
2016-09-07 04:03 - 2016-09-07 04:06 - 39880728 ____C (Opera Software) C:\Users\User\Downloads\Opera_Stable_v39.0.2256.71.exe
2016-09-07 03:58 - 2016-09-07 03:58 - 00001207 ____C C:\Users\User\Documents\00Meekmangoals2.txt
2016-09-07 03:57 - 2016-09-07 03:57 - 00001258 ____C C:\Users\User\Documents\00MeekManGoals1.txt
2016-09-07 03:53 - 2016-09-07 03:55 - 16407160 ____C C:\Users\User\Downloads\Glary_Utilities_v5.59.0.80.exe
2016-09-06 01:30 - 2016-09-06 01:30 - 00231760 ____C C:\Users\User\Downloads\CrucialScan(2).exe
2016-09-04 12:14 - 2016-09-15 20:26 - 00000568 ____C C:\Users\User\Documents\0000TomsmedstransferIMPORTANT.txt
2016-09-03 21:45 - 2016-09-18 12:35 - 00000000 ___DC C:\Users\User\AppData\Roaming\Skype
2016-09-03 21:44 - 2016-09-03 21:44 - 00002697 ____C C:\Users\Public\Desktop\Skype.lnk
2016-09-03 21:44 - 2016-09-03 21:44 - 00000000 ___DC C:\ProgramData\Skype
2016-09-03 21:44 - 2016-09-03 21:44 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-09-03 21:36 - 2016-09-03 21:38 - 41070592 ____C C:\Users\User\Downloads\Skype_v7.27.0.101.msi
2016-09-03 21:24 - 2016-09-03 21:28 - 63109184 ____C (Oracle Corporation) C:\Users\User\Downloads\Java_Runtime_Environment_(64bit)_v8_Update_102 (1).exe
2016-09-03 21:23 - 2016-09-03 21:23 - 00000025 ____C C:\Users\User\Documents\PharmacyMedsCoupons.txt
2016-09-03 13:29 - 2016-09-03 13:29 - 00001207 ____C C:\Users\User\Documents\PET_Brook_goals.txt
2016-08-31 18:28 - 2016-08-31 18:31 - 63109184 ____C (Oracle Corporation) C:\Users\User\Downloads\Java_Runtime_Environment_(64bit)_v8_Update_102.exe
2016-08-31 18:24 - 2016-08-31 18:26 - 16377616 ____C C:\Users\User\Downloads\Glary_Utilities_v5.58.0.79.exe
2016-08-31 18:19 - 2016-08-31 18:21 - 45964136 ____C (IObit ) C:\Users\User\Downloads\Advanced_SystemCare_v9.4.0.1131.exe
2016-08-25 06:48 - 2016-08-25 06:48 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2016-08-24 00:19 - 2016-08-24 00:19 - 00231760 ____C C:\Users\User\Downloads\CrucialScan (5).exe
2016-08-20 13:09 - 2016-09-01 22:46 - 00002855 ____C C:\Users\User\Documents\00911NOWISTHETIME.txt
2016-08-19 16:44 - 2016-08-19 16:44 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-19 16:44 - 2016-08-19 16:44 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-18 20:05 - 2015-08-07 22:30 - 00019343 ____C C:\Users\User\Downloads\FRST.txt
2016-09-18 20:05 - 2015-08-07 22:29 - 00000000 ___DC C:\FRST
2016-09-18 20:03 - 2016-05-24 19:59 - 00002870 ____C C:\Windows\System32\Tasks\Driver Booster SkipUAC (User)
2016-09-18 20:02 - 2014-07-13 18:17 - 00000830 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-18 20:00 - 2015-04-15 17:05 - 00000000 ___DC C:\Program Files (x86)\IObit
2016-09-18 20:00 - 2009-07-14 01:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2016-09-18 19:58 - 2015-08-08 17:45 - 00000000 ___DC C:\AdwCleaner
2016-09-18 19:58 - 2014-08-30 13:36 - 00000322 ____C C:\Windows\Tasks\HP Photo Creations Communicator.job
2016-09-18 19:58 - 2009-07-14 00:45 - 00027424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-18 19:58 - 2009-07-14 00:45 - 00027424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-18 19:52 - 2015-02-11 20:07 - 00000000 ___DC C:\Users\User\AppData\Roaming\GlarySoft
2016-09-18 19:51 - 2015-04-15 17:08 - 00002900 ____C C:\Windows\System32\Tasks\Uninstaller_SkipUac_User
2016-09-18 17:10 - 2016-05-28 11:46 - 00000000 ___DC C:\Users\User\Desktop\robov1.38
2016-09-18 01:00 - 2009-07-13 23:20 - 00000000 ___DC C:\Windows\inf
2016-09-17 23:03 - 2015-04-15 17:05 - 00000000 ___DC C:\ProgramData\IObit
2016-09-17 19:41 - 2016-06-12 12:54 - 00000892 ____C C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-09-17 14:37 - 2016-06-05 18:42 - 00000000 ___DC C:\Users\User\AppData\Roaming\Opera Software
2016-09-17 14:37 - 2016-06-05 18:42 - 00000000 ___DC C:\Users\User\AppData\Local\Opera Software
2016-09-17 12:05 - 2016-06-12 12:54 - 00003882 ____C C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-09-17 12:05 - 2014-07-13 18:17 - 00796352 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-17 12:05 - 2014-07-13 18:17 - 00142528 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-17 12:05 - 2014-07-13 18:17 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-17 12:05 - 2014-07-13 18:17 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
2016-09-17 12:05 - 2014-07-13 18:17 - 00000000 ___DC C:\Windows\system32\Macromed
2016-09-17 12:05 - 2014-05-22 13:18 - 00000000 ___DC C:\Users\User\AppData\Local\Adobe
2016-09-17 10:44 - 2016-06-20 17:29 - 00050008 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys
2016-09-17 10:44 - 2016-06-02 22:39 - 00126360 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2016-09-17 10:40 - 2016-06-20 17:51 - 00305496 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-09-17 10:28 - 2015-06-23 09:09 - 00000000 ___DC C:\Program Files\Common Files\AV
2016-09-17 04:03 - 2016-08-14 03:10 - 44220416 ____C C:\Windows\system32\config\components.iodefrag.bak
2016-09-17 04:03 - 2016-04-28 17:21 - 91701248 _____ C:\Windows\system32\config\software.iodefrag.bak
2016-09-17 04:03 - 2016-04-28 17:21 - 05013504 _____ C:\Windows\system32\config\default.iodefrag.bak
2016-09-17 04:03 - 2016-04-28 17:21 - 00061440 _____ C:\Windows\system32\config\sam.iodefrag.bak
2016-09-17 04:03 - 2016-04-28 17:21 - 00024576 _____ C:\Windows\system32\config\security.iodefrag.bak
2016-09-17 04:02 - 2015-07-08 02:30 - 00001945 ____C C:\Windows\epplauncher.mif
2016-09-17 00:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-09-16 21:28 - 2016-08-06 11:25 - 00192216 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-16 18:31 - 2009-07-13 23:20 - 00000000 ___DC C:\Windows\system32\NDF
2016-09-16 18:23 - 2009-07-14 01:13 - 00781790 ____C C:\Windows\system32\PerfStringBackup.INI
2016-09-16 18:15 - 2014-05-23 18:55 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2016-09-16 18:15 - 2014-05-23 18:55 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2016-09-16 18:15 - 2009-07-14 00:45 - 00419704 ____C C:\Windows\system32\FNTCACHE.DAT
2016-09-16 17:56 - 2014-05-23 18:55 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-16 17:48 - 2014-05-22 10:03 - 00000000 ___DC C:\Windows\system32\MRT
2016-09-16 17:26 - 2014-05-22 10:03 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-15 02:18 - 2015-04-15 17:08 - 00000000 ___DC C:\ProgramData\ProductData
2016-09-14 23:00 - 2015-04-23 13:18 - 00002183 ____C C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-14 23:00 - 2014-05-22 13:20 - 00002195 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-14 07:07 - 2014-12-13 22:14 - 00000000 ___DC C:\Windows\Minidump
2016-09-14 06:49 - 2015-04-15 17:05 - 00000000 ___DC C:\Users\User\AppData\Roaming\IObit
2016-09-12 07:44 - 2016-07-23 19:20 - 00000461 ____C C:\Users\User\Documents\00EvonyMTGarrisonArchersHowmanyCitys.txt
2016-09-12 03:08 - 2016-05-16 18:15 - 00000661 ____C C:\Users\User\Documents\000Evonynowwwww.txt
2016-09-12 01:53 - 2009-07-13 22:34 - 00453266 ___RC C:\Windows\system32\Drivers\etc\hosts.20160917-231039.backup
2016-09-04 10:30 - 2014-10-27 09:11 - 00000000 ___DC C:\Users\User\AppData\Local\ElevatedDiagnostics
2016-09-03 21:44 - 2014-09-08 20:58 - 00000000 __RDC C:\Program Files (x86)\Skype
2016-09-03 21:31 - 2016-06-04 18:57 - 00000000 ___DC C:\Program Files\Java
2016-09-03 21:31 - 2016-05-27 23:32 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-09-03 21:30 - 2015-02-11 20:22 - 00000000 ___DC C:\Program Files (x86)\Java
2016-09-03 21:29 - 2016-06-04 18:58 - 00110144 ____C (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-08-22 22:02 - 2014-07-13 18:14 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2014-05-23 19:08 - 2014-11-17 01:08 - 0000129 ____C () C:\Users\User\AppData\Roaming\WB.CFG
2015-05-31 14:17 - 2015-05-31 14:17 - 0003584 ____C () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-04 14:06 - 2014-08-04 14:06 - 0000057 ____C () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\libeay32.dll
C:\Users\User\AppData\Local\Temp\msvcr120.dll
C:\Users\User\AppData\Local\Temp\Opera_installer_20169171930961.dll
C:\Users\User\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-17 00:28

==================== End of FRST.txt ============================

Then Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-09-2016
Ran by User (18-09-2016 20:07:36)
Running from C:\Users\User\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-05-22 13:20:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3259328756-1958504469-239463446-500 - Administrator - Disabled)
Guest (S-1-5-21-3259328756-1958504469-239463446-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3259328756-1958504469-239463446-1002 - Limited - Enabled)
User (S-1-5-21-3259328756-1958504469-239463446-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Driver Booster 3.5 (HKLM-x32\...\Driver Booster_is1) (Version: 3.5 - IObit)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Product Improvement Study (HKLM\...\{4B3264AA-951A-4A6B-B837-125224261F12}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Infinite HDô App (HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\Octoshape Streaming Services) (Version: - Octoshape ApS)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.4.0.125 - IObit)
Java 8 Update 102 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 48.0.2 (x64 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
Roxio Creator DE 10.3 (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skypeô 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.2.0 - IObit)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Superb Game Boost 3.0 (HKLM-x32\...\SuperbGameBoost_is1) (Version: 3.0 - )
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.3 - IObit)
Unity Web Player (HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17329 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EABDA0D-3257-4EA8-B37E-C5261CCF27DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {0FC1FFEC-D191-4C5A-B91C-C9AB2D7D3585} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-08-30] ()
Task: {0FF6C55F-BEBE-4FC5-BA6E-F8C60CF70FB7} - \IE_ERR4WDR -> No File <==== ATTENTION
Task: {1613119A-0BBC-4B62-A8DB-E0AE8D2DB0A7} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-07-14] (IObit)
Task: {1C219EC8-E2C7-4769-89E9-87BD03ABEBB9} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)
Task: {2E9431B0-D784-41F9-ABCF-93AF09508F66} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {54CF3B5E-A61E-45D2-9E8B-897FC3E8D2CE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {5B311623-25FC-4586-A2E8-05832B822ECC} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {6E5E19C7-3B2A-4B1A-B9B9-EF3726AB6AD4} - System32\Tasks\Uninstaller_SkipUac_User => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-06-24] (IObit)
Task: {9748296E-8DDF-469C-AD41-0AD9DE8E89F0} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2016-07-27] (IObit)
Task: {9B00343B-6A4E-4D20-8003-C31CA75238F0} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-05-22] ()
Task: {A54F9722-31A5-40E2-A043-FDCDD55AC8D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A634F84D-9C6C-46D5-8378-F0035DC85FF9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe [2016-09-17] (Adobe Systems Incorporated)
Task: {A99C1ACA-7235-4F21-BC0A-52CA97816DDD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {B736F06F-0432-4951-BD97-7ECB228327B1} - System32\Tasks\SuperbGameBoost => C:\Program Files (x86)\SuperBoost\Superb Game Boost\SuperbGameBoostMain.exe [2016-05-12] (SuperBoost Software)
Task: {B7C50331-1001-4636-BAA7-D2C23D68D6BB} - System32\Tasks\Driver Booster SkipUAC (User) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-07-18] (IObit)
Task: {BC68E9C8-8D0A-4100-AAE9-C2898330BACF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {C054F7CE-E51A-4FEC-B594-96EFDC7DEF0F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {E623D53C-6AD9-45E8-A8D5-B18BA057F1C7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-17] (Adobe Systems Incorporated)
Task: {F309BD2B-EAB6-43BE-9A07-1318AAD792D6} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {F37467B8-1CFC-4CEC-9F70-BB7AF2804393} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-07-22] (IObit)
Task: {F6BE0297-F2D1-4E69-BDCF-4DE148E354C1} - System32\Tasks\Open Chrome => Chrome.exe --new-window
Task: {F8A80F61-3B96-4316-A0CF-27A2324F4B87} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-06 12:41 - 2016-01-06 12:41 - 00062168 ____C () C:\Program Files\CCleaner\branding.dll
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 ____C () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kpcengine.2.3.dll
2016-08-06 17:18 - 2014-05-13 12:04 - 00109400 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-08-06 17:18 - 2014-05-13 12:04 - 00416600 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-08-06 17:18 - 2014-05-13 12:04 - 00167768 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-08-06 17:18 - 2012-08-23 10:38 - 00574840 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-08-06 17:18 - 2012-04-03 17:06 - 00565640 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-04-17 14:38 - 2016-01-11 17:03 - 00899872 ____C () C:\Program Files (x86)\IObit\Smart Defrag\webres.dll
2016-04-17 14:38 - 2016-01-11 17:02 - 00630048 ____C () C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll
2016-08-04 16:16 - 2016-03-28 16:46 - 00130880 ____C () C:\Program Files (x86)\SuperBoost\Superb Game Boost\Temperature.dll
2016-08-04 16:16 - 2016-02-02 09:53 - 00629056 ____C () C:\Program Files (x86)\SuperBoost\Superb Game Boost\SgbStatistics.dll
2016-08-04 16:16 - 2016-05-10 14:08 - 00829760 ____C () C:\Program Files (x86)\SuperBoost\Superb Game Boost\GA_IG.dll
2016-08-04 16:16 - 2016-01-29 18:03 - 00337216 ____C () C:\Program Files (x86)\SuperBoost\Superb Game Boost\taskMgr.dll
2016-08-04 16:16 - 2016-05-10 14:08 - 00510272 ____C () C:\Program Files (x86)\SuperBoost\Superb Game Boost\GA_ID.dll
2016-08-04 16:16 - 2016-01-29 15:21 - 00276800 ____C () C:\Program Files (x86)\SuperBoost\Superb Game Boost\D3DX8Wrapper.dll
2016-08-04 16:16 - 2016-05-10 14:08 - 01214272 ____C () c:\program files (x86)\superboost\superb game boost\GA_CheackDx.dll
2016-05-17 20:11 - 2015-12-23 18:32 - 00190240 ____C () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-05-17 20:11 - 2015-12-23 18:32 - 00057632 ____C () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> 2005 Web Search Tips – Search Engine Optimization Insights
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1 Domains Technology Blog
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> 1000gratisproben.com¬*-&nbspThis website is for sale!¬*-&nbsp1000gratisproben Resources and Information.
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> Life Through Words - Living Life to the Fullest
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com¬*-¬*This website is for sale!¬*-¬*Sexlinks Resources and Information.
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> 123Movies - Watch Free Movies Streaming Online Now
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> WebMD - Better information. Better health.

There are 7914 more sites.

IE restricted site: HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\1-2005-search.com -> 2005 Web Search Tips – Search Engine Optimization Insights
IE restricted site: HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\1-domains-registrations.com -> 1 Domains Technology Blog
IE restricted site: HKU\S-1-5-21-3259328756-1958504469-239463446-1000\...\1-se.com -> 1-se.com

There are 11452 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-09-17 23:10 - 00453266 ___RC C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1000gratisproben.com¬*-&nbspThis website is for sale!¬*-&nbsp1000gratisproben Resources and Information.
127.0.0.1 1001namen.com
127.0.0.1 Life Through Words - Living Life to the Fullest
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com¬*-¬*This website is for sale!¬*-¬*Sexlinks Resources and Information.
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 2005 Web Search Tips – Search Engine Optimization Insights
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 123Movies - Watch Free Movies Streaming Online Now

There are 15553 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3259328756-1958504469-239463446-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{81285807-2870-475E-99E8-E7BD17383BE2}] => (Allow) C:\Program Files\HP\HP Deskjet 2510 series\Bin\USBSetup.exe
FirewallRules: [{EF5B7B96-09E8-4DDC-A15E-D265293D45A4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7E46B281-2A96-461A-BA01-955EFA3BFE24}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5E7588F7-7AED-4121-B450-AF2240634030}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CDD13934-1C54-406D-924D-74385DC2EBA6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{94891D62-75D4-4017-8E58-D0AE5D89FD11}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{69DB649C-46D1-4CFB-BDCC-FA64C043A10C}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{45124CD0-43EB-4950-80F9-309F3A5236DA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C40284A1-5003-4023-B884-37E4D561D08A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8454682C-D4FF-4BE1-81AD-48D4A6BE6589}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{384BAA55-06B1-4648-8DAC-EBFBAAF20098}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{1D28E78A-0E00-49C9-B6E4-4C8419C1D722}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{2C74944B-D54C-44F3-8C63-4491B54B141A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{2C40378D-0A5C-4009-8B76-580D92EC0588}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{77B5A62E-D241-4853-950A-50EC1EBDE94C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{DD1D02C2-615D-403A-9551-F90F3DC1B70A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4A430CC0-3E53-4F03-913F-AF9E84D76C2F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

17-09-2016 14:36:53 Opera Stable 39.0.2256.71 restore point
17-09-2016 20:59:27 Advanced SystemCare 9 restore point
18-09-2016 19:50:08 IObit Malware Fighter 4 restore point
18-09-2016 19:51:30 Glary Utilities 5.59 restore point
18-09-2016 19:52:55 IObit Malware Fighter 4 restore point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2016 08:01:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/18/2016 08:00:28 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070002.

Error: (09/17/2016 11:03:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/17/2016 11:03:08 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070002.

Error: (09/17/2016 01:32:53 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070002.

Error: (09/17/2016 01:32:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/17/2016 01:11:41 PM) (Source: SupremoSystem.exe) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/17/2016 04:05:27 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/17/2016 04:05:27 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/17/2016 04:05:27 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (09/18/2016 08:03:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
The specified module could not be found.

Error: (09/18/2016 07:59:11 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (09/18/2016 07:58:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Kaspersky Secure Connection Service 1.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/18/2016 07:58:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (09/18/2016 07:58:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/18/2016 07:58:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (09/18/2016 07:58:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/18/2016 07:58:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/18/2016 07:58:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/18/2016 07:53:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IMF Service service terminated unexpectedly. It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 35%
Total physical RAM: 8052.61 MB
Available physical RAM: 5161.12 MB
Total Virtual: 16103.4 MB
Available Virtual: 13012.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:247.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 5D2967B9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

And finally CKfiles.txt
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\windows\system32\slmgr.vbs.removewat
c:\windows\syswow64\slmgr.vbs.removewat
scanner sequence 3.AA.11.AAAPMZ
----- EOF -----


Thanks for responding and I will wait to here from you

Glary Utilities, Spybot, Iobit Malware fighter/ Iobit Uninstaller all gone now.....
Tdoggy187 is offline  
Old 09-19-2016, 10:00 AM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8/Win10 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :filefind
    antiwat.dll
    freewat.dll
    by-pass.dll
    antiwpa.dll
    wpa.dll
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-19-2016, 11:58 AM   #6
Registered Member
 
Tdoggy187's Avatar
 
Join Date: Feb 2010
Location: NC
Posts: 253
OS: Windows 7



SystemLook 30.07.11 by jpshortstuff
Log created at 14:55 on 19/09/2016 by User
Administrator - Elevation successful

========== filefind ==========

Searching for "antiwat.dll"
No files found.

Searching for "freewat.dll"
No files found.

Searching for "by-pass.dll"
No files found.

Searching for "antiwpa.dll"
No files found.

Searching for "wpa.dll"
No files found.

-= EOF =-
Tdoggy187 is offline  
Old 09-19-2016, 12:52 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You know your copy of Windows is illegal, right?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-19-2016, 02:16 PM   #8
Registered Member
 
Tdoggy187's Avatar
 
Join Date: Feb 2010
Location: NC
Posts: 253
OS: Windows 7



Yeah, unfortunately I found this out almost a year and a half after purchasing this machine from someone ;-( How this happens I have no idea? Now I get constant pop ups reminding me it is an illegal copy. I will be purchasing a legal copy when I have the extra cash. Some people...
Tdoggy187 is offline  
Old 09-19-2016, 06:15 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



As you should have read in our pre-posting thread:

IMPORTANT - Read This Before Posting For Malware Removal Help

*It is also this forum's policy that we only address users with a legal copy of Windows. If during the course of a fix it is determined that the copy is not legal, we must stop the cleansing process.

This thread shall now be closed.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot Access any microsoft website and other issues
Hi, This post is the continuation of https://www.techsupportforum.com/forums/f131/cannot-acces-any-microsoft-website-1051314.html, after I was asked to move it to this section. I run windows 10 on my desktop computer. My issue started this morning where I was unable to connect to hotmail...
corentintilde Resolved HJT Threads 10 10-08-2015 05:24 PM
Repeating virus exorcism on D: after successful on C:
In November I received help in this forum to remove a virus from my computer. The original thread is here. My computer has been running great since. Big thanks to oldman960 for his help in solving the problem. A short recap: after the infection but before posting in November I had just...
Speedicut Resolved HJT Threads 18 05-15-2012 04:39 AM
please help. had system check virus, now redirect
Had system check virus and removed approx two weeks ago. Computer still acting up. I ran TDSS Killer and I believe I hit cure at the end. Since that I cannot get online. "Internet explorer cannot display the webpage" shows on the screen. Also i geta message that Mcafee real time scanning is...
Tlaptony Resolved HJT Threads 93 03-05-2012 06:53 AM
Laptop running slow and freezing up
Hello! A few days ago, my laptop froze up entirely and had to be turned off. Since then, there's been nothing but problems. Programs and folders have trouble loading, it runs substantially slower than it ever has in the last 2 years, it's constantly freezing up and not responding, and a specific...
Tommy3131 Resolved HJT Threads 14 02-18-2012 09:29 PM
Rootkit problem - I posted log!
I keep getting BSODs after Windows startup in normal mode one was with "ataport.sys" and some others with "irql_not_less_or_equal" I believe it is some kind of rootkit or virus since I just got a new pair of memory which was memtested and it passed... I did this scan with DDS and GMER. As written...
Daniel089 Virus/Trojan/Spyware Help 46 09-04-2011 09:38 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:49 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts