Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

PUPs and viruses problem

This is a discussion on PUPs and viruses problem within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi there, I would be grateful for some help with this problem. My partner tried to download firefox from what


 
 
Thread Tools Search this Thread
Old 09-13-2015, 12:35 PM   #1
Registered Member
 
Join Date: Aug 2015
Posts: 19
OS: windows 7



Hi there,

I would be grateful for some help with this problem. My partner tried to download firefox from what turned out to be a dodgy site and this computer got infected. After running Mcafee and malwares bytes on it he kept finding new viruses and PUPs.

We don't have a Windows install disk as the computer came with Windows 7 already installed. I ran RSIT on it as DDS found problems with a script blocker and I couldn't figure out how to stop it.

Thanks for all your help.

Fabiana



Logfile of random's system information tool 1.10 (written by random/random)
Run by Leslie at 2015-09-13 19:04:48
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 31 GB (13%) free of 232 GB
Total RAM: 24574 MB (85% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:04:55, on 13/09/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17937)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Leslie\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Users\Leslie\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Leslie.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [ArchVision Dashboard] C:\Program Files (x86)\ArchVision\Dashboard\Dashboard.exe /StartMinimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files (x86)\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: NETGEAR A6210 Genie.lnk = C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: https://*.webcompanion.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O23 - Service: McAfee Application Installer Cleanup (0270371442166664) (0270371442166664mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\027037~1.EXE
O23 - Service: Autodesk Application Manager Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McNeel Update Service 5.0 (McNeelUpdate) - Robert McNeel & Associates - c:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: NetgearSwitchUSB - Unknown owner - C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12735 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\2i5y5qol.default
prefs.js - "browser.search.useDBForOrder" - true
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.60.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.60.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/MSC,version=10]
"Description"=McAfee Total Protection MIME Plugin
"Path"=c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\2i5y5qol.default\extensions\
[email protected]
C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\2i5y5qol.default\searchplugins\
bing.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-30 460384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01 1724032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-30 172640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2009-04-23 1314816]
"ADSKAppManager"=C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [2015-09-07 523144]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2015-08-14 39175960]
"ArchVision Dashboard"=C:\Program Files (x86)\ArchVision\Dashboard\Dashboard.exe [2015-06-11 2520936]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-08-04 597552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"=C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2015-01-27 1310088]
"Web Companion"=C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AutoCAD Startup Accelerator.lnk - C:\Program Files (x86)\Common Files\Autodesk Shared\acstart16.exe
NETGEAR A6210 Genie.lnk - C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McNaiAnn]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfeaack]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfeaack.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfeavfk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfeavfk.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfemms]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfencbdc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfencbdc.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfetdi2k]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfetdi2k.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoRun"=0
"NoFolderOptions"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoRun"=0
"NoFolderOptions"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.siren"=sirenacm.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - "C:\Windows\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 2 months======
2015-09-13 19:04:48 ----D---- C:\rsit
2015-09-13 19:04:48 ----D---- C:\Program Files (x86)\trend micro
2015-09-13 18:50:31 ----D---- C:\Users\Leslie\AppData\Roaming\Sun
2015-08-30 06:54:25 ----D---- C:\Program Files (x86)\Common Files\Java
2015-08-30 06:53:07 ----D---- C:\Program Files (x86)\Common Files\Skype
2015-08-25 20:36:18 ----D---- C:\Users\Leslie\AppData\Roaming\ProductData
2015-08-25 20:36:10 ----D---- C:\ProgramData\ProductData
2015-08-25 15:01:07 ----A---- C:\Windows\ntbtlog.txt
2015-08-25 11:09:43 ----D---- C:\ProgramData\HitmanPro
2015-08-25 10:32:23 ----D---- C:\ProgramData\Malwarebytes
2015-08-25 10:32:23 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-25 10:16:53 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-25 10:16:50 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-08-25 09:39:08 ----A---- C:\Windows\_MSRSTRT.EXE
2015-08-25 07:53:32 ----D---- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2015-08-25 07:53:28 ----D---- C:\ProgramData\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA}
2015-08-25 07:53:27 ----D---- C:\Program Files (x86)\Common Files\IObit
2015-08-25 07:51:22 ----D---- C:\Users\Leslie\AppData\Roaming\Apple Computer
2015-08-25 07:51:13 ----D---- C:\ProgramData\IObit
2015-08-25 07:51:09 ----D---- C:\Users\Leslie\AppData\Roaming\IObit
2015-08-25 07:51:03 ----D---- C:\Program Files (x86)\IObit
2015-08-25 07:02:17 ----D---- C:\AdwCleaner
2015-08-24 16:32:22 ----D---- C:\Program Files (x86)\McAfee.com
2015-08-24 16:31:36 ----D---- C:\Program Files (x86)\McAfee
2015-08-24 16:22:46 ----D---- C:\Program Files (x86)\Common Files\McAfee
2015-08-24 16:22:29 ----D---- C:\ProgramData\McAfee
2015-08-24 15:03:35 ----D---- C:\ProgramData\LocalStorage
2015-08-24 14:19:55 ----D---- C:\ProgramData\PlayGemConfig
2015-08-24 14:19:06 ----D---- C:\Users\Leslie\AppData\Roaming\Opera Software
2015-08-24 14:17:05 ----D---- C:\ProgramData\MSNetCore
2015-08-24 14:05:15 ----D---- C:\ppsfile
2015-08-24 08:42:53 ----D---- C:\NVIDIA
2015-08-24 08:40:30 ----D---- C:\Users\Leslie\AppData\Roaming\McNeel
2015-08-24 08:15:51 ----A---- C:\Windows\SysWOW64\drivers\fiusvhm381.dat
2015-08-24 08:15:51 ----A---- C:\Windows\SysWOW64\drivers\diusvhm262.dat
2015-08-24 08:15:51 ----A---- C:\Windows\i_oirotq582.ini
2015-08-24 08:15:51 ----A---- C:\Windows\d_oirotq229.ini
2015-08-24 08:15:48 ----D---- C:\ProgramData\McNeel
2015-08-24 08:15:48 ----D---- C:\Program Files (x86)\McNeelUpdate
2015-08-24 08:15:38 ----D---- C:\Program Files (x86)\Common Files\McNeel Shared
2015-08-24 08:15:37 ----D---- C:\Program Files (x86)\Rhinoceros 5
2015-08-24 07:21:13 ----D---- C:\Users\Leslie\AppData\Roaming\Mozilla
2015-08-24 07:20:28 ----A---- C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-08-24 07:20:26 ----A---- C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-08-19 08:30:07 ----A---- C:\Windows\SysWOW64\mshtml.dll
2015-08-13 01:53:23 ----A---- C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 19:54:35 ----A---- C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-12 19:54:35 ----A---- C:\Windows\SysWOW64\mstscax.dll
2015-08-12 19:54:34 ----A---- C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 19:54:32 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 19:54:31 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 19:54:31 ----A---- C:\Windows\SysWOW64\ntdll.dll
2015-08-12 19:54:31 ----A---- C:\Windows\SysWOW64\kernel32.dll
2015-08-12 19:54:30 ----A---- C:\Windows\SysWOW64\wdigest.dll
2015-08-12 19:54:30 ----A---- C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 19:54:30 ----A---- C:\Windows\SysWOW64\schannel.dll
2015-08-12 19:54:30 ----A---- C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 19:54:30 ----A---- C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 19:54:30 ----A---- C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 19:54:30 ----A---- C:\Windows\SysWOW64\kerberos.dll
2015-08-12 19:54:29 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 19:54:29 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 19:54:29 ----A---- C:\Windows\SysWOW64\wow32.dll
2015-08-12 19:54:29 ----A---- C:\Windows\SysWOW64\sspicli.dll
2015-08-12 19:54:29 ----A---- C:\Windows\SysWOW64\srclient.dll
2015-08-12 19:54:29 ----A---- C:\Windows\SysWOW64\setup16.exe
2015-08-12 19:54:29 ----A---- C:\Windows\SysWOW64\secur32.dll
2015-08-12 19:54:29 ----A---- C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 19:54:29 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 19:54:29 ----A---- C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 19:54:29 ----A---- C:\Windows\SysWOW64\credssp.dll
2015-08-12 19:54:29 ----A---- C:\Windows\SysWOW64\auditpol.exe
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 19:54:28 ----A---- C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 19:54:27 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 19:54:27 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 19:54:27 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 19:54:27 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 19:54:27 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 19:54:27 ----A---- C:\Windows\SysWOW64\user.exe
2015-08-12 19:54:27 ----A---- C:\Windows\SysWOW64\msobjs.dll
2015-08-12 19:54:27 ----A---- C:\Windows\SysWOW64\msaudite.dll
2015-08-12 19:54:27 ----A---- C:\Windows\SysWOW64\instnm.exe
2015-08-12 19:54:27 ----A---- C:\Windows\SysWOW64\adtschema.dll
2015-08-12 19:54:11 ----A---- C:\Windows\SysWOW64\iernonce.dll
2015-08-12 19:54:11 ----A---- C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-12 19:54:10 ----A---- C:\Windows\SysWOW64\urlmon.dll
2015-08-12 19:54:10 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 19:54:10 ----A---- C:\Windows\SysWOW64\iertutil.dll
2015-08-12 19:54:10 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 19:54:09 ----A---- C:\Windows\SysWOW64\vbscript.dll
2015-08-12 19:54:09 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 19:54:09 ----A---- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 19:54:09 ----A---- C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 19:54:08 ----A---- C:\Windows\SysWOW64\iesetup.dll
2015-08-12 19:54:08 ----A---- C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 19:54:07 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 19:54:07 ----A---- C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 19:54:07 ----A---- C:\Windows\SysWOW64\jscript.dll
2015-08-12 19:54:07 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2015-08-12 19:54:07 ----A---- C:\Windows\SysWOW64\ieui.dll
2015-08-12 19:54:07 ----A---- C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 19:54:06 ----A---- C:\Windows\SysWOW64\ieframe.dll
2015-08-12 19:54:05 ----A---- C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 19:54:05 ----A---- C:\Windows\SysWOW64\jscript9.dll
2015-08-12 19:54:04 ----A---- C:\Windows\SysWOW64\wininet.dll
2015-08-12 19:54:04 ----A---- C:\Windows\SysWOW64\msrating.dll
2015-08-12 19:54:04 ----A---- C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-12 19:53:38 ----A---- C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 19:53:38 ----A---- C:\Windows\SysWOW64\davclnt.dll
2015-08-12 19:53:37 ----A---- C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 19:53:37 ----A---- C:\Windows\SysWOW64\msxml6.dll
2015-08-12 19:53:37 ----A---- C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 19:53:37 ----A---- C:\Windows\SysWOW64\msxml3.dll
2015-08-12 19:53:36 ----A---- C:\Windows\SysWOW64\DWrite.dll
2015-08-12 19:53:36 ----A---- C:\Windows\SysWOW64\atmfd.dll
2015-08-12 19:53:35 ----A---- C:\Windows\SysWOW64\lpk.dll
2015-08-12 19:53:35 ----A---- C:\Windows\SysWOW64\fontsub.dll
2015-08-12 19:53:35 ----A---- C:\Windows\SysWOW64\dciman32.dll
2015-08-12 19:53:35 ----A---- C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 19:53:35 ----A---- C:\Windows\SysWOW64\atmlib.dll
2015-08-12 19:53:34 ----A---- C:\Windows\SysWOW64\notepad.exe
2015-08-12 19:53:34 ----A---- C:\Windows\notepad.exe
2015-08-12 19:53:33 ----A---- C:\Windows\SysWOW64\shell32.dll
2015-08-12 19:53:32 ----A---- C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 19:53:32 ----A---- C:\Windows\SysWOW64\wuapi.dll
2015-08-12 19:53:31 ----A---- C:\Windows\SysWOW64\wups.dll
2015-08-12 19:53:31 ----A---- C:\Windows\SysWOW64\wudriver.dll
2015-08-12 19:53:31 ----A---- C:\Windows\SysWOW64\wuapp.exe
2015-08-02 09:42:01 ----D---- C:\Temp
2015-08-02 09:39:27 ----D---- C:\RPC
2015-08-02 09:39:27 ----D---- C:\ProgramData\ArchVision
2015-08-02 09:39:27 ----D---- C:\Program Files (x86)\ArchVision
2015-07-29 1413 ----D---- C:\Revit Library
2015-07-23 09:55:08 ----D---- C:\Users\Leslie\AppData\Roaming\Dropbox
2015-07-23 09:54:39 ----D---- C:\Program Files (x86)\Dropbox
2015-07-23 09:54:34 ----D---- C:\ProgramData\Dropbox
2015-07-18 14:42:53 ----D---- C:\Users\Leslie\AppData\Roaming\WinRAR
2015-07-18 00:33:19 ----D---- C:\Downloads
2015-07-18 00:26:29 ----D---- C:\Program Files (x86)\RevitStr2k15
2015-07-18 00:07:15 ----D---- C:\Program Files (x86)\Google
2015-07-18 0058 ----D---- C:\Program Files (x86)\FlashGet
2015-07-16 13:55:28 ----A---- C:\Windows\SysWOW64\xactengine3_7.dll
2015-07-16 13:55:27 ----A---- C:\Windows\SysWOW64\d3dcsx_43.dll
2015-07-16 13:55:25 ----A---- C:\Windows\SysWOW64\xinput1_1.dll
2015-07-16 13:55:25 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll
2015-07-16 13:55:25 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll
2015-07-16 13:55:22 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll
2015-07-15 19:49:55 ----D---- C:\Users\Leslie\AppData\Roaming\OpenOffice
2015-07-15 18:49:35 ----A---- C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 18:48:15 ----A---- C:\Windows\SysWOW64\InkEd.dll
2015-07-15 18:47:54 ----A---- C:\Windows\SysWOW64\gdi32.dll
2015-07-15 18:13:04 ----D---- C:\Program Files (x86)\MSXML 4.0
2015-07-15 17:39:31 ----A---- C:\Windows\SysWOW64\comctl32.dll
2015-07-15 17:39:28 ----A---- C:\Windows\SysWOW64\ole32.dll
2015-07-15 17:39:22 ----A---- C:\Windows\SysWOW64\wintrust.dll
2015-07-15 17:39:22 ----A---- C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 17:39:22 ----A---- C:\Windows\SysWOW64\crypt32.dll
2015-07-15 17:39:21 ----A---- C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 17:39:18 ----A---- C:\Windows\SysWOW64\msimsg.dll
2015-07-15 17:39:18 ----A---- C:\Windows\SysWOW64\msihnd.dll
2015-07-15 17:39:18 ----A---- C:\Windows\SysWOW64\msiexec.exe
2015-07-15 17:39:18 ----A---- C:\Windows\SysWOW64\msi.dll
2015-07-15 17:39:18 ----A---- C:\Windows\SysWOW64\authui.dll
2015-07-15 17:38:51 ----A---- C:\Windows\SysWOW64\certcli.dll
2015-07-15 17:38:46 ----A---- C:\Windows\SysWOW64\wmp.dll
2015-07-15 17:38:45 ----A---- C:\Windows\SysWOW64\wmploc.DLL
2015-07-15 17:38:45 ----A---- C:\Windows\SysWOW64\spwmp.dll
2015-07-15 17:38:45 ----A---- C:\Windows\SysWOW64\dxmasf.dll
2015-07-15 17:38:39 ----A---- C:\Windows\SysWOW64\tracerpt.exe
2015-07-15 17:38:39 ----A---- C:\Windows\SysWOW64\advapi32.dll
2015-07-15 17:38:38 ----A---- C:\Windows\SysWOW64\tdh.dll
2015-07-15 17:38:38 ----A---- C:\Windows\SysWOW64\sechost.dll
2015-07-15 17:38:38 ----A---- C:\Windows\SysWOW64\logman.exe
2015-07-15 17:38:37 ----A---- C:\Windows\SysWOW64\typeperf.exe
2015-07-15 17:38:37 ----A---- C:\Windows\SysWOW64\relog.exe
2015-07-15 17:38:37 ----A---- C:\Windows\SysWOW64\diskperf.exe
2015-07-15 16:07:58 ----D---- C:\ProgramData\Samsung
2015-07-15 16:07:58 ----A---- C:\Autoconfig.ini
2015-07-15 13:43:38 ----D---- C:\ProgramData\Ralink
2015-07-15 13:40:40 ----D---- C:\Program Files (x86)\NETGEAR
2015-07-15 13:40:34 ----D---- C:\ProgramData\NETGEAR
2015-07-14 22:09:48 ----D---- C:\Windows\Downloaded Installations
2015-07-14 21:31:24 ----D---- C:\Microstation
2015-07-14 21:17:41 ----D---- C:\$Projects
2015-07-14 17:57:20 ----D---- C:\Users\Leslie\AppData\Roaming\Macromedia
2015-07-14 17:52:30 ----D---- C:\Program Files (x86)\Autodesk
2015-07-14 17:51:39 ----D---- C:\Program Files (x86)\Microsoft Office
2015-07-14 17:51:39 ----D---- C:\Program Files (x86)\AnswerWorks 4.0
2015-07-14 17:51:38 ----D---- C:\Program Files (x86)\Common Files\Designer
2015-07-14 17:51:20 ----D---- C:\Program Files (x86)\AutoCAD 2005
2015-07-14 17:46:26 ----D---- C:\AutoCAD
2015-07-14 17:04:02 ----D---- C:\Users\Leslie\AppData\Roaming\Navisworks 2015
2015-07-14 17:04:02 ----D---- C:\Users\Leslie\AppData\Roaming\Autodesk Navisworks Manage 2015
2015-07-14 17:04:02 ----D---- C:\ProgramData\Autodesk Navisworks Manage 2015
2015-07-14 17:02:48 ----D---- C:\ProgramData\FARO
2015-07-14 16:57:21 ----D---- C:\Program Files (x86)\Microsoft WSE
2015-07-14 16:56:28 ----A---- C:\Windows\SysWOW64\D3DX9_43.dll
2015-07-14 16:56:28 ----A---- C:\Windows\SysWOW64\d3dx10_43.dll
2015-07-14 16:46:54 ----D---- C:\Autodesk
2015-07-14 16:35:25 ----D---- C:\Drivers
2015-07-14 16:32:43 ----D---- C:\ProgramData\FLEXnet
2015-07-14 16:21:47 ----D---- C:\Program Files (x86)\Common Files\Autodesk Shared
2015-07-14 16:20:57 ----D---- C:\ProgramData\Package Cache
2015-07-14 16:18:58 ----D---- C:\Users\Leslie\AppData\Roaming\Autodesk
2015-07-14 16:18:58 ----D---- C:\ProgramData\Autodesk
2015-07-14 15:56:29 ----D---- C:\Users\Leslie\AppData\Roaming\Adobe
2015-07-14 15:56:00 ----D---- C:\Users\Leslie\AppData\Roaming\Identities
2015-07-14 15:55:57 ----SD---- C:\Users\Leslie\AppData\Roaming\Microsoft
2015-07-14 15:55:57 ----D---- C:\Users\Leslie\AppData\Roaming\Media Center Programs
======List of files/folders modified in the last 2 months======
2015-09-13 19:04:50 ----D---- C:\Windows\Temp
2015-09-13 19:04:48 ----RD---- C:\Program Files (x86)
2015-09-13 18:54:31 ----D---- C:\Windows\System32
2015-09-13 18:54:31 ----D---- C:\Windows\inf
2015-09-13 18:47:48 ----HD---- C:\ProgramData
2015-09-13 18:45:17 ----D---- C:\ProgramData\NVIDIA
2015-09-05 21:45:42 ----D---- C:\Windows\Microsoft.NET
2015-09-05 12:52:02 ----SHD---- C:\Windows\Installer
2015-09-05 12:51:52 ----D---- C:\ProgramData\Skype
2015-09-05 12:50:51 ----SHD---- C:\System Volume Information
2015-09-05 12:12:58 ----RSD---- C:\Windows\assembly
2015-08-30 06:54:25 ----D---- C:\Program Files (x86)\Common Files
2015-08-30 06:53:58 ----D---- C:\Windows\SysWOW64
2015-08-30 06:53:54 ----A---- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-30 06:53:45 ----D---- C:\Program Files (x86)\Java
2015-08-30 06:53:07 ----RD---- C:\Program Files (x86)\Skype
2015-08-25 15:01:07 ----D---- C:\Windows
2015-08-25 11:10:21 ----RD---- C:\Program Files
2015-08-25 10:58:56 ----HD---- C:\$Windows.~BT
2015-08-25 10:48:08 ----D---- C:\Windows\Panther
2015-08-25 07:53:59 ----D---- C:\Windows\Tasks
2015-08-24 20:00:00 ----D---- C:\Windows\AppPatch
2015-08-24 19:56:41 ----RSD---- C:\Windows\Fonts
2015-08-24 14:17:00 ----D---- C:\Program Files (x86)\Microsoft.NET
2015-08-24 14:05:17 ----SHD---- C:\$Recycle.Bin
2015-08-24 14:02:29 ----A---- C:\Windows\SysWOW64\dnsapi.dll
2015-08-24 08:15:51 ----D---- C:\Windows\SysWOW64\drivers
2015-08-24 07:43:37 ----D---- C:\Windows\Downloaded Program Files
2015-08-19 08:30:09 ----D---- C:\Windows\winsxs
2015-08-14 08:13:34 ----D---- C:\Users
2015-08-13 19:21:42 ----D---- C:\Windows\rescache
2015-08-13 07:13:11 ----D---- C:\Windows\SysWOW64\en-US
2015-08-13 07:13:10 ----D---- C:\Program Files (x86)\Internet Explorer
2015-08-13 01:52:29 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 19:41:19 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-02 00:50:37 ----D---- C:\Windows\Logs
2015-07-24 13:50:17 ----D---- C:\Windows\SoftwareDistribution
2015-07-23 08:17:45 ----D---- C:\Windows\LiveKernelReports
2015-07-19 02:10:09 ----D---- C:\Windows\Help
2015-07-19 02:09:38 ----D---- C:\ProgramData\NVIDIA Corporation
2015-07-16 09:53:00 ----D---- C:\Program Files (x86)\Windows Media Player
2015-07-16 09:03:00 ----SD---- C:\Windows\SysWOW64\GWX
2015-07-16 05:04:41 ----D---- C:\Windows\PolicyDefinitions
2015-07-15 19:01:24 ----D---- C:\Program Files (x86)\Common Files\Adobe
2015-07-15 13:40:41 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-07-15 10:54:29 ----SD---- C:\ProgramData\Microsoft
2015-07-14 18:45:33 ----D---- C:\Windows\Prefetch
2015-07-14 18:37:49 ----D---- C:\Windows\AppCompat
2015-07-14 17:51:39 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2015-07-14 15:53:15 ----D---- C:\Windows\debug
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys []
R0 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 McPvDrv;McPvDrv Driver; C:\Windows\system32\drivers\McPvDrv.sys []
R3 A6210;NETGEAR A6210 USB Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\A6210.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys []
R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys []
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
R3 mfeaack;McAfee Inc. mfeaack; C:\Windows\system32\drivers\mfeaack.sys []
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys []
R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys []
R3 mfencbdc;McAfee Inc. mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys []
R3 mfesapsn;McAfee Process Start Notification Service; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2015-09-02 37960]
R4 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys []
S3 athr;Wireless PCI Adapter Driver Service; C:\Windows\system32\DRIVERS\athrx.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys []
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6232e.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 HipShieldK;McAfee Inc. HipShieldK; C:\Windows\system32\drivers\HipShieldK.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys []
S3 mfencrk;McAfee Inc. mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys []
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\netr28ux.sys []
S3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys []
S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys []
S3 RtlWlanu;ADD-NWU275v2 Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\rtwlanu.sys []
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys []
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdAppMgrSvc;Autodesk Application Manager Service; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [2015-09-07 1136520]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [2015-02-05 31160]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-05-01 1394816]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-05-01 1772672]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 HitmanProScheduler;HitmanPro Scheduler; C:\Program Files\HitmanPro\hmpsched.exe [2015-08-30 127752]
R2 HomeNetSvc;McAfee Home Network; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-07-21 368048]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [2015-09-02 157928]
R2 McAPExe;McAfee AP Service; C:\Program Files\McAfee\MSC\McAPExe.exe [2015-08-21 782608]
R2 mccspsvc;McAfee CSP Service; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [2015-07-23 1694152]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-07-21 368048]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-07-21 368048]
R2 McNeelUpdate;McNeel Update Service 5.0; c:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [2015-08-10 67944]
R2 mcpltsvc;McAfee Platform Services; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-07-21 368048]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-07-21 368048]
R2 mfemms;McAfee Service Controller; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [2015-07-15 373704]
R2 msdotnetserv_v2050729;Microsoft .Net Framework v2.0.50729 ALP (X86); C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe [2015-07-05 3003880]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-07-21 368048]
R2 NetgearSwitchUSB;NetgearSwitchUSB; C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe [2014-05-13 210648]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-05-14 4901888]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-02-05 410952]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2015-07-17 639456]
R3 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2015-06-29 232656]
R3 mfevtp;McAfee Validation Trust Protection Service; C:\Windows\system32\mfevtps.exe []
S2 0270371442166664mcinstcleanup;McAfee Application Installer Cleanup (0270371442166664); C:\Windows\TEMP\027037~1.EXE [2015-05-04 883024]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-23 134512]
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2015-07-29 2909472]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12 269000]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2015-07-14 74360]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-23 134512]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2015-07-18 1369856]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-03-31 1512640]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe /V []
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-08-26 149160]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
-----------------EOF-----------------
Attached Files
File Type: txt info.txt (23.9 KB, 327 views)
fluiza is offline  
Sponsored Links
Advertisement
 
Old 09-14-2015, 01:52 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-15-2015, 11:43 AM   #3
Registered Member
 
Join Date: Aug 2015
Posts: 19
OS: windows 7



Hello,

Many thanks for your reply. Here are the copied logs:


# AdwCleaner v5.007 - Logfile created 15/09/2015 at 19:29:42
# Updated 08/09/2015 by Xplode
# Database : 2015-09-10.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Leslie - LESLIE-PC
# Running from : C:\Users\Leslie\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib
***** [ Services ] *****

***** [ Folders ] *****
[-] Folder Deleted : C:\ProgramData\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA}
[-] Folder Deleted : C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{919ACA41-9F03-457F-AFE7-50642A7A1166}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-1839603052-2887386497-1392975552-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : HKU\S-1-5-21-1839603052-2887386497-1392975552-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
***** [ Web browsers ] *****

*************************
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [1580 bytes] ##########




Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Leslie (administrator) on LESLIE-PC (15-09-2015 19:35:27)
Running from C:\Users\Leslie\Desktop
Loaded Profiles: Leslie (Available Profiles: Leslie & User)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Robert McNeel & Associates) C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Copyright © Microsoft 2015) C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
() C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Autodesk Inc.) C:\Users\Leslie\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_232_ActiveX.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2015-02-20] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1712672 2009-07-09] ()
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [523144 2015-09-07] (Autodesk Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [39175960 2015-08-14] (Dropbox, Inc.)
HKLM-x32\...\Run: [ArchVision Dashboard] => C:\Program Files (x86)\ArchVision\Dashboard\Dashboard.exe [2520936 2015-06-11] (ArchVision, Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1839603052-2887386497-1392975552-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc.)
HKU\S-1-5-21-1839603052-2887386497-1392975552-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll [2004-08-10] (Autodesk)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk [2015-07-14]
ShortcutTarget: AutoCAD Startup Accelerator.lnk -> C:\Program Files (x86)\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A6210 Genie.lnk [2015-07-15]
ShortcutTarget: NETGEAR A6210 Genie.lnk -> C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE (NETGEAR)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{16481622-3D4C-42AE-A299-9794CCCC650D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{97515588-DA71-4128-8BA8-3C25294E2F6A}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1839603052-2887386497-1392975552-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1839603052-2887386497-1392975552-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1839603052-2887386497-1392975552-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1839603052-2887386497-1392975552-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-30] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-30] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-10] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-10] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-10] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-10] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\2i5y5qol.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-30] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: Foxstart Default Settings - C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\2i5y5qol.default\Extensions\[email protected] [2015-08-24]
FF Extension: McAfee WebAdvisor - C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\2i5y5qol.default\Extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}.xpi [2015-08-25]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-08-24]
FF Extension: No Name - C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\2i5y5qol.default\extensions\[email protected] [not found]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-13]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-13]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1136520 2015-09-07] (Autodesk Inc.)
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [74360 2015-07-14] (Autodesk, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-23] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-23] (Dropbox, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-08-30] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-09-10] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNeelUpdate; c:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [67944 2015-08-10] (Robert McNeel & Associates)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-15] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 msdotnetserv_v2050729; C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe [3003880 2015-07-05] (Copyright © Microsoft 2015)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 NetgearSwitchUSB; C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe [210648 2014-05-13] ()
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [4901888 2009-05-14] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 A6210; C:\Windows\System32\DRIVERS\A6210.sys [2208984 2014-06-20] (Ralink Technology Corp.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2015-06-17] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-09-10] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1525904 2012-11-08] (Realtek Semiconductor Corporation )
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-15 19:35 - 2015-09-15 19:36 - 00021992 _____ C:\Users\Leslie\Desktop\FRST.txt
2015-09-15 19:34 - 2015-09-15 19:35 - 00000000 ____D C:\FRST
2015-09-15 19:34 - 2015-09-15 19:34 - 02191360 _____ (Farbar) C:\Users\Leslie\Desktop\FRST64.exe
2015-09-15 19:27 - 2015-09-15 19:28 - 01660416 _____ C:\Users\Leslie\Desktop\AdwCleaner.exe
2015-09-13 19:14 - 2015-08-18 02:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-13 19:14 - 2015-08-18 02:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-13 19:14 - 2015-08-15 07:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-13 19:14 - 2015-08-15 07:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-13 19:14 - 2015-08-15 07:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-13 19:14 - 2015-08-15 07:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-13 19:14 - 2015-08-15 07:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-13 19:14 - 2015-08-15 06:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-13 19:14 - 2015-08-15 06:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-13 19:14 - 2015-08-15 06:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-13 19:14 - 2015-08-15 06:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-13 19:14 - 2015-08-15 06:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-13 19:14 - 2015-08-15 06:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-13 19:14 - 2015-08-15 06:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-13 19:14 - 2015-08-15 06:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-13 19:14 - 2015-08-15 06:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-13 19:14 - 2015-08-15 06:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-13 19:14 - 2015-08-15 06:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-13 19:14 - 2015-08-15 06:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-13 19:14 - 2015-08-15 05:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-13 19:14 - 2015-08-15 05:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-13 19:14 - 2015-08-15 05:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-13 19:14 - 2015-08-05 18:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-13 19:14 - 2015-08-05 18:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-13 19:14 - 2015-08-05 18:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-13 19:14 - 2015-08-05 18:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-13 19:14 - 2015-07-15 04:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-13 19:14 - 2015-07-15 03:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-13 19:14 - 2015-07-09 18:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-13 19:14 - 2015-07-09 18:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-13 19:14 - 2015-07-09 18:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-13 19:14 - 2015-07-09 18:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-13 19:13 - 2015-08-15 07:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-13 19:13 - 2015-08-15 07:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-13 19:13 - 2015-08-15 07:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-13 19:13 - 2015-08-15 07:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-13 19:13 - 2015-08-15 07:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-13 19:13 - 2015-08-15 07:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-13 19:13 - 2015-08-15 07:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-13 19:13 - 2015-08-15 07:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-13 19:13 - 2015-08-15 07:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-13 19:13 - 2015-08-15 07:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-13 19:13 - 2015-08-15 07:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-13 19:13 - 2015-08-15 07:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-13 19:13 - 2015-08-15 07:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-13 19:13 - 2015-08-15 06:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-13 19:13 - 2015-08-15 06:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-13 19:13 - 2015-08-15 06:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-13 19:13 - 2015-08-15 06:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-13 19:13 - 2015-08-15 06:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-13 19:13 - 2015-08-15 06:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-13 19:13 - 2015-08-15 06:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-13 19:13 - 2015-08-15 06:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-13 19:13 - 2015-08-15 06:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-13 19:13 - 2015-08-15 06:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-13 19:13 - 2015-08-15 06:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-13 19:13 - 2015-08-15 06:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-13 19:13 - 2015-08-15 06:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-13 19:13 - 2015-08-15 06:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-13 19:13 - 2015-08-15 06:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-13 19:13 - 2015-08-15 06:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-13 19:13 - 2015-08-15 06:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-13 19:13 - 2015-08-15 06:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-13 19:13 - 2015-08-15 06:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-13 19:13 - 2015-08-15 06:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-13 19:13 - 2015-08-15 06:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-13 19:13 - 2015-08-15 06:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-13 19:13 - 2015-08-15 06:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-13 19:13 - 2015-08-15 05:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-13 19:13 - 2015-08-15 05:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-13 19:12 - 2015-09-02 04:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-13 19:12 - 2015-09-02 04:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-13 19:12 - 2015-09-02 04:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-13 19:12 - 2015-09-02 04:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-13 19:12 - 2015-09-02 03:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-13 19:12 - 2015-09-02 03:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-13 19:12 - 2015-09-02 03:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-13 19:12 - 2015-09-02 03:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-13 19:12 - 2015-09-02 02:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-13 19:12 - 2015-09-02 02:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-13 19:12 - 2015-09-02 02:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-13 19:12 - 2015-08-27 19:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-13 19:12 - 2015-08-27 19:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-13 19:12 - 2015-08-27 19:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-13 19:12 - 2015-08-27 19:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-13 19:12 - 2015-08-27 18:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-13 19:12 - 2015-08-27 18:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-13 19:12 - 2015-08-27 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-13 19:12 - 2015-08-27 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-13 19:12 - 2015-08-26 19:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-13 19:12 - 2015-08-26 19:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-13 19:12 - 2015-08-26 19:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-13 19:12 - 2015-08-26 19:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-13 19:12 - 2015-08-26 19:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-13 19:12 - 2015-08-26 19:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-13 19:12 - 2015-08-26 19:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-13 19:12 - 2015-08-26 19:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-13 19:12 - 2015-08-26 19:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-13 19:12 - 2015-08-26 19:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-13 19:12 - 2015-08-26 19:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-13 19:12 - 2015-08-26 18:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-13 19:12 - 2015-08-26 18:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-13 19:12 - 2015-08-26 18:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-13 19:12 - 2015-08-26 18:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-13 19:12 - 2015-08-26 18:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-13 19:12 - 2015-08-04 19:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-13 19:12 - 2015-08-04 19:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-13 19:12 - 2015-08-04 18:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-13 19:12 - 2015-08-04 18:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-13 19:12 - 2015-08-04 18:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-13 19:12 - 2015-08-04 18:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-13 19:12 - 2015-08-04 18:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-13 19:12 - 2015-08-04 18:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-13 19:12 - 2015-08-04 17:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-13 19:12 - 2015-07-23 01:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-13 19:12 - 2015-07-23 01:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-13 19:12 - 2015-07-23 01:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-13 19:12 - 2015-07-23 01:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-13 19:12 - 2015-07-23 01:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-13 19:12 - 2015-07-23 01:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-13 19:12 - 2015-07-23 01:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-13 19:12 - 2015-07-23 01:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-13 19:12 - 2015-07-23 01:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-13 19:12 - 2015-07-23 01:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-13 19:12 - 2015-07-23 01:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-13 19:12 - 2015-07-23 01:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-13 19:12 - 2015-07-23 01:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-13 19:12 - 2015-07-23 01:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-13 19:12 - 2015-07-23 01:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-13 19:12 - 2015-07-23 01:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-13 19:12 - 2015-07-23 01:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-13 19:12 - 2015-07-23 01:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-13 19:12 - 2015-07-23 01:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-13 19:12 - 2015-07-23 01:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-13 19:12 - 2015-07-23 01:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-13 19:12 - 2015-07-23 01:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-13 19:12 - 2015-07-23 01:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-13 19:12 - 2015-07-23 01:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-13 19:12 - 2015-07-23 01:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-13 19:12 - 2015-07-23 01:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-13 19:12 - 2015-07-23 01:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-13 19:12 - 2015-07-23 01:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-13 19:12 - 2015-07-23 01:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-13 19:12 - 2015-07-23 01:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-13 19:12 - 2015-07-23 01:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-13 19:12 - 2015-07-23 01:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-13 19:12 - 2015-07-23 01:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-13 19:12 - 2015-07-23 01:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-13 19:12 - 2015-07-23 01:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-13 19:12 - 2015-07-23 00:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-13 19:12 - 2015-07-23 00:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-13 19:12 - 2015-07-23 00:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-13 19:12 - 2015-07-22 18:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-13 19:12 - 2015-07-22 18:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-13 19:12 - 2015-07-22 18:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-13 19:12 - 2015-07-22 18:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-13 19:12 - 2015-07-22 18:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-13 19:12 - 2015-07-22 18:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-13 19:12 - 2015-07-22 18:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-13 19:12 - 2015-07-22 18:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-13 19:12 - 2015-07-22 18:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-13 19:12 - 2015-07-22 18:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-13 19:12 - 2015-07-22 18:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-13 19:12 - 2015-07-22 18:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-13 19:12 - 2015-07-22 18:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-13 19:12 - 2015-07-22 18:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-13 19:12 - 2015-07-22 18:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-13 19:12 - 2015-07-22 18:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-13 19:12 - 2015-07-22 18:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-13 19:12 - 2015-07-22 18:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-13 19:12 - 2015-07-22 18:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-13 19:12 - 2015-07-22 18:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-13 19:12 - 2015-07-22 18:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-13 19:12 - 2015-07-22 18:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-13 19:12 - 2015-07-22 18:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-13 19:12 - 2015-07-22 18:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-13 19:12 - 2015-07-22 18:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 17:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-13 19:12 - 2015-07-22 17:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-13 19:12 - 2015-07-22 17:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-13 19:12 - 2015-07-22 17:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-13 19:12 - 2015-07-22 17:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-13 19:12 - 2015-07-22 17:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-13 19:12 - 2015-07-22 17:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 17:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-13 19:12 - 2015-07-22 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-13 19:12 - 2015-06-25 11:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-13 19:12 - 2015-06-25 11:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-13 19:12 - 2015-06-25 11:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-13 19:12 - 2015-06-25 10:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-13 19:04 - 2015-09-13 19:04 - 00000000 ____D C:\rsit
2015-09-13 19:04 - 2015-09-13 19:04 - 00000000 ____D C:\Program Files (x86)\trend micro
2015-09-13 19:03 - 2015-09-13 19:03 - 01107968 _____ C:\Users\Leslie\Desktop\RSIT.exe
2015-09-13 18:57 - 2015-09-13 18:57 - 00688992 _____ (Swearware) C:\Users\Leslie\Desktop\dds.scr
2015-09-13 18:50 - 2015-09-13 18:50 - 00000000 ____D C:\Users\Leslie\AppData\Roaming\Sun
2015-09-13 18:50 - 2015-09-13 18:50 - 00000000 ____D C:\Users\Leslie\.oracle_jre_usage
2015-09-05 13:07 - 2015-09-05 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-30 06:54 - 2015-08-30 06:54 - 00000000 ____D C:\Users\User\AppData\Roaming\Sun
2015-08-30 06:54 - 2015-08-30 06:54 - 00000000 ____D C:\Users\User\.oracle_jre_usage
2015-08-30 06:53 - 2015-09-05 12:52 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2015-08-30 06:53 - 2015-08-30 06:53 - 00000000 ____D C:\Users\User\AppData\Local\Skype
2015-08-30 06:53 - 2015-08-30 06:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-30 06:42 - 2015-08-30 06:42 - 00000000 ____D C:\Users\User\AppData\Roaming\ProductData
2015-08-30 06:42 - 2015-08-30 06:42 - 00000000 ____D C:\Users\User\AppData\Roaming\Mozilla
2015-08-30 06:42 - 2015-08-30 06:42 - 00000000 ____D C:\Users\User\AppData\Roaming\IObit
2015-08-30 06:42 - 2015-08-30 06:42 - 00000000 ____D C:\Users\User\AppData\Local\Mozilla
2015-08-25 20:36 - 2015-09-13 18:46 - 00000000 ____D C:\ProgramData\ProductData
2015-08-25 20:36 - 2015-08-25 20:36 - 00000000 ____D C:\Users\Leslie\AppData\Roaming\ProductData
2015-08-25 18:16 - 2015-08-25 18:16 - 00000995 _____ C:\Users\Leslie\Desktop\JRT.txt
2015-08-25 11:14 - 2015-08-25 11:14 - 00047854 _____ C:\Windows\system32\.crusader
2015-08-25 11:10 - 2015-08-25 11:10 - 00001904 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-08-25 11:10 - 2015-08-25 11:10 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-25 11:09 - 2015-08-25 11:15 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-25 10:32 - 2015-08-25 21:18 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-25 10:32 - 2015-08-25 10:32 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-25 10:32 - 2015-08-25 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-25 10:32 - 2015-08-25 10:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-25 10:32 - 2015-08-25 10:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-25 10:32 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-25 10:32 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-25 10:32 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-25 10:16 - 2015-09-13 18:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-25 10:16 - 2015-09-05 12:51 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-25 10:16 - 2015-09-05 12:51 - 00001158 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-25 10:16 - 2015-09-05 12:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-25 09:40 - 2015-08-25 09:40 - 00000000 ____D C:\Users\Leslie\AppData\Local\Google
2015-08-25 09:39 - 2015-08-25 09:39 - 00002560 _____ C:\Windows\_MSRSTRT.EXE
2015-08-25 07:53 - 2015-08-25 07:53 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2015-08-25 07:51 - 2015-09-13 18:52 - 00000000 ____D C:\Program Files (x86)\IObit
2015-08-25 07:51 - 2015-08-25 10:19 - 00000000 ____D C:\ProgramData\IObit
2015-08-25 07:51 - 2015-08-25 07:51 - 00000000 ____D C:\Users\Leslie\AppData\Roaming\IObit
2015-08-25 07:51 - 2015-08-25 07:51 - 00000000 ____D C:\Users\Leslie\AppData\Roaming\Apple Computer
2015-08-25 07:02 - 2015-09-15 19:29 - 00000000 ____D C:\AdwCleaner
2015-08-25 06:44 - 2015-08-25 06:44 - 00000000 ____D C:\Users\User\AppData\Roaming\WinRAR
2015-08-24 22:08 - 2015-09-05 12:08 - 00000000 __RSD C:\Users\User\Documents\McAfee Vaults
2015-08-24 22:08 - 2015-08-24 22:08 - 00000000 ____D C:\Users\User\AppData\Local\McAfee File Lock
2015-08-24 19:53 - 2015-08-24 19:54 - 00001029 _____ C:\Windows\SysWOW64\${LOGFILE}
2015-08-24 17:09 - 2015-08-24 17:09 - 00003108 _____ C:\Windows\System32\Tasks\{25DE1F68-CCA8-4D26-A24F-947D3EA063A5}
2015-08-24 16:33 - 2015-08-24 16:33 - 00001927 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
2015-08-24 16:32 - 2015-09-15 19:33 - 00000000 __RSD C:\Users\Leslie\Documents\McAfee Vaults
2015-08-24 16:32 - 2015-09-05 12:12 - 00003080 _____ C:\Windows\System32\Tasks\McAfeeLogon
2015-08-24 16:32 - 2015-08-24 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-08-24 16:32 - 2015-08-24 16:32 - 00000000 ____D C:\Users\Leslie\AppData\Local\McAfee File Lock
2015-08-24 16:32 - 2015-08-24 16:32 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2015-08-24 16:32 - 2015-06-17 00:56 - 00076064 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2015-08-24 16:32 - 2015-05-19 13:59 - 00207208 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-08-24 16:31 - 2015-09-14 03:25 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-08-24 16:31 - 2015-08-24 17:31 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2015-08-24 16:31 - 2015-08-24 16:33 - 00000000 ____D C:\Program Files\McAfee
2015-08-24 16:31 - 2015-08-24 16:31 - 00000000 ____D C:\Program Files\McAfee.com
2015-08-24 16:31 - 2015-08-24 16:31 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-24 16:28 - 2015-08-24 16:28 - 00000015 _____ C:\Users\Leslie\Desktop\mcafee.txt
2015-08-24 16:22 - 2015-09-05 12:11 - 00000000 ____D C:\ProgramData\McAfee
2015-08-24 16:22 - 2015-08-24 16:32 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-08-24 16:22 - 2015-06-29 10:03 - 00254792 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-08-24 16:02 - 2015-08-25 10:50 - 00001424 _____ C:\Users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-24 15:03 - 2015-08-24 15:05 - 00000000 ____D C:\ProgramData\LocalStorage
2015-08-24 14:55 - 2015-08-24 14:55 - 00000000 ____D C:\Users\User\AppData\Local\CrashRpt
2015-08-24 14:43 - 2015-08-24 14:43 - 00000000 ____D C:\Users\User\.android
2015-08-24 14:42 - 2015-08-25 06:35 - 00000000 ____D C:\Users\User\AppData\Local\Unity
2015-08-24 14:42 - 2015-08-24 14:43 - 00000000 ____D C:\Users\User\AppData\Roaming\ppslog
2015-08-24 14:33 - 2015-08-24 14:33 - 00000000 ____D C:\Users\User\AppData\Roaming\Opera Software
2015-08-24 14:33 - 2015-08-24 14:33 - 00000000 ____D C:\Users\User\AppData\Local\Opera Software
2015-08-24 14:28 - 2015-08-24 17:08 - 00001517 _____ C:\ProgramData\tempimage.bmp
2015-08-24 14:26 - 2015-08-24 14:27 - 00000000 ____D C:\Users\User\AppData\Local\Ninja Loader
2015-08-24 14:19 - 2015-08-24 14:19 - 00003824 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1440422344
2015-08-24 14:19 - 2015-08-24 14:19 - 00000000 ____D C:\Users\Leslie\AppData\Roaming\Opera Software
2015-08-24 14:19 - 2015-08-24 14:19 - 00000000 ____D C:\Users\Leslie\AppData\Local\Opera Software
2015-08-24 14:17 - 2015-08-25 21:28 - 00000000 ____D C:\ProgramData\MSNetCore
2015-08-24 14:05 - 2015-08-24 19:58 - 00000000 ____D C:\Users\Leslie\AppData\Local\Unity
2015-08-24 14:05 - 2015-08-24 14:43 - 00000000 ____D C:\ppsfile
2015-08-24 14:03 - 2015-08-24 14:03 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-08-24 14:02 - 2015-08-24 14:02 - 00000000 ____D C:\Windows\system32\gigr
2015-08-24 13:51 - 2009-06-10 22:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-24 13:49 - 2015-08-24 19:52 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-24 09:30 - 2015-08-24 09:37 - 00000000 ____D C:\Users\Leslie\Desktop\Danny
2015-08-24 08:42 - 2015-08-24 08:42 - 00000000 ____D C:\NVIDIA
2015-08-24 08:41 - 2015-08-24 08:41 - 00000000 ____D C:\Users\Leslie\AppData\Local\3dmouse
2015-08-24 08:40 - 2015-08-24 08:40 - 00000000 ____D C:\Users\Leslie\AppData\Roaming\McNeel
2015-08-24 08:40 - 2015-08-24 08:40 - 00000000 ____D C:\Users\Leslie\AppData\Local\McNeel
2015-08-24 08:16 - 2015-08-24 08:16 - 00001089 _____ C:\Users\Public\Desktop\Rhinoceros 5 (64-bit).lnk
2015-08-24 08:16 - 2015-08-24 08:16 - 00000000 ____D C:\Program Files\Rhinoceros 5 (64-bit)
2015-08-24 08:15 - 2015-08-24 19:44 - 00000500 _____ C:\Windows\SysWOW64\Drivers\igxkxz_586.set
2015-08-24 08:15 - 2015-08-24 19:44 - 00000500 _____ C:\Windows\SysWOW64\Drivers\diusvhm262.dat
2015-08-24 08:15 - 2015-08-24 19:44 - 00000500 _____ C:\Windows\d_oirotq229.ini
2015-08-24 08:15 - 2015-08-24 08:40 - 00000000 ____D C:\ProgramData\McNeel
2015-08-24 08:15 - 2015-08-24 08:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhinoceros 5
2015-08-24 08:15 - 2015-08-24 08:15 - 00001075 _____ C:\Users\Public\Desktop\Rhinoceros 5.lnk
2015-08-24 08:15 - 2015-08-24 08:15 - 00000500 _____ C:\Windows\SysWOW64\Drivers\ggxkxz_414.set
2015-08-24 08:15 - 2015-08-24 08:15 - 00000500 _____ C:\Windows\SysWOW64\Drivers\fiusvhm381.dat
2015-08-24 08:15 - 2015-08-24 08:15 - 00000500 _____ C:\Windows\i_oirotq582.ini
2015-08-24 08:15 - 2015-08-24 08:15 - 00000000 ____D C:\Program Files (x86)\Rhinoceros 5
2015-08-24 08:15 - 2015-08-24 08:15 - 00000000 ____D C:\Program Files (x86)\McNeelUpdate
2015-08-24 07:26 - 2015-08-24 17:17 - 00003460 _____ C:\Windows\System32\Tasks\Olkugoroxioma
2015-08-24 07:21 - 2015-08-24 07:30 - 00000000 ____D C:\Users\Leslie\AppData\Local\Mozilla
2015-08-24 07:21 - 2015-08-24 07:21 - 00000000 ____D C:\Users\Leslie\AppData\Roaming\Mozilla
2015-08-24 07:20 - 2015-08-24 07:20 - 00422400 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-08-24 07:20 - 2015-08-24 07:20 - 00342016 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-08-24 07:20 - 2015-08-24 07:20 - 00002792 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-08-24 07:20 - 2015-08-24 07:20 - 00002792 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-08-24 06:00 - 2015-08-24 09:01 - 00000000 ____D C:\Users\Leslie\Desktop\Bolton Photos
2015-08-22 14:47 - 2015-08-22 14:47 - 00000000 ____D C:\Users\User\Documents\Genesis GA-Worksets_User_backup
2015-08-22 14:28 - 2015-08-22 15:34 - 00000000 ____D C:\Users\User\Desktop\Bolton Photos
2015-08-21 06:51 - 2015-08-21 07:32 - 00327680 _____ C:\Users\Leslie\Desktop\Treston Trolley.rfa
2015-08-21 06:51 - 2015-08-21 07:26 - 00327680 _____ C:\Users\Leslie\Desktop\Treston Trolley.0003.rfa
2015-08-21 06:51 - 2015-08-21 07:20 - 00327680 _____ C:\Users\Leslie\Desktop\Treston Trolley.0002.rfa
2015-08-21 06:51 - 2015-08-21 06:51 - 00299008 _____ C:\Users\Leslie\Desktop\Treston Trolley.0001.rfa
2015-08-21 06:50 - 2015-08-21 06:51 - 00299008 _____ C:\Users\Leslie\Desktop\Treston Desk.rfa
2015-08-21 06:50 - 2015-08-21 06:50 - 00299008 _____ C:\Users\Leslie\Desktop\Treston Desk.0001.rfa
2015-08-21 06:50 - 2015-08-21 06:50 - 00000000 ____D C:\Users\Leslie\Desktop\Genesis Families
2015-08-17 18:41 - 2015-08-17 18:41 - 00000000 ____D C:\Users\User\AppData\Roaming\Macromedia
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-15 19:33 - 2015-03-27 10:54 - 01623863 _____ C:\Windows\WindowsUpdate.log
2015-09-15 19:31 - 2015-07-23 09:56 - 00000000 ___RD C:\Users\Leslie\Dropbox
2015-09-15 19:31 - 2015-07-23 09:54 - 00000000 ____D C:\Users\Leslie\AppData\Local\Dropbox
2015-09-15 19:30 - 2015-07-23 09:54 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-09-15 19:30 - 2015-07-15 15:58 - 00000433 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-09-15 19:30 - 2015-05-06 09:30 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-15 19:30 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-15 19:30 - 2009-07-14 05:51 - 00047330 _____ C:\Windows\setupact.log
2015-09-15 19:29 - 2009-07-14 05:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-15 19:29 - 2009-07-14 05:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-15 19:28 - 2009-07-14 06:13 - 00781334 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-14 07:05 - 2015-07-23 09:54 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-09-14 06:14 - 2015-03-27 16:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-14 04:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-09-14 03:25 - 2010-11-21 04:47 - 00172270 _____ C:\Windows\PFRO.log
2015-09-14 03:25 - 2009-07-14 05:45 - 00382528 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-14 03:24 - 2011-04-12 09:28 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-14 03:24 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-14 03:08 - 2015-03-27 12:02 - 00000000 ____D C:\Windows\system32\MRT
2015-09-13 18:50 - 2015-07-14 15:55 - 00000000 ____D C:\Users\Leslie
2015-09-05 13:07 - 2015-07-23 09:54 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-09-05 12:51 - 2015-03-27 15:52 - 00000000 ____D C:\ProgramData\Skype
2015-08-30 06:53 - 2015-03-27 16:08 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-30 06:53 - 2015-03-27 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-30 06:53 - 2015-03-27 16:08 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-30 06:53 - 2015-03-27 15:53 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-30 06:53 - 2015-03-27 15:53 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-30 06:45 - 2015-08-14 08:13 - 00098496 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-26 18:37 - 2015-03-27 12:01 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-25 10:58 - 2015-07-10 14:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-25 10:48 - 2015-03-27 18:51 - 00000000 ____D C:\Windows\Panther
2015-08-25 09:52 - 2015-07-18 00:07 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-25 09:39 - 2015-07-18 00:06 - 00000000 ____D C:\Program Files (x86)\FlashGet
2015-08-25 09:39 - 2009-07-14 06:08 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-25 09:38 - 2015-07-18 00:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashGet
2015-08-25 07:54 - 2015-07-14 15:59 - 00098496 _____ C:\Users\Leslie\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-24 16:27 - 2015-03-27 16:10 - 00001945 _____ C:\Windows\epplauncher.mif
2015-08-24 15:05 - 2015-08-14 08:13 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore
2015-08-24 15:00 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-08-24 14:02 - 2015-03-27 11:41 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-08-24 14:02 - 2015-03-27 11:41 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-08-22 15:29 - 2015-08-14 08:13 - 00000000 ____D C:\Users\User\AppData\Roaming\Autodesk
2015-08-22 15:28 - 2015-08-14 08:13 - 00000000 ____D C:\Users\User\AppData\Local\Autodesk
2015-08-22 15:28 - 2015-07-18 14:50 - 00002105 _____ C:\Users\Public\Desktop\AutoCAD 2016 - English.lnk
2015-08-21 07:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
==================== Files in the root of some directories =======
2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\Leslie\AppData\Roaming\7KFuyO6V4x3wPBhoFriX
2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\Leslie\AppData\Roaming\9NrTjGWTN7D
2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\Leslie\AppData\Roaming\KbWg1gCQkhxr
2015-07-18 14:50 - 2015-07-18 14:50 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2015-08-24 14:28 - 2015-08-24 17:08 - 0001517 _____ () C:\ProgramData\tempimage.bmp
Some files in TEMP:
====================
C:\Users\Leslie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgkabfl.dll
C:\Users\Leslie\AppData\Local\Temp\InstallHelper.exe
C:\Users\Leslie\AppData\Local\Temp\[email protected]
C:\Users\Leslie\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Leslie\AppData\Local\Temp\ProxyX64Process_18467.exe
C:\Users\Leslie\AppData\Local\Temp\qqpcmgr_v10.11.16588.235_72898_Silence.exe
C:\Users\Leslie\AppData\Local\Temp\SpOrder.dll
C:\Users\Leslie\AppData\Local\Temp\sqlite3.dll
C:\Users\Leslie\AppData\Local\Temp\Uninstall.exe
C:\Users\Leslie\AppData\Local\Temp\UninstallModule.exe
C:\Users\User\AppData\Local\Temp\1440422873.exe
C:\Users\User\AppData\Local\Temp\1440480897.exe
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsi8sm9.dll
C:\Users\User\AppData\Local\Temp\geeplayersetup_unfix.exe
C:\Users\User\AppData\Local\Temp\HitmanPro.exe
C:\Users\User\AppData\Local\Temp\masblog_runxx.dl.dll
C:\Users\User\AppData\Local\Temp\ppstreamsetup_unfix.exe
C:\Users\User\AppData\Local\Temp\QYAgent_runxx.dl.dll
C:\Users\User\AppData\Local\Temp\sqlite3.dll
C:\Users\User\AppData\Local\Temp\tu17p84.exe
C:\Users\User\AppData\Local\Temp\Uninstall.exe

==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2015-03-27 11:41] - [2015-08-24 14:02] - 0357888 ____A (Microsoft Corporation) D849F15BB233A76748C243F86824F48B
C:\Windows\SysWOW64\dnsapi.dll
[2015-03-27 11:41] - [2015-08-24 14:02] - 0270336 ____A (Microsoft Corporation) F0E2C5C0074DB584F959D0248272BDCF
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-14 03:55
==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition_15-09-2015_19-37-14.txt (39.8 KB, 36 views)
fluiza is offline  
Sponsored Links
Advertisement
 
Old 09-15-2015, 01:02 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Fabiana.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
    CustomCLSID: HKU\S-1-5-21-1839603052-2887386497-1392975552-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\Navisworks Manage 2015\Loaders\Inv\Inventor Server\Bin\TestServer.dll No F (the data entry has 3 more characters).
    CustomCLSID: HKU\S-1-5-21-1839603052-2887386497-1392975552-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\Navisworks Manage 2015\Loaders\Inv\Inventor Server\Bin\TestServer.dll No F (the data entry has 3 more characters).
    CustomCLSID: HKU\S-1-5-21-1839603052-2887386497-1392975552-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\Navisworks Manage 2015\Loaders\Inv\Inventor Server\Bin\TestServer.dll No F (the data entry has 3 more characters).
    Task: {4B03A410-BB11-4A4D-8A49-2323B154FB5D} - System32\Tasks\Olkugoroxioma => C:\ProgramData\Olkugoroxioma\1.0.4.1\soefmniu.exe
    FirewallRules: [{49DA785B-80A9-4627-BFD8-7EB6FBF13D44}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
    C:\Program Files (x86)\Crossbrowse
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    SearchScopes: HKU\S-1-5-21-1839603052-2887386497-1392975552-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1839603052-2887386497-1392975552-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Extension: No Name - C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\2i5y5qol.default\extensions\[email protected] [not found]
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
    C:\ProgramData\Olkugoroxioma
    2015-08-24 07:26 - 2015-08-24 17:17 - 00003460 _____ C:\Windows\System32\Tasks\Olkugoroxioma
    2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\Leslie\AppData\Roaming\7KFuyO6V4x3wPBhoFriX
    2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\Leslie\AppData\Roaming\9NrTjGWTN7D
    2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\Leslie\AppData\Roaming\KbWg1gCQkhxr
    2015-08-30 06:42 - 2015-08-30 06:42 - 00000000 ____D C:\Users\User\AppData\Roaming\IObit
    2015-08-25 07:51 - 2015-09-13 18:52 - 00000000 ____D C:\Program Files (x86)\IObit
    2015-08-25 07:51 - 2015-08-25 10:19 - 00000000 ____D C:\ProgramData\IObit
    2015-08-25 07:51 - 2015-08-25 07:51 - 00000000 ____D C:\Users\Leslie\AppData\Roaming\IObit
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-17-2015, 01:41 PM   #5
Registered Member
 
Join Date: Aug 2015
Posts: 19
OS: windows 7



Hello again,

This is the Fixlog.txt, also attached - Many thanks!

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Leslie (2015-09-17 21:26:28) Run:1
Running from C:\Users\Leslie\Desktop
Loaded Profiles: Leslie (Available Profiles: Leslie & User)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
createrestorepoint:
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1839603052-2887386497-1392975552-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\Navisworks Manage 2015\Loaders\Inv\Inventor Server\Bin\TestServer.dll No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-1839603052-2887386497-1392975552-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\Navisworks Manage 2015\Loaders\Inv\Inventor Server\Bin\TestServer.dll No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-1839603052-2887386497-1392975552-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\Navisworks Manage 2015\Loaders\Inv\Inventor Server\Bin\TestServer.dll No F (the data entry has 3 more characters).
Task: {4B03A410-BB11-4A4D-8A49-2323B154FB5D} - System32\Tasks\Olkugoroxioma => C:\ProgramData\Olkugoroxioma\1.0.4.1\soefmniu.exe
FirewallRules: [{49DA785B-80A9-4627-BFD8-7EB6FBF13D44}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
C:\Program Files (x86)\Crossbrowse
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
SearchScopes: HKU\S-1-5-21-1839603052-2887386497-1392975552-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1839603052-2887386497-1392975552-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: No Name - C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\2i5y5qol.default\extensions\[email protected] [not found]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
C:\ProgramData\Olkugoroxioma
2015-08-24 07:26 - 2015-08-24 17:17 - 00003460 _____ C:\Windows\System32\Tasks\Olkugoroxioma
2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\Leslie\AppData\Roaming\7KFuyO6V4x3wPBhoFriX
2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\Leslie\AppData\Roaming\9NrTjGWTN7D
2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\Leslie\AppData\Roaming\KbWg1gCQkhxr
2015-08-30 06:42 - 2015-08-30 06:42 - 00000000 ____D C:\Users\User\AppData\Roaming\IObit
2015-08-25 07:51 - 2015-09-13 18:52 - 00000000 ____D C:\Program Files (x86)\IObit
2015-08-25 07:51 - 2015-08-25 10:19 - 00000000 ____D C:\ProgramData\IObit
2015-08-25 07:51 - 2015-08-25 07:51 - 00000000 ____D C:\Users\Leslie\AppData\Roaming\IObit
EmptyTemp:
endDouble-click FRST64 to run the tool. If the tool warns you the version is outdated
*****************
Restore point was successfully created.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => value removed successfully
"HKU\S-1-5-21-1839603052-2887386497-1392975552-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}" => key removed successfully
"HKU\S-1-5-21-1839603052-2887386497-1392975552-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}" => key removed successfully
"HKU\S-1-5-21-1839603052-2887386497-1392975552-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{4B03A410-BB11-4A4D-8A49-2323B154FB5D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B03A410-BB11-4A4D-8A49-2323B154FB5D}" => key removed successfully
C:\Windows\System32\Tasks\Olkugoroxioma => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Olkugoroxioma" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{49DA785B-80A9-4627-BFD8-7EB6FBF13D44} => value removed successfully
"C:\Program Files (x86)\Crossbrowse" => File/Folder not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKU\S-1-5-21-1839603052-2887386497-1392975552-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1839603052-2887386497-1392975552-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\2i5y5qol.default\extensions\[email protected] => path removed successfully
LiveUpdateSvc => service removed successfully
"C:\ProgramData\Olkugoroxioma" => File/Folder not found.
"C:\Windows\System32\Tasks\Olkugoroxioma" => File/Folder not found.
C:\Users\Leslie\AppData\Roaming\7KFuyO6V4x3wPBhoFriX => moved successfully
C:\Users\Leslie\AppData\Roaming\9NrTjGWTN7D => moved successfully
C:\Users\Leslie\AppData\Roaming\KbWg1gCQkhxr => moved successfully
C:\Users\User\AppData\Roaming\IObit => moved successfully
C:\Program Files (x86)\IObit => moved successfully
C:\ProgramData\IObit => moved successfully
C:\Users\Leslie\AppData\Roaming\IObit => moved successfully
endDouble-click FRST64 to run the tool. If the tool warns you the version is outdated => Error: No automatic fix found for this entry.
EmptyTemp: => 4.7 GB temporary data Removed.

The system needed a reboot..
==== End of Fixlog 21:27:09 ====
Attached Files
File Type: txt Fixlog.txt (7.9 KB, 19 views)
fluiza is offline  
Old 09-17-2015, 06:45 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Fabiana. You're very welcome.

Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

globalupdate Helper

This entry is classified as malware, spyware, adware, or other potentially unwanted software.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-18-2015, 06:03 AM   #7
Registered Member
 
Join Date: Aug 2015
Posts: 19
OS: windows 7



Hi

Again thanks for your help so far

I have uninstalled the global updater entry.
I ran Combofix and the log is attached. I disabled the antivirus live protection but forgot to disable the firewall, let me know if that obstructed combofix and I can run it again.

cheers,

Fabiana

ComboFix 15-09-07.01 - Leslie 18/09/2015 13:37:24.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.24574.21881 [GMT 1:00]
Running from: c:\users\Leslie\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Leslie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfymeos.dll
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
c:\windows\SysWow64\dnsapi.dll . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2015-08-18 to 2015-09-18 )))))))))))))))))))))))))))))))
.
.
2015-09-18 12:43 . 2015-09-18 12:43 -------- d-----w- c:\users\User\AppData\Local\temp
2015-09-18 12:43 . 2015-09-18 12:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-18 12:24 . 2015-09-18 12:24 -------- d-----w- c:\windows\system32\appmgmt
2015-09-15 18:34 . 2015-09-17 20:28 -------- d-----w- C:\FRST
2015-09-13 18:13 . 2015-08-18 01:14 816744 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2015-09-13 18:12 . 2015-07-23 00:06 5568960 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-09-13 18:04 . 2015-09-13 18:04 -------- d-----w- C:\rsit
2015-09-13 18:04 . 2015-09-13 18:04 -------- d-----w- c:\program files (x86)\trend micro
2015-09-13 17:50 . 2015-09-13 17:50 -------- d-----w- c:\users\Leslie\.oracle_jre_usage
2015-08-30 05:54 . 2015-08-30 05:54 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-08-30 05:54 . 2015-08-30 05:54 -------- d-----w- c:\users\User\.oracle_jre_usage
2015-08-30 05:53 . 2015-08-30 05:53 -------- d-----w- c:\users\User\AppData\Local\Skype
2015-08-30 05:53 . 2015-09-05 11:52 -------- d-----w- c:\users\User\AppData\Roaming\Skype
2015-08-30 05:53 . 2015-08-30 05:53 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-08-30 05:42 . 2015-08-30 05:42 -------- d-----w- c:\users\User\AppData\Roaming\ProductData
2015-08-30 05:42 . 2015-08-30 05:42 -------- d-----w- c:\users\User\AppData\Local\Mozilla
2015-08-25 19:36 . 2015-08-25 19:36 -------- d-----w- c:\users\Leslie\AppData\Roaming\ProductData
2015-08-25 19:36 . 2015-09-13 17:46 -------- d-----w- c:\programdata\ProductData
2015-08-25 10:10 . 2015-08-25 10:10 -------- d-----w- c:\program files\HitmanPro
2015-08-25 10:09 . 2015-08-25 10:15 -------- d-----w- c:\programdata\HitmanPro
2015-08-25 09:32 . 2015-08-25 20:18 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-25 09:32 . 2015-08-25 09:32 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-08-25 09:32 . 2015-08-25 09:32 -------- d-----w- c:\programdata\Malwarebytes
2015-08-25 09:32 . 2015-06-18 07:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-25 09:32 . 2015-06-18 07:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-25 09:32 . 2015-06-18 07:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-25 09:16 . 2015-09-13 17:45 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2015-08-25 08:40 . 2015-08-25 08:40 -------- d-----w- c:\users\Leslie\AppData\Local\Google
2015-08-25 08:39 . 2015-08-25 08:39 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2015-08-25 06:53 . 2015-08-25 06:53 -------- d-----w- c:\program files (x86)\Common Files\IObit
2015-08-25 06:51 . 2015-08-25 06:51 -------- d-----w- c:\users\Leslie\AppData\Roaming\Apple Computer
2015-08-25 06:02 . 2015-09-15 18:29 -------- d-----w- C:\AdwCleaner
2015-08-24 21:08 . 2015-08-24 21:08 -------- d-----w- c:\users\User\AppData\Local\McAfee File Lock
2015-08-24 15:32 . 2015-08-24 15:32 -------- d-----w- c:\users\Leslie\AppData\Local\McAfee File Lock
2015-08-24 15:32 . 2015-06-16 23:56 76064 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2015-08-24 15:32 . 2015-05-19 12:59 207208 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2015-08-24 15:31 . 2015-08-24 15:33 -------- d-----w- c:\program files\McAfee
2015-08-24 15:31 . 2015-08-24 15:31 -------- d-----w- c:\program files\Common Files\AV
2015-08-24 15:31 . 2015-09-17 20:24 -------- d-----w- c:\program files (x86)\McAfee
2015-08-24 15:22 . 2015-06-29 09:03 254792 ----a-w- c:\windows\system32\mfevtps.exe
2015-08-24 15:22 . 2015-08-24 15:32 -------- d-----w- c:\program files\Common Files\McAfee
2015-08-24 15:22 . 2015-08-24 15:32 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2015-08-24 15:22 . 2015-09-05 11:11 -------- d-----w- c:\programdata\McAfee
2015-08-24 14:03 . 2015-08-24 14:05 -------- d-----w- c:\programdata\LocalStorage
2015-08-24 13:55 . 2015-08-24 13:55 -------- d-----w- c:\users\User\AppData\Local\CrashRpt
2015-08-24 13:43 . 2015-08-24 13:43 -------- d-----w- c:\users\User\.android
2015-08-24 13:42 . 2015-08-24 13:43 -------- d-----w- c:\users\User\AppData\Roaming\ppslog
2015-08-24 13:42 . 2015-08-25 05:35 -------- d-----w- c:\users\User\AppData\Local\Unity
2015-08-24 13:33 . 2015-08-24 13:33 -------- d-----w- c:\users\User\AppData\Roaming\Opera Software
2015-08-24 13:33 . 2015-08-24 13:33 -------- d-----w- c:\users\User\AppData\Local\Opera Software
2015-08-24 13:28 . 2015-08-24 13:28 -------- d-----w- c:\users\User\AppData\Local\Programs
2015-08-24 13:26 . 2015-08-24 13:27 -------- d-----w- c:\users\User\AppData\Local\Ninja Loader
2015-08-24 13:19 . 2015-08-24 13:19 -------- d-----w- c:\programdata\PlayGemConfig
2015-08-24 13:19 . 2015-08-24 13:19 -------- d-----w- c:\users\Leslie\AppData\Roaming\Opera Software
2015-08-24 13:19 . 2015-08-24 13:19 -------- d-----w- c:\users\Leslie\AppData\Local\Opera Software
2015-08-24 13:17 . 2015-08-25 20:28 -------- d-----w- c:\programdata\MSNetCore
2015-08-24 13:05 . 2015-08-24 13:43 -------- d-----w- C:\ppsfile
2015-08-24 13:05 . 2015-08-24 18:58 -------- d-----w- c:\users\Leslie\AppData\Local\Unity
2015-08-24 13:02 . 2015-08-24 13:02 -------- d-----w- c:\windows\system32\gigr
2015-08-24 12:54 . 2015-08-24 12:54 -------- d-----w- c:\users\Leslie\AppData\Local\Programs
2015-08-24 07:42 . 2015-08-24 07:42 -------- d-----w- C:\NVIDIA
2015-08-24 07:41 . 2015-08-24 07:41 -------- d-----w- c:\users\Leslie\AppData\Local\3dmouse
2015-08-24 07:40 . 2015-08-24 07:40 -------- d-----w- c:\users\Leslie\AppData\Roaming\McNeel
2015-08-24 07:40 . 2015-08-24 07:40 -------- d-----w- c:\users\Leslie\AppData\Local\McNeel
2015-08-24 07:16 . 2015-08-24 07:16 -------- d-----w- c:\program files\Rhinoceros 5 (64-bit)
2015-08-24 07:15 . 2015-08-24 18:44 500 ----a-w- c:\windows\SysWow64\drivers\diusvhm262.dat
2015-08-24 07:15 . 2015-08-24 07:15 500 ----a-w- c:\windows\SysWow64\drivers\fiusvhm381.dat
2015-08-24 07:15 . 2015-08-24 07:40 -------- d-----w- c:\programdata\McNeel
2015-08-24 07:15 . 2015-08-24 07:15 -------- d-----w- c:\program files (x86)\McNeelUpdate
2015-08-24 07:15 . 2015-08-24 07:15 -------- d-----w- c:\program files (x86)\Common Files\McNeel Shared
2015-08-24 07:15 . 2015-08-24 07:15 -------- d-----w- c:\program files (x86)\Rhinoceros 5
2015-08-24 06:21 . 2015-08-24 06:30 -------- d-----w- c:\users\Leslie\AppData\Local\Mozilla
2015-08-24 06:20 . 2015-08-24 06:20 422400 ----a-w- c:\windows\system32\LavasoftTcpService64.dll
2015-08-24 06:20 . 2015-08-24 06:20 342016 ----a-w- c:\windows\SysWow64\LavasoftTcpService.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-30 05:53 . 2015-03-27 15:08 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-08-26 17:37 . 2015-03-27 11:01 134753440 ----a-w- c:\windows\system32\MRT.exe
2015-08-24 13:02 . 2015-03-27 10:41 357888 ----a-w- c:\windows\system32\dnsapi.dll
2015-08-12 18:41 . 2015-03-27 15:01 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-12 18:41 . 2015-03-27 15:01 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-30 18:06 . 2015-08-12 18:53 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 18:06 . 2015-08-12 18:53 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 18:06 . 2015-08-12 18:53 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 17:57 . 2015-08-12 18:53 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-07-30 17:57 . 2015-08-12 18:53 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-07-30 13:13 . 2015-08-13 00:53 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 13:13 . 2015-08-13 00:53 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-28 20:09 . 2015-08-12 18:55 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 20:05 . 2015-08-12 18:55 774656 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 20:05 . 2015-08-12 18:55 743424 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 20:05 . 2015-08-12 18:55 437760 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 20:05 . 2015-08-12 18:55 1116672 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 20:05 . 2015-08-12 18:55 69120 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 20:05 . 2015-08-12 18:55 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-07-28 19:55 . 2015-08-12 18:55 1148416 ----a-w- c:\windows\system32\aeinv.dll
2015-07-22 17:53 . 2015-09-13 18:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-21 08:36 . 2015-07-21 08:36 82432 ----a-w- c:\users\Leslie\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2015-07-21 08:36 . 2015-07-21 08:36 44544 ----a-w- c:\users\Leslie\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2015-07-21 08:36 . 2015-07-21 08:36 1275392 ----a-w- c:\users\Leslie\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
2015-07-16 19:12 . 2015-08-12 18:54 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
2015-07-16 19:12 . 2015-08-12 18:54 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-07-16 19:12 . 2015-08-12 18:54 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-07-16 19:11 . 2015-08-12 18:54 62976 ----a-w- c:\windows\system32\tsgqec.dll
2015-07-16 19:11 . 2015-08-12 18:54 7077376 ----a-w- c:\windows\system32\mstscax.dll
2015-07-16 19:11 . 2015-08-12 18:54 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll
2015-07-15 18:15 . 2015-08-12 18:54 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-15 18:10 . 2015-08-12 18:54 1743360 ----a-w- c:\windows\system32\sysmain.dll
2015-07-15 18:10 . 2015-08-12 18:54 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-07-15 03:19 . 2015-08-12 18:54 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-07-14 16:02 . 2015-07-14 16:02 520584 ----a-r- c:\users\Leslie\AppData\Roaming\Microsoft\Installer\{66A7710B-E19A-41B5-AF41-3097F7B4AA83}\UninstallTool.D01EB5D5_0EC4_4BDF_A131_1989F9F14A91.exe
2015-07-14 15:29 . 2015-07-14 15:29 520584 ----a-r- c:\users\Leslie\AppData\Roaming\Microsoft\Installer\{37E1C3A1-7DBF-4250-9314-46167B68383D}\UninstallTool.D01EB5D5_0EC4_4BDF_A131_1989F9F14A91.exe
2015-07-11 13:15 . 2015-08-12 18:54 429568 ----a-w- c:\windows\system32\wksprt.exe
2015-07-10 17:51 . 2015-08-12 18:53 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-07-09 17:57 . 2015-08-12 18:53 193536 ----a-w- c:\windows\system32\notepad.exe
2015-07-09 17:57 . 2015-08-12 18:53 193536 ----a-w- c:\windows\notepad.exe
2015-07-09 17:42 . 2015-08-12 18:53 179712 ----a-w- c:\windows\SysWow64\notepad.exe
2015-07-05 10:08 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-07-04 18:07 . 2015-07-15 16:39 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 16:39 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-07-02 14:33 . 2015-07-02 14:33 875928 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2015-07-02 14:33 . 2015-07-02 14:33 77536 ----a-w- c:\windows\system32\drivers\cfwids.sys
2015-07-02 14:33 . 2015-07-02 14:33 496888 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2015-07-02 14:33 . 2015-07-02 14:33 412440 ----a-w- c:\windows\system32\drivers\mfeaack.sys
2015-07-02 14:33 . 2015-07-02 14:33 347800 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2015-07-02 14:33 . 2015-07-02 14:33 344704 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2015-07-01 20:49 . 2015-08-12 18:53 260096 ----a-w- c:\windows\system32\WebClnt.dll
2015-07-01 20:48 . 2015-08-12 18:53 102912 ----a-w- c:\windows\system32\davclnt.dll
2015-07-01 20:30 . 2015-08-12 18:53 206848 ----a-w- c:\windows\SysWow64\WebClnt.dll
2015-07-01 20:30 . 2015-08-12 18:53 82432 ----a-w- c:\windows\SysWow64\davclnt.dll
2015-06-28 21:37 . 2015-06-28 21:37 529080 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2015-06-28 21:37 . 2015-06-28 21:37 20480 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2015-06-28 21:37 . 2015-06-28 21:37 109728 ----a-w- c:\windows\system32\drivers\mfencrk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2015-01-27 1310088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816]
"ADSKAppManager"="c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" [2015-09-07 523144]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"Dropbox"="c:\program files (x86)\Dropbox\Client\Dropbox.exe" [2015-08-14 39175960]
"ArchVision Dashboard"="c:\program files (x86)\ArchVision\Dashboard\Dashboard.exe" [2015-06-11 2520936]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-08-04 597552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2015-01-27 1310088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files (x86)\Common Files\Autodesk Shared\acstart16.exe [2004-8-10 10872]
NETGEAR A6210 Genie.lnk - c:\program files (x86)\NETGEAR\A6210\A6210.EXE [2015-1-21 6214488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 0059511442521444mcinstcleanup;McAfee Application Installer Cleanup (0059511442521444);c:\windows\TEMP\005951~1.EXE;c:\windows\TEMP\005951~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dbupdate;Dropbox Update Service (dbupdate);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RtlWlanu;ADD-NWU275v2 Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S2 AdAppMgrSvc;Autodesk Application Manager Service;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe ;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 mccspsvc;McAfee CSP Service;c:\program files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe;c:\program files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNeelUpdate;McNeel Update Service 5.0;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys;c:\windows\SYSNATIVE\drivers\McPvDrv.sys [x]
S2 mfemms;McAfee Service Controller;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe [x]
S2 msdotnetserv_v2050729;Microsoft .Net Framework v2.0.50729 ALP (X86);c:\program files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe;c:\program files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe [x]
S2 NetgearSwitchUSB;NetgearSwitchUSB;c:\program files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe;c:\program files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe [x]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 A6210;NETGEAR A6210 USB Wireless LAN Card Driver;c:\windows\system32\DRIVERS\A6210.sys;c:\windows\SYSNATIVE\DRIVERS\A6210.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mfeaack;McAfee Inc. mfeaack;c:\windows\system32\drivers\mfeaack.sys;c:\windows\SYSNATIVE\drivers\mfeaack.sys [x]
S3 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 mfesapsn;McAfee Process Start Notification Service;c:\program files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys;c:\program files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [x]
S3 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-27 18:41]
.
2015-09-18 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-23 08:54]
.
2015-09-14 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-23 08:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-02-20 1794704]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1712672]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\2i5y5qol.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Web Companion - c:\program files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Completion time: 2015-09-18 13:54:17 - machine was rebooted
ComboFix-quarantined-files.txt 2015-09-18 12:54
.
Pre-Run: 20,230,320,128 bytes free
Post-Run: 20,264,337,408 bytes free
.
- - End Of File - - 7D5631722D2757D03E9E656C8F9E4B4D
A36C5E4F47E84449FF07ED3517B43A31
Attached Files
File Type: txt ComboFix.txt (34.6 KB, 23 views)
fluiza is offline  
Old 09-18-2015, 02:09 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Fabiana. You're very welcome.

No need to attach logs going forward. Just copy/paste them directly into the Reply to Thread window. Thanks.

------------------------------------------------------

Please go to: VirusTotal
  • Click the Choose File button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\Qoobox\Quarantine\C\users\Leslie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfymeos.dll.vir

  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analysed: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
  • Please repeat for the following file:

    C:\AdwCleaner\Quarantine\C\Users\Leslie\AppData\Roaming\7KFuyO6V4x3wPBhoFriX.vir
------------------------------------------------------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :filefind
    dnsapi.dll
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-18-2015, 10:54 PM   #9
Registered Member
 
Join Date: Aug 2015
Posts: 19
OS: windows 7



Hi there

I ran the first file:
https://www.virustotal.com/en/file/b...is/1442641584/

The second file was not found
fluiza is offline  
Old 09-18-2015, 11:04 PM   #10
Registered Member
 
Join Date: Aug 2015
Posts: 19
OS: windows 7



And this is the SystemLook results. cheers, Fabiana

SystemLook 30.07.11 by jpshortstuff
Log created at 06:57 on 19/09/2015 by Leslie
Administrator - Elevation successful
========== filefind ==========
Searching for "dnsapi.dll"
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\dnsapi.dll --a---- 680256 bytes [10:30 10/07/2015] [10:30 10/07/2015] (Unable to calculate MD5)
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10240.16384_none_9d8c256ebdd2e48a\dnsapi.dll --a---- 680256 bytes [10:30 10/07/2015] [10:30 10/07/2015] (Unable to calculate MD5)
C:\Windows\System32\dnsapi.dll --a---- 357888 bytes [10:41 27/03/2015] [13:02 24/08/2015] D849F15BB233A76748C243F86824F48B
C:\Windows\SysWOW64\dnsapi.dll --a---- 270336 bytes [10:41 27/03/2015] [13:02 24/08/2015] F0E2C5C0074DB584F959D0248272BDCF
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll --a---- 357888 bytes [03:24 21/11/2010] [13:02 24/08/2015] 02E7C7162BB8CA92B7093EF19AA2E283
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsapi.dll --a---- 357888 bytes [10:41 27/03/2015] [13:02 24/08/2015] D849F15BB233A76748C243F86824F48B
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsapi.dll --a---- 357888 bytes [10:41 27/03/2015] [13:02 24/08/2015] 54545DE7B692CDFBA9EE6835C9E06120
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll --a---- 270336 bytes [03:24 21/11/2010] [13:02 24/08/2015] 18D1003DDE422E2B19711E008CE84C4E
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_4a184beecd8df1f1\dnsapi.dll --a---- 270336 bytes [10:41 27/03/2015] [13:02 24/08/2015] F0E2C5C0074DB584F959D0248272BDCF
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnsapi.dll --a---- 270336 bytes [10:41 27/03/2015] [13:02 24/08/2015] 7979730B4079C934EEE31078CDE72A5D
-= EOF =-
fluiza is offline  
Old 09-19-2015, 10:11 AM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Fabiana. Thanks. I need to see one more.

Please go to: VirusTotal
  • Click the Choose File button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    c:\windows\SysWow64\dnsapi.dll

  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analysed: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-19-2015, 10:24 AM   #12
Registered Member
 
Join Date: Aug 2015
Posts: 19
OS: windows 7



Hi there,

Here's the URL

https://www.virustotal.com/en/file/c...is/1442683255/
fluiza is offline  
Old 09-19-2015, 03:49 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Fabiana. Do you have access to another Win7 Pro(64-bit) machine with Service Pack 1?

If so, please follow these instructions on that machine:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :filefind
    dnsapi.dll
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-19-2015, 09:12 PM   #14
Registered Member
 
Join Date: Aug 2015
Posts: 19
OS: windows 7



Hello again, this is the log for a different machine, cheers, Fabiana

SystemLook 30.07.11 by jpshortstuff
Log created at 05:01 on 20/09/2015 by User
Administrator - Elevation successful
========== filefind ==========
Searching for "dnsapi.dll"
C:\Windows\System32\dnsapi.dll --a---- 357888 bytes [05:33 25/10/2011] [06:24 03/03/2011] 492D07D79E7024CA310867B526D9636D
C:\Windows\SysWOW64\dnsapi.dll --a---- 270336 bytes [05:33 25/10/2011] [05:38 03/03/2011] B40420876B9288E0A1C8CCA8A84E5DC9
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_3dd76e849c0a6a12\dnsapi.dll --a---- 356352 bytes [23:21 13/07/2009] [01:40 14/07/2009] 05A2D26ACF0939A4E97160315F1FA12E
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_3ddf452a9c04f6b8\dnsapi.dll --a---- 356352 bytes [05:33 25/10/2011] [06:17 03/03/2011] E247E7DEB20C0CF0801A8AC39E9CE1DF
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_3eabc3f7b4f01eb1\dnsapi.dll --a---- 356864 bytes [05:33 25/10/2011] [06:23 03/03/2011] B538E393F7FD85A054106FF21A4240EA
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll --a---- 357888 bytes [18:45 26/10/2011] [13:26 20/11/2010] A52B6CC24063CC83C78C0E6F24DEEC01
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsapi.dll --a---- 357888 bytes [05:33 25/10/2011] [06:24 03/03/2011] 492D07D79E7024CA310867B526D9636D
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsapi.dll --a---- 357888 bytes [05:33 25/10/2011] [06:12 03/03/2011] DCC0888655823103F19EF8FFD330080D
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_482c18d6d06b2c0d\dnsapi.dll --a---- 269824 bytes [23:12 13/07/2009] [01:15 14/07/2009] 6D5A49D6479EB753C7879F73A4C35E0F
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_4833ef7cd065b8b3\dnsapi.dll --a---- 269824 bytes [05:33 25/10/2011] [05:29 03/03/2011] 62390F4ACE9E2B63E3CA26B7F7497897
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_49006e49e950e0ac\dnsapi.dll --a---- 270336 bytes [05:33 25/10/2011] [05:50 03/03/2011] 11DD7EB4446F25C132D0D8527DDCAF4D
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll --a---- 270336 bytes [18:45 26/10/2011] [12:18 20/11/2010] 59DF156711A76BCB993253EC6C9BBF41
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_4a184beecd8df1f1\dnsapi.dll --a---- 270336 bytes [05:33 25/10/2011] [05:38 03/03/2011] B40420876B9288E0A1C8CCA8A84E5DC9
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnsapi.dll --a---- 270336 bytes [05:33 25/10/2011] [05:12 03/03/2011] 1F79F611109C2B97260B68FD6B4FC7DD
-= EOF =-
fluiza is offline  
Old 09-20-2015, 03:10 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Fabiana. Are you sure the other machine is Win7 Pro(64-bit) with Service Pack 1? Is it up to date with all Microsoft Updates?

We need a newer version of that file. Do you happen to have access to another, newer, machine? If not, I think I can get a newer version of that file from one of my machines at work, but it would be tomorrow before I can be sure.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-20-2015, 03:39 PM   #16
Registered Member
 
Join Date: Aug 2015
Posts: 19
OS: windows 7



Hello there,

Yes, I looked in control panel - system
Windows 7 Pro Service pack 1 64bit

I'm running any outstanding updates and will run systemlook again
fluiza is offline  
Old 09-20-2015, 04:32 PM   #17
Registered Member
 
Join Date: Aug 2015
Posts: 19
OS: windows 7



Ok, this is it - there were 8 outstanding updates and after installing them I ran SystemLook again. cheers, Fabiana

SystemLook 30.07.11 by jpshortstuff
Log created at 00:15 on 21/09/2015 by User
Administrator - Elevation successful
========== filefind ==========
Searching for "dnsapi.dll"
C:\Windows\System32\dnsapi.dll --a---- 357888 bytes [05:33 25/10/2011] [06:24 03/03/2011] 492D07D79E7024CA310867B526D9636D
C:\Windows\SysWOW64\dnsapi.dll --a---- 270336 bytes [05:33 25/10/2011] [05:38 03/03/2011] B40420876B9288E0A1C8CCA8A84E5DC9
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_3dd76e849c0a6a12\dnsapi.dll --a---- 356352 bytes [23:21 13/07/2009] [01:40 14/07/2009] 05A2D26ACF0939A4E97160315F1FA12E
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_3ddf452a9c04f6b8\dnsapi.dll --a---- 356352 bytes [05:33 25/10/2011] [06:17 03/03/2011] E247E7DEB20C0CF0801A8AC39E9CE1DF
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_3eabc3f7b4f01eb1\dnsapi.dll --a---- 356864 bytes [05:33 25/10/2011] [06:23 03/03/2011] B538E393F7FD85A054106FF21A4240EA
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll --a---- 357888 bytes [18:45 26/10/2011] [13:26 20/11/2010] A52B6CC24063CC83C78C0E6F24DEEC01
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsapi.dll --a---- 357888 bytes [05:33 25/10/2011] [06:24 03/03/2011] 492D07D79E7024CA310867B526D9636D
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsapi.dll --a---- 357888 bytes [05:33 25/10/2011] [06:12 03/03/2011] DCC0888655823103F19EF8FFD330080D
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_482c18d6d06b2c0d\dnsapi.dll --a---- 269824 bytes [23:12 13/07/2009] [01:15 14/07/2009] 6D5A49D6479EB753C7879F73A4C35E0F
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_4833ef7cd065b8b3\dnsapi.dll --a---- 269824 bytes [05:33 25/10/2011] [05:29 03/03/2011] 62390F4ACE9E2B63E3CA26B7F7497897
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_49006e49e950e0ac\dnsapi.dll --a---- 270336 bytes [05:33 25/10/2011] [05:50 03/03/2011] 11DD7EB4446F25C132D0D8527DDCAF4D
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll --a---- 270336 bytes [18:45 26/10/2011] [12:18 20/11/2010] 59DF156711A76BCB993253EC6C9BBF41
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_4a184beecd8df1f1\dnsapi.dll --a---- 270336 bytes [05:33 25/10/2011] [05:38 03/03/2011] B40420876B9288E0A1C8CCA8A84E5DC9
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnsapi.dll --a---- 270336 bytes [05:33 25/10/2011] [05:12 03/03/2011] 1F79F611109C2B97260B68FD6B4FC7DD
-= EOF =-
fluiza is offline  
Old 09-20-2015, 06:54 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Fabiana. You will need a USB stick for the following steps.

Navigate to, right-click and copy these files from the other machine, then right-click the USB stick and paste them there.

Quote:
c:\windows\System32\dnsapi.dll
c:\windows\SysWow64\dnsapi.dll
After pasting the first file to the USB stick, rename it to dnsapi1.dll(notice the 1)

Then transfer those files to your C:\ drive on the infected computer.

When you have accomplished that...
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :filefind
    dnsapi.dll
    dnsapi1.dll
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-21-2015, 09:23 AM   #19
Registered Member
 
Join Date: Aug 2015
Posts: 19
OS: windows 7



Hey there,

Here's the log, cheers, Fabiana

SystemLook 30.07.11 by jpshortstuff
Log created at 17:21 on 21/09/2015 by Leslie
Administrator - Elevation successful
========== filefind ==========
Searching for "dnsapi.dll"
C:\dnsapi.dll --a---- 270336 bytes [16:17 21/09/2015] [05:38 03/03/2011] B40420876B9288E0A1C8CCA8A84E5DC9
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\dnsapi.dll --a---- 680256 bytes [10:30 10/07/2015] [10:30 10/07/2015] (Unable to calculate MD5)
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10240.16384_none_9d8c256ebdd2e48a\dnsapi.dll --a---- 680256 bytes [10:30 10/07/2015] [10:30 10/07/2015] (Unable to calculate MD5)
C:\Windows\System32\dnsapi.dll --a---- 357888 bytes [10:41 27/03/2015] [13:02 24/08/2015] D849F15BB233A76748C243F86824F48B
C:\Windows\SysWOW64\dnsapi.dll --a---- 270336 bytes [10:41 27/03/2015] [13:02 24/08/2015] F0E2C5C0074DB584F959D0248272BDCF
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll --a---- 357888 bytes [03:24 21/11/2010] [13:02 24/08/2015] 02E7C7162BB8CA92B7093EF19AA2E283
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsapi.dll --a---- 357888 bytes [10:41 27/03/2015] [13:02 24/08/2015] D849F15BB233A76748C243F86824F48B
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsapi.dll --a---- 357888 bytes [10:41 27/03/2015] [13:02 24/08/2015] 54545DE7B692CDFBA9EE6835C9E06120
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll --a---- 270336 bytes [03:24 21/11/2010] [13:02 24/08/2015] 18D1003DDE422E2B19711E008CE84C4E
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_4a184beecd8df1f1\dnsapi.dll --a---- 270336 bytes [10:41 27/03/2015] [13:02 24/08/2015] F0E2C5C0074DB584F959D0248272BDCF
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnsapi.dll --a---- 270336 bytes [10:41 27/03/2015] [13:02 24/08/2015] 7979730B4079C934EEE31078CDE72A5D
Searching for "dnsapi1.dll"
C:\dnsapi1.dll --a---- 357888 bytes [16:18 21/09/2015] [06:24 03/03/2011] 492D07D79E7024CA310867B526D9636D
-= EOF =-
fluiza is offline  
Old 09-21-2015, 02:19 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Fabiana. Great job!

------------------------------------------------------

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:
FCopy::
c:\dnsapi1.dll | c:\windows\system32\dnsapi.dll
c:\dnsapi.dll | c:\windows\SysWow64\dnsapi.dll

File::
C:\Windows\SysWOW64\Drivers\igxkxz_586.set
C:\Windows\SysWOW64\Drivers\diusvhm262.dat
C:\Windows\d_oirotq229.ini
C:\Windows\SysWOW64\Drivers\ggxkxz_414.set
C:\Windows\SysWOW64\Drivers\fiusvhm381.dat
C:\Windows\i_oirotq582.ini

ClearJavaCache::

Folder::
c:\program files (x86)\Common Files\IObit
c:\program files (x86)\Lavasoft

DDS::
Trusted Zone: webcompanion.com

Registry::
[HKEY_USERS\S-1-5-21-1839603052-2887386497-1392975552-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Web Companion"=-

DirLook::
c:\users\User\AppData\Roaming\ppslog
c:\windows\system32\gigr
C:\WINDOWS\Tasks\ImCleanDisabled

Driver::
0059511442521444mcinstcleanup
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix.

If you are prompted to update ComboFix and have an internet connection, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:12 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts