Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Virus Alert from WIN10

This is a discussion on Virus Alert from WIN10 within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hi. I downloaded a program which immediately triggered Win10 with a voice activated alert to call a pre programmed number.


Closed Thread
 
Thread Tools Search this Thread
Old 02-09-2016, 03:59 AM   #1
Registered Member
 
Join Date: Feb 2016
Posts: 20
OS: Win 10



Hi. I downloaded a program which immediately triggered Win10 with a voice activated alert to call a pre programmed number. I was not sure it it was an virus in it self or not. I downloaded SuperAntispyware and ran it, detected over 1000+ malware and tracking cookies.

The problem experienced now is I think I might still have something,(non being picked up by Superantispyware or windows defender).

My screen whilst browsing the internet will get distorted and return normal afetr a few moments of panic, or if I have one program over the other open they will change position, program minimized will become full screen over the one I'm working on.

Below is the DDS.txt.

Attached find Attach.txt


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.20 BrowserJavaVersion: 11.73.2
Run by JoosS at 21:40:33 on 2016-02-09
Microsoft Windows 10 Home 10.0.10586.0.1252.1.1033.18.3983.1574 [GMT 10:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\Teco\TecoService.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
Attached Files
File Type: txt attach.txt (17.9 KB, 114 views)
JoosS is offline  
Sponsored Links
Advertisement
 
Old 02-12-2016, 08:54 PM   #2
Registered Member
 
Join Date: Feb 2016
Posts: 20
OS: Win 10



Anyone out their that can assist me with my virus/ spyware issues.
JoosS is offline  
Old 02-14-2016, 06:45 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please do not format or bold your logs.

Also, it appears you didn't post the entire DDS.txt log. Most of the bottom is missing.

Make sure you post entire logs going forward. Thanks.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 02-14-2016, 08:44 PM   #4
Registered Member
 
Join Date: Feb 2016
Posts: 20
OS: Win 10



AdwCleaner - Log File

# AdwCleaner v5.033 - Logfile created 15/02/2016 at 14:38:36
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : JoosS - JOOS
# Running from : C:\Users\JoosS\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\compfix
[-] Folder Deleted : C:\ProgramData\WindoWeatherConfig
[-] Folder Deleted : C:\ProgramData\{015bf6bb-3190-1}
[-] Folder Deleted : C:\ProgramData\{0624f7ed-0190-0}
[-] Folder Deleted : C:\ProgramData\{32401a03-095b-cdc8-3240-01a03095680c}
[-] Folder Deleted : C:\Users\JoosS\AppData\Local\MalwareProtectionLive
[-] Folder Deleted : C:\Users\JoosS\AppData\Local\TrailerTime
[-] Folder Deleted : C:\Users\JoosS\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder Deleted : C:\Users\JoosS\AppData\Roaming\mysites123
[-] Folder Deleted : C:\Users\JoosS\AppData\Roaming\TrailerTime
[-] Folder Deleted : C:\Users\JoosS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrailerTime
[-] Folder Deleted : C:\Users\JoosS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WindoWeather

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mysites123.xml
[-] File Deleted : C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
[-] File Deleted : C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage-journal
[-] File Deleted : C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\user.js

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [ExploreTech.exe]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [WindoWeather.exe]
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Key Deleted : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
[-] Key Deleted : HKLM\SOFTWARE\f1973def-aba4-26ba-0d42-7b716c815b39
[-] Key Deleted : HKLM\SOFTWARE\shopperz030220160925
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{f988423}
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FF10FED-2F0A-4F7F-BE87-B04F1DCD4319}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{1F91A9A1-01BA-4C81-863D-3BA0751E1419}]
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\TrailerTime
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key Deleted : HKLM\SOFTWARE\ihpmserver
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\WindoWeather
[-] Key Deleted : HKLM\SOFTWARE\mysites123Software
[-] Key Deleted : HKLM\SOFTWARE\RayDld
[-] Key Deleted : HKLM\SOFTWARE\WindoWeather
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysites123
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TrailerTime
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindoWeather
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{24e6215e-5224-4bb2-b65f-09f305788f6a} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{d92d2e84-14c4-43b5-aa6f-27b07be4c2f5} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{dca0e6f2-5bff-4159-830a-768c584f4003} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{24e6215e-5224-4bb2-b65f-09f305788f6a} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{d92d2e84-14c4-43b5-aa6f-27b07be4c2f5} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{dca0e6f2-5bff-4159-830a-768c584f4003} [NameServer]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istartsurf.com
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [TrailerTime]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WindoWeather]

***** [ Web browsers ] *****

[-] [C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\prefs.js] [Preference] Deleted : user_pref("browser.search.hiddenOneOffs", "mysites123");
[-] [C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1", "WebSearch");
[-] [C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[-] [C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[-] [C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\prefs.js] [Preference] Deleted : user_pref("extensions.EFRB1tWrRxE5WiCb.scode", "(function(){try{if(window.location.href.indexOf(\"rjg5qjYHqHkEqdY8qHw4rjk5qHC\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\prefs.js] [Preference] Deleted : user_pref("extensions.KUH8YokwogVbaTl7.scode", "(function(){try{if(window.location.href.indexOf(\"rjg5qjYHqHkEqdY8qHw4rjk5qHC\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\prefs.js] [Preference] Deleted : user_pref("extensions.WrawuTysx1jjMp2y.scode", "(function(){try{if(window.location.href.indexOf(\"rjg5qjYHqHkEqdY8qHw4rjk5qHC\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\prefs.js] [Preference] Deleted : user_pref("extensions.aofhFY9d31kFbNI3.scode", "(function(){try{if(window.location.href.indexOf(\"rjg5qjYHqHkEqdY8qHw4rjk5qHC\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\prefs.js] [Preference] Deleted : user_pref("extensions.cFDfDnyg6fgrrqg1.scode", "(function(){try{if(window.location.href.indexOf(\"rjg5qjYHqHkEqdY8qHw4rjk5qHC\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\prefs.js] [Preference] Deleted : user_pref("extensions.grzm3JOmdaINMXX6.scode", "(function(){try{if(window.location.href.indexOf(\"rjg5qjYHqHkEqdY8qHw4rjk5qHC\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.enable_search1", false);
[-] [C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[-] [C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\prefs.js] [Preference] Deleted : user_pref("extensions.uFVXT846ScO6psAl.scode", "(function(){try{if(window.location.href.indexOf(\"rjg5qjYHqHkEqdY8qHw4rjk5qHC\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\prefs.js] [Preference] Deleted : user_pref("extensions.wips.stats.last_false_url", "www.istartsurf.com");
[-] [C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\prefs.js] [Preference] Deleted : user_pref("{93611CAD-B11B-4BA2-bCCE-3199218512E0}.ScriptData_VBATES_executeCode", "not set");
[-] [C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\prefs.js] [Preference] Deleted : user_pref("{93611CAD-B11B-4BA2-bCCE-3199218512E0}.ScriptData_VBATES_lastUpdate", "14544878684338641454487868435");
[-] [C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\prefs.js] [Preference] Deleted : user_pref("{93611CAD-B11B-4BA2-bCCE-3199218512E0}.ScriptData_VBATES_redirectURL", "not set");
[-] [C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\prefs.js] [Preference] Deleted : user_pref("{93611CAD-B11B-4BA2-bCCE-3199218512E0}.ScriptData_VBATES_referer", "not set");
[-] [C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\prefs.js] [Preference] Deleted : user_pref("{93611CAD-B11B-4BA2-bCCE-3199218512E0}.ScriptData_VBATES_status", "active");
[-] [C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\prefs.js] [Preference] Deleted : user_pref("{93611CAD-B11B-4BA2-bCCE-3199218512E0}.ScriptData_VBATES_whiteList", "not set");
[-] [C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\prefs.js] [Preference] Deleted : user_pref("{93611CAD-B11B-4BA2-bCCE-3199218512E0}.ScriptData_installer_name", "vbates_brwyauex-00-Brodyone_.exe");
[-] [C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\prefs.js] [Preference] Deleted : user_pref("{93611CAD-B11B-4BA2-bCCE-3199218512E0}.ScriptData_temp_installer_name", "vbates_brwyauex-00-Brodyone_.exe");
[-] [C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.istartsurf.com/webfavicon.ico
[-] [C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd
[-] [C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ogminpmldncgcmokldnmmapddoccmhfl

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [11686 bytes] ##########
JoosS is offline  
Old 02-14-2016, 08:48 PM   #5
Registered Member
 
Join Date: Feb 2016
Posts: 20
OS: Win 10



Full DDS.txt, missed quite a bit . My apologies. :-)

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.20 BrowserJavaVersion: 11.73.2
Run by JoosS at 21:40:33 on 2016-02-09
Microsoft Windows 10 Home 10.0.10586.0.1252.1.1033.18.3983.1574 [GMT 10:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\Teco\TecoService.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
C:\Program Files\TOSHIBA\Teco\TecoResident.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\JoosS\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\WinZip\FAHWindow64.exe
C:\Program Files\WinZip\WZUpdateNotifier.exe
C:\Program Files\WinZip\WzPreloader.exe
C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
C:\Users\JoosS\AppData\Roaming\TrailerTime\TrailerTime.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Users\JoosS\AppData\Roaming\TrailerTime\TrailerTime.exe
C:\Users\JoosS\AppData\Roaming\TrailerTime\TrailerTime.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\vssvc.exe
C:\WINDOWS\System32\svchost.exe -k swprv
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = Google
uDefault_Page_URL = Google
uDefault_Search_URL = Google
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\JoosS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GoogleChromeAutoLaunch_7AFF00F9C64263A54230E6321221B852] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [BingSvc] C:\Users\JoosS\AppData\Local\Microsoft\BingSvc\BingSvc.exe
uRun: [OneDrive] "C:\Users\JoosS\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [TSVU] "c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe"
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [WindoWeather] "C:\Program Files (x86)\WindoWeather\WindoWeather.exe" monetize
mRun: [TrailerTime] C:\Users\JoosS\AppData\Roaming\TrailerTime\TrailerTime.exe su
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
StartupFolder: C:\Users\JoosS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\FAH.lnk - C:\Program Files\WinZip\FAHConsole.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\UPDATE~1.LNK - C:\Program Files\WinZip\WZUpdateNotifier.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\WINZIP~1.LNK - C:\Program Files\WinZip\WzPreloader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{24e6215e-5224-4bb2-b65f-09f305788f6a} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{dca0e6f2-5bff-4159-830a-768c584f4003} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = Google
x64-mSearch Page = Google
x64-mDefault_Page_URL = Google
x64-mDefault_Search_URL = Google
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll
x64-Run: [TCrdMain] C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [TSSSrv] C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.au/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
FF - plugin: C:\Users\JoosS\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
R0 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\WINDOWS\System32\drivers\TVALZFL.sys [2014-10-29 17208]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-10-30 87040]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-23 172344]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-10-7 77104]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2014-3-19 319104]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2016-1-8 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2016-1-8 1773696]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2015-1-7 2787512]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-7-17 235008]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2015-9-27 328624]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-7-2 733696]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2015-8-31 246472]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2016-1-8 2869040]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\Teco\TecoService.exe [2013-9-14 347488]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 BtFilter;BtFilter;C:\WINDOWS\System32\drivers\btfilter.sys [2015-5-28 604776]
R3 CeKbFilter;CeKbFilter;C:\WINDOWS\System32\drivers\CeKbFilter.sys [2014-10-29 20312]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-8-21 463112]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-7-30 38976]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2015-8-3 25816]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\WINDOWS\System32\drivers\RtsP2Stor.sys [2015-6-9 310528]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\drivers\Rt630x64.sys [2014-10-29 839896]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2015-8-31 42696]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 TMachInfo;TMachInfo;C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2015-12-8 53040]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2014-2-15 469064]
R3 TXEIx64;Intel(R) Trusted Execution Engine Interface ;C:\WINDOWS\System32\drivers\TXEIx64.sys [2014-1-16 88592]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-29 143144]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S2 Garmin Device Interaction Service;Garmin Device Interaction Service;C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [2016-1-28 803856]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-8-3 1133880]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-12-27 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-29 143144]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2014-10-29 169752]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2013-12-27 50240]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-7-2 822232]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2015-8-3 64216]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
S3 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-10-30 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-10-30 254816]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-10-30 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-10-30 694784]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-10-30 216064]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-10-30 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-10-30 26112]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2016-02-09 08:17:53 -------- d-----w- C:\Users\JoosS\AppData\Roaming\WinBatch
2016-02-09 08:03:08 0 ----a-w- C:\WINDOWS\SysWow64\RENEE3D.tmp
2016-02-09 08:00:02 -------- d-----w- C:\Users\JoosS\.oracle_jre_usage
2016-02-05 04:04:16 -------- d-----w- C:\Users\JoosS\AppData\Roaming\SUPERAntiSpyware.com
2016-02-05 04:04:01 -------- d---a-w- C:\Program Files\SUPERAntiSpyware
2016-02-05 04:04:01 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2016-02-04 22:52:32 144 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-04 07:36:36 -------- d-----w- C:\ProgramData\WindoWeatherConfig
2016-02-03 08:14:17 -------- d-----w- C:\uninst
2016-02-03 08:04:14 -------- d-----w- C:\Users\JoosS\AppData\Local\TrailerTime
2016-02-03 08:03:50 -------- d-----w- C:\Users\JoosS\AppData\Roaming\TrailerTime
2016-02-03 07:58:59 -------- d-----w- C:\Users\JoosS\AppData\Roaming\mysites123
2016-02-03 07:58:15 -------- d-----w- C:\ProgramData\07352a49-6697-1
2016-02-03 07:58:15 -------- d-----w- C:\ProgramData\07352a49-12f7-0
2016-02-02 17:18:56 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A3A4213C-ADAE-41B0-94BC-495C35026474}\gapaengine.dll
2016-02-02 17:18:32 11154520 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F2D017F0-70D8-4F8B-8391-ABEEE41FDF65}\mpengine.dll
2016-02-01 18:12:20 11154520 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2016-01-29 14:16:27 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{28C7266A-D3E6-4AF6-B5DD-D6DBD6EA60DA}\gapaengine.dll
2016-01-28 15:46:59 6297088 ----a-w- C:\WINDOWS\SysWow64\mos.dll
2016-01-20 19:33:15 -------- d-----w- C:\Program Files (x86)\Million Dollar Pips
2016-01-20 19:32:35 -------- d-----w- C:\Users\JoosS\AppData\Roaming\EAInstall
2016-01-20 19:28:31 -------- d---a-w- C:\Program Files (x86)\OANDA - MetaTrader
2016-01-19 10:51:29 -------- d---a-w- C:\Program Files (x86)\MetaTrader - Pepperstone
2016-01-12 22:28:01 2180128 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2016-01-12 22:28:00 3428864 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2016-01-12 22:26:59 275968 ----a-w- C:\WINDOWS\System32\facecredentialprovider.dll
.
==================== Find3M ====================
.
2016-02-09 08:00:47 110176 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge-64.dll
2016-02-04 22:39:41 113880 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-01-16 06:37:05 202472 ----a-w- C:\WINDOWS\System32\wscapi.dll
2016-01-16 06:36:40 713568 ----a-w- C:\WINDOWS\System32\invagent.dll
2016-01-16 06:36:31 1173344 ----a-w- C:\WINDOWS\System32\aeinv.dll
2016-01-16 06:34:51 513888 ----a-w- C:\WINDOWS\System32\devinv.dll
2016-01-16 06:24:34 538632 ----a-w- C:\WINDOWS\System32\WWanAPI.dll
2016-01-16 06:23:47 8728920 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2016-01-16 06:23:44 369912 ----a-w- C:\WINDOWS\System32\audiodg.exe
2016-01-16 06:23:37 536256 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2016-01-16 06:23:36 848160 ----a-w- C:\WINDOWS\System32\mfsvr.dll
2016-01-16 06:23:35 785088 ----a-w- C:\WINDOWS\System32\evr.dll
2016-01-16 06:23:33 408120 ----a-w- C:\WINDOWS\System32\AUDIOKSE.dll
2016-01-16 06:21:33 1750440 ----a-w- C:\WINDOWS\System32\WpcMon.exe
2016-01-16 06:20:58 6600904 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2016-01-16 06:20:56 431240 ----a-w- C:\WINDOWS\SysWow64\WWanAPI.dll
2016-01-16 06:20:12 6971752 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2016-01-16 06:20:01 652312 ----a-w- C:\WINDOWS\SysWow64\evr.dll
2016-01-16 06:20:00 366224 ----a-w- C:\WINDOWS\SysWow64\AUDIOKSE.dll
2016-01-16 06:19:59 709688 ----a-w- C:\WINDOWS\SysWow64\mfsvr.dll
2016-01-16 06:19:58 405568 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2016-01-16 06:16:49 5238360 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2016-01-16 06:13:32 1998168 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-01-16 06:13:24 576864 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-01-16 06:12:49 1415200 ----a-w- C:\WINDOWS\System32\msctf.dll
2016-01-16 06:09:25 1089880 ----a-w- C:\WINDOWS\System32\drivers\http.sys
2016-01-16 06:08:56 440152 ----a-w- C:\WINDOWS\System32\services.exe
2016-01-16 06:08:06 1174008 ----a-w- C:\WINDOWS\SysWow64\msctf.dll
2016-01-16 05:46:08 67072 ----a-w- C:\WINDOWS\System32\drivers\usbser.sys
2016-01-16 05:45:13 16986112 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2016-01-16 05:44:38 13824 ----a-w- C:\WINDOWS\System32\rastlsext.dll
2016-01-16 05:44:28 22394368 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-01-16 05:44:25 166400 ----a-w- C:\WINDOWS\System32\MusNotification.exe
2016-01-16 05:43:19 97280 ----a-w- C:\WINDOWS\System32\winhttpcom.dll
2016-01-16 05:42:37 13824 ----a-w- C:\WINDOWS\System32\sscoreext.dll
2016-01-16 05:42:18 120320 ----a-w- C:\WINDOWS\System32\MapsBtSvc.dll
2016-01-16 05:41:11 55296 ----a-w- C:\WINDOWS\System32\MusNotificationUx.exe
2016-01-16 05:40:46 49152 ----a-w- C:\WINDOWS\System32\pcaui.exe
2016-01-16 05:40:12 106496 ----a-w- C:\WINDOWS\System32\rasauto.dll
2016-01-16 05:40:11 19456 ----a-w- C:\WINDOWS\System32\rasautou.exe
2016-01-16 05:40:05 11545088 ----a-w- C:\WINDOWS\System32\twinui.dll
2016-01-16 05:39:18 149504 ----a-w- C:\WINDOWS\System32\FilterDS.dll
2016-01-16 05:38:42 406528 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2016-01-16 05:38:26 7979008 ----a-w- C:\WINDOWS\System32\mos.dll
2016-01-16 05:38:22 193024 ----a-w- C:\WINDOWS\System32\SimCfg.dll
2016-01-16 05:38:18 130560 ----a-w- C:\WINDOWS\System32\winbio.dll
2016-01-16 05:37:47 73728 ----a-w- C:\WINDOWS\System32\SMSRouter.dll
2016-01-16 05:37:43 190464 ----a-w- C:\WINDOWS\System32\wscsvc.dll
2016-01-16 05:37:00 617984 ----a-w- C:\WINDOWS\System32\StorSvc.dll
2016-01-16 05:37:00 274944 ----a-w- C:\WINDOWS\System32\DisplayManager.dll
2016-01-16 05:36:57 475648 ----a-w- C:\WINDOWS\System32\DDDS.dll
2016-01-16 05:36:46 160768 ----a-w- C:\WINDOWS\System32\SimAuth.dll
2016-01-16 05:36:17 638464 ----a-w- C:\WINDOWS\System32\enterprisecsps.dll
2016-01-16 05:36:06 11776 ----a-w- C:\WINDOWS\SysWow64\rastlsext.dll
2016-01-16 05:35:03 13018624 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2016-01-16 05:34:59 590848 ----a-w- C:\WINDOWS\System32\SmsRouterSvc.dll
2016-01-16 05:34:55 79360 ----a-w- C:\WINDOWS\SysWow64\winhttpcom.dll
2016-01-16 05:34:38 477696 ----a-w- C:\WINDOWS\System32\srcore.dll
2016-01-16 05:34:33 275456 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll
2016-01-16 05:34:25 610816 ----a-w- C:\WINDOWS\System32\rastls.dll
2016-01-16 05:33:53 87040 ----a-w- C:\WINDOWS\SysWow64\MapsBtSvc.dll
2016-01-16 05:33:08 726528 ----a-w- C:\WINDOWS\System32\wlidcli.dll
2016-01-16 05:33:08 574976 ----a-w- C:\WINDOWS\System32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-16 05:32:30 41984 ----a-w- C:\WINDOWS\SysWow64\pcaui.exe
2016-01-16 05:32:13 621568 ----a-w- C:\WINDOWS\System32\wbiosrvc.dll
2016-01-16 05:31:58 343552 ----a-w- C:\WINDOWS\System32\SensorsApi.dll
2016-01-16 05:31:54 17408 ----a-w- C:\WINDOWS\SysWow64\rasautou.exe
2016-01-16 05:31:36 851456 ----a-w- C:\WINDOWS\System32\MapsStore.dll
2016-01-16 05:31:30 794112 ----a-w- C:\WINDOWS\System32\winhttp.dll
2016-01-16 05:31:28 440320 ----a-w- C:\WINDOWS\System32\CredProvDataModel.dll
2016-01-16 05:30:35 2127360 ----a-w- C:\WINDOWS\System32\inetcpl.cpl
2016-01-16 05:30:19 157696 ----a-w- C:\WINDOWS\SysWow64\SimCfg.dll
2016-01-16 05:30:18 93696 ----a-w- C:\WINDOWS\SysWow64\winbio.dll
2016-01-16 05:30:06 1053696 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2016-01-16 05:29:56 1500672 ----a-w- C:\WINDOWS\System32\RecoveryDrive.exe
2016-01-16 05:29:06 200704 ----a-w- C:\WINDOWS\SysWow64\DisplayManager.dll
2016-01-16 05:28:52 129024 ----a-w- C:\WINDOWS\SysWow64\SimAuth.dll
2016-01-16 05:28:14 884736 ----a-w- C:\WINDOWS\System32\rasdlg.dll
2016-01-16 05:28:03 2624512 ----a-w- C:\WINDOWS\System32\InputService.dll
2016-01-16 05:28:02 9918976 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2016-01-16 05:28:02 1318912 ----a-w- C:\WINDOWS\System32\wifinetworkmanager.dll
2016-01-16 05:26:52 535040 ----a-w- C:\WINDOWS\SysWow64\rastls.dll
2016-01-16 05:26:14 345600 ----a-w- C:\WINDOWS\System32\TextInputFramework.dll
2016-01-16 05:26:11 260608 ----a-w- C:\WINDOWS\System32\MTFServer.dll
2016-01-16 05:26:09 175616 ----a-w- C:\WINDOWS\System32\Windows.UI.Core.TextInput.dll
2016-01-16 05:25:59 235008 ----a-w- C:\WINDOWS\System32\MTF.dll
2016-01-16 05:25:39 510976 ----a-w- C:\WINDOWS\SysWow64\wlidcli.dll
2016-01-16 05:25:21 457728 ----a-w- C:\WINDOWS\System32\ipnathlp.dll
2016-01-16 05:24:56 2057216 ----a-w- C:\WINDOWS\System32\wlidsvc.dll
2016-01-16 05:24:44 273408 ----a-w- C:\WINDOWS\SysWow64\SensorsApi.dll
2016-01-16 05:24:29 18678272 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2016-01-16 05:24:13 613888 ----a-w- C:\WINDOWS\SysWow64\winhttp.dll
2016-01-16 05:24:13 350720 ----a-w- C:\WINDOWS\SysWow64\CredProvDataModel.dll
2016-01-16 05:23:07 2050048 ----a-w- C:\WINDOWS\SysWow64\inetcpl.cpl
2016-01-16 05:20:40 1944576 ----a-w- C:\WINDOWS\SysWow64\InputService.dll
2016-01-16 05:20:38 2597888 ----a-w- C:\WINDOWS\System32\NetworkMobileSettings.dll
2016-01-16 05:20:22 799744 ----a-w- C:\WINDOWS\SysWow64\rasdlg.dll
2016-01-16 05:20:18 7199232 ----a-w- C:\WINDOWS\System32\BingMaps.dll
2016-01-16 05:19:33 733184 ----a-w- C:\WINDOWS\System32\rasapi32.dll
2016-01-16 05:19:08 162816 ----a-w- C:\WINDOWS\SysWow64\MTF.dll
.
============= FINISH: 21:40:53.39 ===============
JoosS is offline  
Old 02-14-2016, 09:03 PM   #6
Registered Member
 
Join Date: Feb 2016
Posts: 20
OS: Win 10



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by JoosS (administrator) on JOOS (15-02-2016 14:55:57)
Running from C:\Users\JoosS\Desktop
Loaded Profiles: JoosS (Available Profiles: JoosS)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
( 2015 Microsoft Corporation) C:\Users\JoosS\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAHWindow64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Nico Mak Computing) C:\Program Files\WinZip\WZUpdateNotifier.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-09] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-05] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-22] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-08-31] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-06] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952376 2015-12-22] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
HKU\S-1-5-21-35990545-1199930793-1543886939-1001\...\Run: [Google Update] => C:\Users\JoosS\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-35990545-1199930793-1543886939-1001\...\Run: [GoogleChromeAutoLaunch_7AFF00F9C64263A54230E6321221B852] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748872 2016-02-09] (Google Inc.)
HKU\S-1-5-21-35990545-1199930793-1543886939-1001\...\Run: [BingSvc] => C:\Users\JoosS\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-13] ( 2015 Microsoft Corporation)
HKU\S-1-5-21-35990545-1199930793-1543886939-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-35990545-1199930793-1543886939-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-35990545-1199930793-1543886939-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2016-01-22] (SUPERAntiSpyware)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-12-22]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2015-12-22]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-12-22]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\JoosS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-11-11]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{24e6215e-5224-4bb2-b65f-09f305788f6a}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{d92d2e84-14c4-43b5-aa6f-27b07be4c2f5}: [DhcpNameServer] 82.163.143.164
Tcpip\..\Interfaces\{dca0e6f2-5bff-4159-830a-768c584f4003}: [DhcpNameServer] 82.163.143.164

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\S-1-5-21-35990545-1199930793-1543886939-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.mytoshiba.com.au/start
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-35990545-1199930793-1543886939-1001 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-35990545-1199930793-1543886939-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-35990545-1199930793-1543886939-1001 -> {1BA709E6-78C1-4C26-BC02-46DD4950DA31} URL =
SearchScopes: HKU\S-1-5-21-35990545-1199930793-1543886939-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-35990545-1199930793-1543886939-1001 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-09] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-09] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-09] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-09] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxps://www.google.com.au/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-09] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-07] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-35990545-1199930793-1543886939-1001: @tools.google.com/Google Update;version=3 -> C:\Users\JoosS\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-35990545-1199930793-1543886939-1001: @tools.google.com/Google Update;version=9 -> C:\Users\JoosS\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Extension: Adblock Plus - C:\Users\JoosS\AppData\Roaming\Mozilla\Firefox\Profiles\28b3n4no.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-16]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchKeyword: Default -> google.com.au
CHR Profile: C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04] [UpdateUrl: hxxps://mynamedomain.koko/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Docs) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] [UpdateUrl: hxxps://mynamedomain.koko/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-18] [UpdateUrl: hxxps://mynamedomain.koko/00service/update2/crx] <==== ATTENTION
CHR Extension: (AdThwart Legacy) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpcpblpdkddoicgechaickbldbieccko [2015-01-07]
CHR Extension: (Adblock Plus) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-18] [UpdateUrl: hxxps://mynamedomain.koko/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Search) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Google Sheets) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04] [UpdateUrl: hxxps://mynamedomain.koko/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Docs Offline) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21]
CHR Extension: (WidgetBlock) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiihiookhijpbhaflohognbhmamdnol [2016-02-12]
CHR Extension: (Flashcontrol) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-07-15] [UpdateUrl: hxxps://mynamedomain.koko/00service/update2/crx] <==== ATTENTION
CHR Extension: (AdSweep) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\milkhonmecplandlkfbjplfbdenjlkmp [2015-01-07]
CHR Extension: (Gmail) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-03-19] (Windows (R) Win 7 DDK provider) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-09] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-09] (Dropbox, Inc.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-17] (TODO: <Company name>) [File not signed]
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328624 2015-09-27] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-08-31] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4342936 2015-11-10] (Qualcomm Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-09] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-31] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-15 14:55 - 2016-02-15 14:56 - 00025187 _____ C:\Users\JoosS\Desktop\FRST.txt
2016-02-15 14:55 - 2016-02-15 14:55 - 00000000 ____D C:\FRST
2016-02-15 14:54 - 2016-02-15 14:55 - 02370560 _____ (Farbar) C:\Users\JoosS\Desktop\FRST64.exe
2016-02-15 14:35 - 2016-02-15 14:38 - 00000000 ____D C:\AdwCleaner
2016-02-15 14:33 - 2016-02-15 14:35 - 01508352 _____ C:\Users\JoosS\Desktop\AdwCleaner.exe
2016-02-12 11:30 - 2016-02-12 11:30 - 00000000 ____D C:\SUPERDelete
2016-02-12 11:24 - 2016-02-12 11:24 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-02-12 11:22 - 2016-02-12 11:22 - 00003882 _____ C:\WINDOWS\System32\Tasks\{BAA78AE3-CE3E-61CA-02A0-F818B005640F}
2016-02-12 11:22 - 2016-02-12 11:22 - 00000000 ____D C:\ProgramData\18f8a002-7257-0
2016-02-12 11:22 - 2016-02-12 11:22 - 00000000 ____D C:\ProgramData\18f8a002-43e5-0
2016-02-12 11:21 - 2016-02-12 11:21 - 00000000 ____D C:\ProgramData\64571f72
2016-02-10 19:32 - 2016-01-27 15:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-10 19:32 - 2016-01-27 15:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 19:32 - 2016-01-27 15:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 19:32 - 2016-01-27 15:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-10 19:32 - 2016-01-27 14:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 19:32 - 2016-01-27 14:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 19:32 - 2016-01-27 14:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 19:32 - 2016-01-27 14:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 19:31 - 2016-01-29 16:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-10 19:31 - 2016-01-29 16:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-10 19:31 - 2016-01-27 16:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 19:31 - 2016-01-27 16:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 19:31 - 2016-01-27 16:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-10 19:31 - 2016-01-27 16:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 19:31 - 2016-01-27 16:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 19:31 - 2016-01-27 15:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-10 19:31 - 2016-01-27 15:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 19:31 - 2016-01-27 15:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-10 19:31 - 2016-01-27 15:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-10 19:31 - 2016-01-27 15:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-10 19:31 - 2016-01-27 15:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 19:31 - 2016-01-27 15:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 19:31 - 2016-01-27 15:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-10 19:31 - 2016-01-27 15:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-10 19:31 - 2016-01-27 15:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-10 19:31 - 2016-01-27 15:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-10 19:31 - 2016-01-27 15:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 19:31 - 2016-01-27 15:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 19:31 - 2016-01-27 14:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 19:31 - 2016-01-27 14:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 19:31 - 2016-01-27 14:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 19:31 - 2016-01-27 14:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 19:31 - 2016-01-27 14:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 19:31 - 2016-01-27 14:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 19:31 - 2016-01-27 14:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 19:31 - 2016-01-27 14:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 19:31 - 2016-01-27 14:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 19:31 - 2016-01-27 14:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 19:31 - 2016-01-27 14:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 19:31 - 2016-01-27 14:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 19:31 - 2016-01-27 14:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-10 19:30 - 2016-01-27 15:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-10 19:30 - 2016-01-27 15:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 19:30 - 2016-01-27 15:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-10 19:30 - 2016-01-27 15:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-10 19:30 - 2016-01-27 15:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-10 19:30 - 2016-01-27 15:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 19:30 - 2016-01-27 15:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-10 19:30 - 2016-01-27 15:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-10 19:30 - 2016-01-27 15:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-10 19:30 - 2016-01-27 15:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 19:30 - 2016-01-27 15:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 19:30 - 2016-01-27 15:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 19:30 - 2016-01-27 15:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 19:30 - 2016-01-27 15:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-10 19:30 - 2016-01-27 15:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-10 19:30 - 2016-01-27 15:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-10 19:30 - 2016-01-27 15:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 19:30 - 2016-01-27 15:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 19:30 - 2016-01-27 15:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 19:30 - 2016-01-27 14:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-10 19:30 - 2016-01-27 14:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-10 19:30 - 2016-01-27 14:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 19:30 - 2016-01-27 14:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-10 19:30 - 2016-01-27 14:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-10 19:16 - 2016-02-10 19:16 - 00000000 ____D C:\ProgramData\Compal
2016-02-09 21:41 - 2016-02-09 21:41 - 00018341 _____ C:\Users\JoosS\Desktop\attach.txt
2016-02-09 21:41 - 2016-02-09 21:40 - 00039346 _____ C:\Users\JoosS\Desktop\dds.txt
2016-02-09 21:37 - 2016-02-09 21:37 - 00688992 ____R (Swearware) C:\Users\JoosS\Downloads\dds.scr
2016-02-09 18:17 - 2016-02-09 18:17 - 00000000 ____D C:\Users\JoosS\AppData\Roaming\WinBatch
2016-02-09 18:03 - 2016-02-09 18:03 - 00000000 _____ C:\WINDOWS\SysWOW64\RENEE3D.tmp
2016-02-09 18:00 - 2016-02-09 18:01 - 00000000 ____D C:\Users\JoosS\.oracle_jre_usage
2016-02-09 18:00 - 2016-02-09 18:00 - 00000000 ____D C:\Users\JoosS\AppData\Roaming\Sun
2016-02-07 20:11 - 2016-02-07 21:32 - 00000000 ____D C:\Users\JoosS\Desktop\Foto's for picture frame
2016-02-05 14:04 - 2016-02-15 14:04 - 00000520 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 9bea59ce-6d52-4ddb-9ec8-067c30451bb7.job
2016-02-05 14:04 - 2016-02-15 02:00 - 00000520 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 92a35a23-8fb4-4739-9808-bd681e26ced7.job
2016-02-05 14:04 - 2016-02-05 14:04 - 00003738 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 92a35a23-8fb4-4739-9808-bd681e26ced7
2016-02-05 14:04 - 2016-02-05 14:04 - 00003656 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 9bea59ce-6d52-4ddb-9ec8-067c30451bb7
2016-02-05 14:04 - 2016-02-05 14:04 - 00001860 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-02-05 14:04 - 2016-02-05 14:04 - 00000000 ____D C:\Users\JoosS\AppData\Roaming\SUPERAntiSpyware.com
2016-02-05 14:04 - 2016-02-05 14:04 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-02-05 14:04 - 2016-02-05 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-02-05 14:04 - 2016-02-05 14:04 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-02-05 14:02 - 2016-02-05 14:03 - 24481920 _____ (SUPERAntiSpyware) C:\Users\JoosS\Downloads\SUPERAntiSpyware.exe
2016-02-05 09:22 - 2016-02-05 09:25 - 52988120 _____ (Microsoft Corporation) C:\Users\JoosS\Downloads\Windows-KB890830-x64-V5.32.exe
2016-02-05 08:52 - 2016-02-05 08:52 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-03 18:29 - 2016-02-12 12:27 - 00265906 _____ C:\WINDOWS\ntbtlog.txt
2016-02-03 18:14 - 2016-02-04 17:46 - 00000000 ____D C:\uninst
2016-02-03 18:14 - 2016-02-03 18:14 - 00003402 _____ C:\WINDOWS\System32\Tasks\Uyzhlooe
2016-02-03 18:14 - 2016-02-03 18:14 - 00000000 ____D C:\Users\JoosS\AppData\LocalLow\Company
2016-02-03 17:58 - 2016-02-12 11:22 - 00000000 ____D C:\ProgramData\07352a49-6697-1
2016-02-03 17:58 - 2016-02-12 11:22 - 00000000 ____D C:\ProgramData\07352a49-12f7-0
2016-02-03 17:58 - 2016-02-03 17:58 - 00026414 _____ C:\WINDOWS\System32\Tasks\DNSNAPOLEON
2016-02-03 17:58 - 2016-02-03 17:58 - 00022666 _____ C:\WINDOWS\System32\Tasks\{090D0D47-0B0E-7E0C-0E11-0508790E117A}
2016-02-03 17:58 - 2016-02-03 17:58 - 00003834 _____ C:\WINDOWS\System32\Tasks\DNS Monitoring
2016-02-03 17:19 - 2016-02-03 17:19 - 01083606 _____ C:\Users\JoosS\Downloads\Global Trade Station 2 Downloa Downloader.rar
2016-02-03 16:43 - 2016-02-03 18:07 - 00000000 ____D C:\Users\JoosS\Desktop\Newest Arb
2016-02-03 03:43 - 2016-02-03 03:43 - 00001974 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-02-03 03:43 - 2016-02-03 03:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-01-29 01:47 - 2016-01-16 16:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-29 01:47 - 2016-01-16 16:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-29 01:47 - 2016-01-16 15:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-29 01:47 - 2016-01-16 15:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-29 01:46 - 2016-01-16 16:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-29 01:46 - 2016-01-16 16:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-29 01:46 - 2016-01-16 16:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-29 01:46 - 2016-01-16 16:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-29 01:46 - 2016-01-16 16:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-29 01:46 - 2016-01-16 16:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-29 01:46 - 2016-01-16 16:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-29 01:46 - 2016-01-16 16:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-29 01:46 - 2016-01-16 16:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-29 01:46 - 2016-01-16 16:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-29 01:46 - 2016-01-16 16:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-29 01:46 - 2016-01-16 16:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-29 01:46 - 2016-01-16 16:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-29 01:46 - 2016-01-16 16:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-29 01:46 - 2016-01-16 16:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-29 01:46 - 2016-01-16 16:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-29 01:46 - 2016-01-16 16:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-29 01:46 - 2016-01-16 16:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-29 01:46 - 2016-01-16 16:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-29 01:46 - 2016-01-16 16:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-29 01:46 - 2016-01-16 15:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-29 01:46 - 2016-01-16 15:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-29 01:46 - 2016-01-16 15:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-29 01:46 - 2016-01-16 15:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-29 01:46 - 2016-01-16 15:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-29 01:46 - 2016-01-16 15:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-29 01:46 - 2016-01-16 15:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-29 01:46 - 2016-01-16 15:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-29 01:46 - 2016-01-16 15:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-29 01:46 - 2016-01-16 15:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-29 01:46 - 2016-01-16 15:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-29 01:46 - 2016-01-16 15:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-29 01:46 - 2016-01-16 15:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-29 01:46 - 2016-01-16 15:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-29 01:46 - 2016-01-16 15:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-29 01:46 - 2016-01-16 15:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-29 01:46 - 2016-01-16 15:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-29 01:46 - 2016-01-16 15:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-29 01:46 - 2016-01-16 15:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-29 01:46 - 2016-01-16 15:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-29 01:46 - 2016-01-16 15:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-29 01:46 - 2016-01-16 15:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-29 01:46 - 2016-01-16 15:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-29 01:46 - 2016-01-16 15:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-29 01:46 - 2016-01-16 15:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-29 01:46 - 2016-01-16 15:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-29 01:46 - 2016-01-16 15:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-29 01:46 - 2016-01-16 15:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-29 01:46 - 2016-01-16 15:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-29 01:46 - 2016-01-16 15:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-29 01:46 - 2016-01-16 15:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-29 01:46 - 2016-01-16 15:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-29 01:46 - 2016-01-16 15:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-29 01:46 - 2016-01-16 15:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-29 01:46 - 2016-01-16 15:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-29 01:46 - 2016-01-16 15:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-29 01:46 - 2016-01-16 15:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-29 01:46 - 2016-01-16 15:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-29 01:46 - 2016-01-16 15:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-29 01:46 - 2016-01-16 15:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-29 01:46 - 2016-01-16 15:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-29 01:46 - 2016-01-16 15:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-29 01:46 - 2016-01-16 15:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-29 01:46 - 2016-01-16 15:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-29 01:46 - 2016-01-16 15:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-29 01:46 - 2016-01-16 15:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-29 01:46 - 2016-01-16 15:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-29 01:46 - 2016-01-16 15:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-29 01:46 - 2016-01-16 15:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-29 01:46 - 2016-01-16 15:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-29 01:46 - 2016-01-16 15:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-29 01:46 - 2016-01-16 15:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-29 01:46 - 2016-01-16 15:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-29 01:46 - 2016-01-16 15:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-29 01:46 - 2016-01-16 15:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-29 01:46 - 2016-01-16 15:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-29 01:46 - 2016-01-16 15:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-29 01:46 - 2016-01-16 15:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-29 01:46 - 2016-01-16 15:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-29 01:46 - 2016-01-16 15:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-29 01:46 - 2016-01-16 15:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-29 01:46 - 2016-01-16 15:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-29 01:46 - 2016-01-16 15:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-29 01:46 - 2016-01-16 15:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-29 01:46 - 2016-01-16 15:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-29 01:46 - 2016-01-16 15:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-29 01:46 - 2016-01-16 15:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-29 01:46 - 2016-01-16 15:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-29 01:46 - 2016-01-16 15:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-29 01:46 - 2016-01-16 15:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-29 01:46 - 2016-01-16 15:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-29 01:46 - 2016-01-16 15:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-29 01:46 - 2016-01-16 15:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-29 01:46 - 2016-01-16 15:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-29 01:46 - 2016-01-16 15:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-29 01:46 - 2016-01-16 15:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-29 01:46 - 2016-01-16 15:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-29 01:46 - 2016-01-16 15:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-29 01:46 - 2016-01-16 15:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-29 01:46 - 2016-01-16 15:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-29 01:46 - 2016-01-16 15:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-29 01:46 - 2016-01-16 15:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-29 01:46 - 2016-01-16 15:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-29 01:46 - 2016-01-16 15:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-21 09:02 - 2016-02-09 17:39 - 00000000 ____D C:\Users\JoosS\Desktop\Million Dollar Pips
2016-01-21 05:33 - 2016-02-09 17:39 - 00000000 ____D C:\Program Files (x86)\Million Dollar Pips
2016-01-21 05:33 - 2016-01-21 05:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Million Dollar Pips
2016-01-21 05:32 - 2016-01-21 05:32 - 00000000 ____D C:\Users\JoosS\AppData\Roaming\EAInstall
2016-01-21 05:29 - 2016-01-21 05:29 - 00002055 _____ C:\Users\Public\Desktop\OANDA - MetaTrader.lnk
2016-01-21 05:29 - 2016-01-21 05:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OANDA - MetaTrader
2016-01-21 05:28 - 2016-01-21 05:36 - 00000000 ____D C:\Program Files (x86)\OANDA - MetaTrader
2016-01-19 20:55 - 2016-01-19 20:57 - 00000000 ____D C:\Users\JoosS\Desktop\FxSteam
2016-01-19 20:52 - 2016-01-19 20:52 - 00002109 _____ C:\Users\Public\Desktop\MetaTrader - Pepperstone.lnk
2016-01-19 20:52 - 2016-01-19 20:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader - Pepperstone
2016-01-19 20:51 - 2016-02-08 11:46 - 00000000 ____D C:\Program Files (x86)\MetaTrader - Pepperstone
2016-01-19 20:50 - 2016-01-19 20:51 - 00676848 _____ (MetaQuotes Software Corp.) C:\Users\JoosS\Downloads\pepperstone4setup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-15 14:50 - 2015-07-19 17:32 - 00000000 ____D C:\Users\JoosS\AppData\Roaming\Skype
2016-02-15 14:45 - 2015-11-29 14:52 - 00000000 ___RD C:\Users\JoosS\Dropbox
2016-02-15 14:45 - 2015-11-29 14:44 - 00000000 ____D C:\Users\JoosS\AppData\Local\Dropbox
2016-02-15 14:43 - 2015-11-29 14:44 - 00000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-02-15 14:41 - 2015-12-26 20:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-15 14:41 - 2015-11-29 14:44 - 00000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-02-15 14:41 - 2015-11-09 07:50 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-15 14:41 - 2015-08-31 13:14 - 00000000 __SHD C:\Users\JoosS\IntelGraphicsProfiles
2016-02-15 14:40 - 2015-10-30 16:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-15 14:30 - 2015-03-30 22:17 - 00002286 ____H C:\Users\JoosS\Documents\Default.rdp
2016-02-15 14:07 - 2015-10-10 19:19 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-15 14:07 - 2015-04-13 13:52 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-35990545-1199930793-1543886939-1001UA.job
2016-02-15 14:06 - 2015-11-09 07:50 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-15 13:59 - 2015-08-03 13:59 - 00000420 _____ C:\WINDOWS\Tasks\GiantFunds.job
2016-02-15 12:22 - 2015-10-23 09:03 - 00004142 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6B88B7C2-76C1-4461-9111-10C299A5F2B5}
2016-02-15 06:07 - 2015-04-13 13:52 - 00000866 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-35990545-1199930793-1543886939-1001Core.job
2016-02-14 21:51 - 2015-10-30 17:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-14 21:51 - 2015-08-31 10:09 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-14 21:34 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-14 20:51 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-14 20:45 - 2015-10-30 17:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-14 18:06 - 2015-12-29 14:58 - 00013044 _____ C:\Users\JoosS\Desktop\Trade Account Login Details.xlsx
2016-02-12 11:32 - 2014-10-29 03:17 - 00000000 ____D C:\Program Files (x86)\WildGames
2016-02-12 11:21 - 2015-01-07 18:07 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-12 06:45 - 2015-10-30 19:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-11 06:09 - 2015-01-07 18:49 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-11 06:09 - 2015-01-07 18:49 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-10 20:00 - 2015-01-13 11:48 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 19:52 - 2015-10-30 17:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-10 19:52 - 2015-01-13 11:48 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-10 19:16 - 2014-05-23 11:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-10 19:13 - 2014-05-23 11:30 - 00000000 ____D C:\Program Files\TOSHIBA
2016-02-10 19:09 - 2014-10-29 02:57 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-10 19:07 - 2014-05-23 11:30 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2016-02-09 18:06 - 2014-05-23 11:27 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-02-09 18:04 - 2015-01-07 22:02 - 00000000 ____D C:\ProgramData\Oracle
2016-02-09 18:03 - 2015-01-27 18:22 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-09 18:03 - 2015-01-27 17:56 - 00000000 ____D C:\Program Files\Java
2016-02-09 18:02 - 2015-01-07 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-09 18:00 - 2015-12-26 19:52 - 00000000 ____D C:\Users\JoosS
2016-02-09 18:00 - 2015-01-27 17:57 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-02-07 10:27 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-02-05 08:39 - 2015-08-03 16:02 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-05 08:22 - 2015-08-31 13:20 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-02-04 05:01 - 2016-01-01 10:11 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-04 05:01 - 2016-01-01 10:11 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-03 19:12 - 2015-10-30 17:24 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2016-02-03 19:11 - 2015-07-24 14:46 - 00001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-03 19:11 - 2015-07-24 14:46 - 00001170 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-02-03 17:55 - 2015-01-07 18:14 - 00000000 ____D C:\Users\JoosS\AppData\Local\VirtualStore
2016-02-03 16:46 - 2015-01-07 18:14 - 00000000 ____D C:\Users\JoosS\AppData\Local\Packages
2016-02-03 06:02 - 2015-04-13 13:52 - 00004032 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-35990545-1199930793-1543886939-1001UA
2016-02-03 06:02 - 2015-04-13 13:52 - 00003656 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-35990545-1199930793-1543886939-1001Core
2016-02-03 03:43 - 2015-12-31 16:10 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-02-03 03:42 - 2015-12-31 16:10 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2016-02-02 04:01 - 2015-10-30 17:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-02-02 04:01 - 2015-10-30 17:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-02-02 04:01 - 2015-10-30 17:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-02-02 04:01 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-02-02 04:01 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-02-02 04:01 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-02-02 04:01 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-31 07:01 - 2015-11-09 07:50 - 00003974 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-31 07:01 - 2015-11-09 07:50 - 00003742 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-22 05:31 - 2015-10-30 17:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-22 05:29 - 2015-01-07 18:49 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-21 05:39 - 2011-05-23 11:43 - 05073240 _____ (Microsoft Corporation) C:\Users\JoosS\Downloads\vcredist_x86.exe
2016-01-20 22:18 - 2015-12-15 17:29 - 00373847 _____ C:\Users\JoosS\Desktop\P&L Book.xlsx

==================== Files in the root of some directories =======

2015-08-03 16:31 - 2015-08-03 16:31 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-08-03 16:25 - 2015-08-03 16:25 - 0000024 _____ () C:\Users\JoosS\AppData\Roaming\appdataFr25.bin
2015-12-26 19:47 - 2015-12-26 19:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\JoosS\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-14 21:28

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (55.2 KB, 41 views)
JoosS is offline  
Old 02-15-2016, 12:54 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello JoosS.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Back up and restore your files - Windows Help

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CustomCLSID: HKU\S-1-5-21-35990545-1199930793-1543886939-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\JoosS\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-35990545-1199930793-1543886939-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\JoosS\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-35990545-1199930793-1543886939-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\JoosS\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-35990545-1199930793-1543886939-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\JoosS\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-35990545-1199930793-1543886939-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\JoosS\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-35990545-1199930793-1543886939-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\JoosS\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    Task: {0B7AFD8C-012F-439B-AE5F-8C55F90DA56A} - System32\Tasks\GiantFunds => c:\programdata\{32401a03-095b-cdc8-3240-01a03095680c}\punch_pro_home_design_suite_platinum_10_0-sosiso.exe <==== ATTENTION
    Task: {0BD1CDC0-AD89-4507-8F79-FA7104C2649B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {0F2925ED-FA77-460D-A68C-D2D2903798F7} - System32\Tasks\Uyzhlooe => C:\PROGRA~1\SHOPPE~1\Denlujq.bat
    Task: {17910582-0019-4727-85AA-0C0D30A5321F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {312C8A77-004B-4E21-9F9A-906EFBB0C2C2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {3AE795A4-D396-4CB7-BAF9-7CB5BDC182CE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {83E10A75-367B-4D8C-B645-C90129F82FC1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {85F6AD0C-5F88-47FD-B03F-3C1A6D3D1B91} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {8E5AA559-C739-4BE8-BA39-18E9D2E0DC20} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {A5D3E38A-9604-4234-8439-CC7381553816} - System32\Tasks\DNSNAPOLEON => C:\Program Files (x86)\DNS Unlocker\dnsnapoleon.exe
    Task: {B5B7C38B-8C17-45D2-9A1B-40D50F994F12} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {E1218C98-9EE0-4701-A23B-2022C96809A0} - System32\Tasks\DNS Monitoring => /s /n /i:"/rt" "C:\PROGRA~2\DNSUNL~1\DNSMON~1.DLL"
    Task: {E38A16E6-18A6-4943-A599-DD50810B15D7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {E5AF3FDE-D927-434F-BB4B-39804C2F6D05} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {FC5CE043-77B6-45A5-8786-777BD1CD0DE5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: C:\WINDOWS\Tasks\GiantFunds.job => c:\programdata\{32401a03-095b-cdc8-3240-01a03095680c}\punch_pro_home_design_suite_platinum_10_0-sosiso.exe <==== ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-35990545-1199930793-1543886939-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-35990545-1199930793-1543886939-1001 -> {1BA709E6-78C1-4C26-BC02-46DD4950DA31} URL =
    SearchScopes: HKU\S-1-5-21-35990545-1199930793-1543886939-1001 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL =
    CHR Extension: (Google Slides) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04] [UpdateUrl: hxxps://mynamedomain.koko/00service/update2/crx] <==== ATTENTION
    CHR Extension: (Google Docs) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] [UpdateUrl: hxxps://mynamedomain.koko/00service/update2/crx] <==== ATTENTION
    CHR Extension: (Google Drive) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-18] [UpdateUrl: hxxps://mynamedomain.koko/00service/update2/crx] <==== ATTENTION
    CHR Extension: (AdThwart Legacy) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpcpblpdkddoicgechaickbldbieccko [2015-01-07]
    CHR Extension: (Adblock Plus) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-18] [UpdateUrl: hxxps://mynamedomain.koko/00service/update2/crx] <==== ATTENTION
    CHR Extension: (Google Search) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
    CHR Extension: (Google Sheets) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04] [UpdateUrl: hxxps://mynamedomain.koko/00service/update2/crx] <==== ATTENTION
    CHR Extension: (Google Docs Offline) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21]
    CHR Extension: (WidgetBlock) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiihiookhijpbhaflohognbhmamdnol [2016-02-12]
    CHR Extension: (Flashcontrol) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-07-15] [UpdateUrl: hxxps://mynamedomain.koko/00service/update2/crx] <==== ATTENTION
    2016-02-03 18:14 - 2016-02-04 17:46 - 00000000 ____D C:\uninst
    2016-02-03 18:14 - 2016-02-03 18:14 - 00003402 _____ C:\WINDOWS\System32\Tasks\Uyzhlooe
    2016-02-03 18:14 - 2016-02-03 18:14 - 00000000 ____D C:\Users\JoosS\AppData\LocalLow\Company
    2016-02-03 17:58 - 2016-02-12 11:22 - 00000000 ____D C:\ProgramData\07352a49-6697-1
    2016-02-03 17:58 - 2016-02-12 11:22 - 00000000 ____D C:\ProgramData\07352a49-12f7-0
    2016-02-03 17:58 - 2016-02-03 17:58 - 00026414 _____ C:\WINDOWS\System32\Tasks\DNSNAPOLEON
    2016-02-03 17:58 - 2016-02-03 17:58 - 00022666 _____ C:\WINDOWS\System32\Tasks\{090D0D47-0B0E-7E0C-0E11-0508790E117A}
    2016-02-03 17:58 - 2016-02-03 17:58 - 00003834 _____ C:\WINDOWS\System32\Tasks\DNS Monitoring
    C:\Program Files (x86)\DNS Unlocker
    C:\PROGRA~1\SHOPPE~1
    Folder: C:\ProgramData\18f8a002-7257-0
    Folder: C:\ProgramData\18f8a002-43e5-0
    Folder: C:\ProgramData\64571f72
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------

Please go here > DNSUnlocker Ads Removal Guide

then scroll down to the bottom and carry out steps 22 and 23. Let me know if you were successful.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-16-2016, 04:05 AM   #8
Registered Member
 
Join Date: Feb 2016
Posts: 20
OS: Win 10



Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by JoosS (2016-02-16 21:45:02) Run:1
Running from C:\Users\JoosS\Desktop
Loaded Profiles: JoosS (Available Profiles: JoosS)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-35990545-1199930793-1543886939-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\JoosS\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-35990545-1199930793-1543886939-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\JoosS\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-35990545-1199930793-1543886939-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\JoosS\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-35990545-1199930793-1543886939-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\JoosS\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-35990545-1199930793-1543886939-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\JoosS\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-35990545-1199930793-1543886939-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\JoosS\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {0B7AFD8C-012F-439B-AE5F-8C55F90DA56A} - System32\Tasks\GiantFunds => c:\programdata\{32401a03-095b-cdc8-3240-01a03095680c}\punch_pro_home_design_suite_platinum_10_0-sosiso.exe <==== ATTENTION
Task: {0BD1CDC0-AD89-4507-8F79-FA7104C2649B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {0F2925ED-FA77-460D-A68C-D2D2903798F7} - System32\Tasks\Uyzhlooe => C:\PROGRA~1\SHOPPE~1\Denlujq.bat
Task: {17910582-0019-4727-85AA-0C0D30A5321F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {312C8A77-004B-4E21-9F9A-906EFBB0C2C2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3AE795A4-D396-4CB7-BAF9-7CB5BDC182CE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {83E10A75-367B-4D8C-B645-C90129F82FC1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {85F6AD0C-5F88-47FD-B03F-3C1A6D3D1B91} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8E5AA559-C739-4BE8-BA39-18E9D2E0DC20} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A5D3E38A-9604-4234-8439-CC7381553816} - System32\Tasks\DNSNAPOLEON => C:\Program Files (x86)\DNS Unlocker\dnsnapoleon.exe
Task: {B5B7C38B-8C17-45D2-9A1B-40D50F994F12} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E1218C98-9EE0-4701-A23B-2022C96809A0} - System32\Tasks\DNS Monitoring => /s /n /i:"/rt" "C:\PROGRA~2\DNSUNL~1\DNSMON~1.DLL"
Task: {E38A16E6-18A6-4943-A599-DD50810B15D7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E5AF3FDE-D927-434F-BB4B-39804C2F6D05} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FC5CE043-77B6-45A5-8786-777BD1CD0DE5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GiantFunds.job => c:\programdata\{32401a03-095b-cdc8-3240-01a03095680c}\punch_pro_home_design_suite_platinum_10_0-sosiso.exe <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-35990545-1199930793-1543886939-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-35990545-1199930793-1543886939-1001 -> {1BA709E6-78C1-4C26-BC02-46DD4950DA31} URL =
SearchScopes: HKU\S-1-5-21-35990545-1199930793-1543886939-1001 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL =
CHR Extension: (Google Slides) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04] [UpdateUrl: hxxps://mynamedomain.koko/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Docs) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] [UpdateUrl: hxxps://mynamedomain.koko/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-18] [UpdateUrl: hxxps://mynamedomain.koko/00service/update2/crx] <==== ATTENTION
CHR Extension: (AdThwart Legacy) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpcpblpdkddoicgechaickbldbieccko [2015-01-07]
CHR Extension: (Adblock Plus) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-18] [UpdateUrl: hxxps://mynamedomain.koko/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Search) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Google Sheets) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04] [UpdateUrl: hxxps://mynamedomain.koko/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Docs Offline) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21]
CHR Extension: (WidgetBlock) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiihiookhijpbhaflohognbhmamdnol [2016-02-12]
CHR Extension: (Flashcontrol) - C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-07-15] [UpdateUrl: hxxps://mynamedomain.koko/00service/update2/crx] <==== ATTENTION
2016-02-03 18:14 - 2016-02-04 17:46 - 00000000 ____D C:\uninst
2016-02-03 18:14 - 2016-02-03 18:14 - 00003402 _____ C:\WINDOWS\System32\Tasks\Uyzhlooe
2016-02-03 18:14 - 2016-02-03 18:14 - 00000000 ____D C:\Users\JoosS\AppData\LocalLow\Company
2016-02-03 17:58 - 2016-02-12 11:22 - 00000000 ____D C:\ProgramData\07352a49-6697-1
2016-02-03 17:58 - 2016-02-12 11:22 - 00000000 ____D C:\ProgramData\07352a49-12f7-0
2016-02-03 17:58 - 2016-02-03 17:58 - 00026414 _____ C:\WINDOWS\System32\Tasks\DNSNAPOLEON
2016-02-03 17:58 - 2016-02-03 17:58 - 00022666 _____ C:\WINDOWS\System32\Tasks\{090D0D47-0B0E-7E0C-0E11-0508790E117A}
2016-02-03 17:58 - 2016-02-03 17:58 - 00003834 _____ C:\WINDOWS\System32\Tasks\DNS Monitoring
C:\Program Files (x86)\DNS Unlocker
C:\PROGRA~1\SHOPPE~1
Folder: C:\ProgramData\18f8a002-7257-0
Folder: C:\ProgramData\18f8a002-43e5-0
Folder: C:\ProgramData\64571f72
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKU\S-1-5-21-35990545-1199930793-1543886939-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-35990545-1199930793-1543886939-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-35990545-1199930793-1543886939-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-35990545-1199930793-1543886939-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-35990545-1199930793-1543886939-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-35990545-1199930793-1543886939-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B7AFD8C-012F-439B-AE5F-8C55F90DA56A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B7AFD8C-012F-439B-AE5F-8C55F90DA56A}" => key removed successfully
C:\WINDOWS\System32\Tasks\GiantFunds => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GiantFunds" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0BD1CDC0-AD89-4507-8F79-FA7104C2649B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BD1CDC0-AD89-4507-8F79-FA7104C2649B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F2925ED-FA77-460D-A68C-D2D2903798F7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F2925ED-FA77-460D-A68C-D2D2903798F7}" => key removed successfully
C:\WINDOWS\System32\Tasks\Uyzhlooe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uyzhlooe" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17910582-0019-4727-85AA-0C0D30A5321F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17910582-0019-4727-85AA-0C0D30A5321F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{312C8A77-004B-4E21-9F9A-906EFBB0C2C2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{312C8A77-004B-4E21-9F9A-906EFBB0C2C2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3AE795A4-D396-4CB7-BAF9-7CB5BDC182CE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AE795A4-D396-4CB7-BAF9-7CB5BDC182CE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{83E10A75-367B-4D8C-B645-C90129F82FC1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83E10A75-367B-4D8C-B645-C90129F82FC1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{85F6AD0C-5F88-47FD-B03F-3C1A6D3D1B91}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85F6AD0C-5F88-47FD-B03F-3C1A6D3D1B91}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E5AA559-C739-4BE8-BA39-18E9D2E0DC20}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E5AA559-C739-4BE8-BA39-18E9D2E0DC20}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A5D3E38A-9604-4234-8439-CC7381553816}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5D3E38A-9604-4234-8439-CC7381553816}" => key removed successfully
C:\WINDOWS\System32\Tasks\DNSNAPOLEON => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSNAPOLEON" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5B7C38B-8C17-45D2-9A1B-40D50F994F12}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5B7C38B-8C17-45D2-9A1B-40D50F994F12}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1218C98-9EE0-4701-A23B-2022C96809A0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1218C98-9EE0-4701-A23B-2022C96809A0}" => key removed successfully
C:\WINDOWS\System32\Tasks\DNS Monitoring => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNS Monitoring" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E38A16E6-18A6-4943-A599-DD50810B15D7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E38A16E6-18A6-4943-A599-DD50810B15D7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5AF3FDE-D927-434F-BB4B-39804C2F6D05}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5AF3FDE-D927-434F-BB4B-39804C2F6D05}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC5CE043-77B6-45A5-8786-777BD1CD0DE5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC5CE043-77B6-45A5-8786-777BD1CD0DE5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
C:\WINDOWS\Tasks\GiantFunds.job => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-35990545-1199930793-1543886939-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-35990545-1199930793-1543886939-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1BA709E6-78C1-4C26-BC02-46DD4950DA31}" => key removed successfully
HKCR\CLSID\{1BA709E6-78C1-4C26-BC02-46DD4950DA31} => key not found.
"HKU\S-1-5-21-35990545-1199930793-1543886939-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}" => key removed successfully
HKCR\CLSID\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6} => key not found.
C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek <==== ATTENTION => not found
C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake <==== ATTENTION => not found
C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf <==== ATTENTION => not found
C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpcpblpdkddoicgechaickbldbieccko => moved successfully
C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb <==== ATTENTION => not found
C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf => moved successfully
C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap <==== ATTENTION => not found
C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi => moved successfully
C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiihiookhijpbhaflohognbhmamdnol => moved successfully
C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe <==== ATTENTION => not found
C:\uninst => moved successfully
"C:\WINDOWS\System32\Tasks\Uyzhlooe" => not found.
C:\Users\JoosS\AppData\LocalLow\Company => moved successfully
C:\ProgramData\07352a49-6697-1 => moved successfully
C:\ProgramData\07352a49-12f7-0 => moved successfully
"C:\WINDOWS\System32\Tasks\DNSNAPOLEON" => not found.
C:\WINDOWS\System32\Tasks\{090D0D47-0B0E-7E0C-0E11-0508790E117A} => moved successfully
"C:\WINDOWS\System32\Tasks\DNS Monitoring" => not found.
"C:\Program Files (x86)\DNS Unlocker" => not found.
"C:\PROGRA~1\SHOPPE~1" => not found.

========================= Folder: C:\ProgramData\18f8a002-7257-0 ========================

2016-02-12 11:22 - 2016-02-12 11:22 - 0000000 ____H () C:\ProgramData\18f8a002-7257-0\BIT4834.tmp

====== End of Folder: ======


========================= Folder: C:\ProgramData\18f8a002-43e5-0 ========================

2016-02-12 11:22 - 2016-02-12 11:22 - 0000000 ____H () C:\ProgramData\18f8a002-43e5-0\BIT5545.tmp

====== End of Folder: ======


========================= Folder: C:\ProgramData\64571f72 ========================

2016-02-12 11:21 - 2016-02-12 11:21 - 0524288 _____ () C:\ProgramData\64571f72\434f2ad7.dll

====== End of Folder: ======
JoosS is offline  
Old 02-16-2016, 04:20 AM   #9
Registered Member
 
Join Date: Feb 2016
Posts: 20
OS: Win 10



Hi,

I carried out step 22 however when doing step 23 the certificate www.cloudguard.me does not appear in the list
JoosS is offline  
Old 02-16-2016, 04:29 AM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, JoosS. That's fine. How is the machine behaving now?

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-17-2016, 12:55 AM   #11
Registered Member
 
Join Date: Feb 2016
Posts: 20
OS: Win 10



To answer your question if the computer is better, yes and no, it is definitely better but just noticed that whilst this page was loading in a new tab both the tabs give a quick distort non responding "shake" movement in the tab heading, the actual page does not move. Does that make sense?

Scan log of the MBAM

Thanks for all the help thus far.

I had to attach the file as the text was too long.
While I was typing the above sentence my text cursor jumped to the open log file just after a momentarily blip on the screen.
I just selected the attach file above and the new window opened with it flashing quickly in and out ( Back and forth)
Attached Files
File Type: txt MBAM Scan Log.txt (161.2 KB, 28 views)
JoosS is offline  
Old 02-17-2016, 01:42 AM   #12
Registered Member
 
Join Date: Feb 2016
Posts: 20
OS: Win 10



Eset cannot be used on Win 10 error message attached. FYI - I'm using Mozilla Firefox as a browser.
Attached Thumbnails
Click image for larger version

Name:	ESET.PNG
Views:	112
Size:	16.7 KB
ID:	272010  
JoosS is offline  
Old 02-17-2016, 10:41 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, JoosS. You're very welcome. Not sure about the tab/cursor problems. Not all problems are malware related. Let me know if they still occur.

ESET Online Scanner does run on Win10. It appears the file didn't fully download and was corrupted.

If you notice in the Downloads list, both esetsmartinstaller_enu and esetsmartinstaller_enu.exe.part are listed.

That is a sign of a corrupted file. Delete both those files, download esetsmartinstaller_enu.exe again, and make sure you wait for the download to complete before clicking on esetsmartinstaller_enu.exe.

Let me know.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-18-2016, 03:00 AM   #14
Registered Member
 
Join Date: Feb 2016
Posts: 20
OS: Win 10



Hi Me again.

ESET Log below, Thanks for your assistance.

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files (x86)\MetaTrader - Pepperstone\MQL4\Libraries\MillionDollarPips.dll a variant of Win32/Packed.Themida suspicious application
C:\Program Files (x86)\OANDA - MetaTrader\mql4\Libraries\MillionDollarPips.dll a variant of Win32/Packed.Themida suspicious application
C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\kcipmkejkojihddfhdmgolhhnbjnhbpm\154\content.js JS/Adware.MultiPlug.G application
C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\kcipmkejkojihddfhdmgolhhnbjnhbpm\154\lsdb.js JS/Adware.MultiPlug.G application
C:\Users\JoosS\AppData\Roaming\MetaQuotes\Terminal\3212703ED955F10C7534BE8497B221F4\MQL4\Libraries\MillionDollarPips.dll a variant of Win32/Packed.Themida suspicious application
C:\Users\JoosS\AppData\Roaming\MetaQuotes\Terminal\9ACB2E2CE0389240C909714389C79575\MQL4\Libraries\MillionDollarPips.dll a variant of Win32/Packed.Themida suspicious application
C:\Users\JoosS\Desktop\Million Dollar Pips\MQL4\Libraries\MillionDollarPips.dll a variant of Win32/Packed.Themida suspicious application
C:\Users\JoosS\Desktop\Newest Arb\Global Trade Station 2 Downloa Downloader__3687_i1847359313_il1203374.exe a variant of Win32/Amonetize.OT potentially unwanted application
C:\Users\JoosS\Downloads\winzip20.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Windows\Installer\1e749884.msi a variant of Win32/Systweak.L potentially unwanted application
JoosS is offline  
Old 02-18-2016, 11:38 AM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, JoosS. You're very welcome. Are you still having tab/cursor problems?

Most of the ESET finds are legit files, although reported as potentially unwanted, or as suspicious because of the Themida packer.

Up to you whether to delete them or not.

We do not recommend using the reg cleaning or reg optimizing features of WinZip.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\kcipmkejkojihddfhdmgolhhnbjnhbpm\154\content.js"
"C:\Users\JoosS\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\kcipmkejkojihddfhdmgolhhnbjnhbpm\154\lsdb.js"
"C:\Users\JoosS\Desktop\Newest Arb\Global Trade Station 2 Downloa Downloader__3687_i1847359313_il1203374.exe"
"C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
"C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"


) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-18-2016, 08:40 PM   #16
Registered Member
 
Join Date: Feb 2016
Posts: 20
OS: Win 10



Hi, it says deleted successfully
JoosS is offline  
Old 02-18-2016, 08:47 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Are you still having tab/cursor problems?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-19-2016, 03:35 AM   #18
Registered Member
 
Join Date: Feb 2016
Posts: 20
OS: Win 10



Hi. The time difference is a pain.
Since doing previous scan all desktop icons have gone to max size. I have restarted my computed and resized the icons to size 8 restarted again for change to take effect no change I will have a few more attempts over the weekend.

Regards

Joos
JoosS is offline  
Old 02-19-2016, 06:17 PM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-20-2016, 02:47 PM   #20
Registered Member
 
Join Date: Feb 2016
Posts: 20
OS: Win 10



No Luck with changing display settings and icon settings.

Screen shot attached. It took 3 attempts to open display settings. It opens then disappears then did the same the second attempt only on the third the display settings page opened.

I wish I can show you what happens when I attempt to attach something the screen flickers rapidly backwards and forwards.
Attached Thumbnails
Click image for larger version

Name:	Large Icon display.PNG
Views:	170
Size:	1.75 MB
ID:	272282  
JoosS is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Rootkit and Virus Infected
Had to run tests in Safemode, will not run under regular mode...BSOD, Browser's taken over, desktop changes and Voices and laughter in all browsers. Daughter and friend have made some attemps to fix.. Toshiba: Satelite A205-S7458 Windows Vista Home Premium V6.0.6002 DDS (Ver_2012-11-20.01)...
Azfield Resolved HJT Threads 15 11-26-2013 05:34 AM
xp security 2011/ malware removal tool
hello fellow tech heads i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which...
dragon-lilly Resolved HJT Threads 31 05-26-2011 03:18 PM
Windows security alert virus... help please
Hello all, I would like to start out by saying that what you all are doing is a wonderful thing. With so many threats on the net, it's nice to come across a site with members who actually care enough to help us out. I want to thank you all for what you do. So here's the problem(s). My son's netbook...
Triple_Optics Resolved HJT Threads 21 05-16-2011 04:48 PM
How can i remove slanina.exe virus from windows server 2003 system?
My system has infected a virus named 'slanina.exe'. It always copies itself to a folder named 'seficakaveza' to the usb drives which i connect to the system. I had no antivirus installed in the system and i have installed AVG internet security 2011 after this infection and AVG didn't removed the...
shaijuvjohn Inactive Malware Help Topics 0 05-09-2011 10:46 PM
computer freezes redirects to different sites on google
Please help. My computer has been running slow and many times when I upload a page it says it is not responding. The other issue is that when I do a search on google and click on the correct search,it directs me to another soliciting site. I have tried to run GMER both ways and it just will not...
lubo1 Inactive Malware Help Topics 8 02-21-2011 09:28 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:48 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts