Jump to content

Njem

Members
  • Posts

    25
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. This is all frustrating, irritating, and confusing. It's taken forever to get this far. Nothing has been offered but collecting lots of logs. Now apparently it's kind of working but I have no idea why. I ran the scan as requested. This time, for some reason, when it found some items it also had the link there to see what they were. And when it was done it allowed me to remove them. You might remember, way back when, that was the original problem. It wasn't running right and would find stuff but not provide the link to see what they are, and not provide an option to remove them at the end. This time it found stuff and went through the removal option and, I hope, got rid of them. Nothing has changed except that in the meantime I put a license key into the program. It didn't quite work right because it didn't make a log. You'll see below the protection log which notes there was a scan and 5 things found, but looking through the whole list of logs, the last scan log was on 7/2. Malwarebytes Anti-Malware www.malwarebytes.org Update, 7/20/2016 9:56 PM, SYSTEM, PC-CHRISTINA, Scheduler, IP Database, 2016.7.19.1, 2016.7.20.2, Update, 7/20/2016 9:56 PM, SYSTEM, PC-CHRISTINA, Scheduler, Domain Database, 2016.7.19.7, 2016.7.21.1, Update, 7/20/2016 9:56 PM, SYSTEM, PC-CHRISTINA, Scheduler, Malware Database, 2016.7.19.11, 2016.7.20.11, Protection, 7/20/2016 9:56 PM, SYSTEM, PC-CHRISTINA, Protection, Refresh, Starting, Protection, 7/20/2016 9:56 PM, SYSTEM, PC-CHRISTINA, Protection, Malicious Website Protection, Stopping, Protection, 7/20/2016 9:57 PM, SYSTEM, PC-CHRISTINA, Protection, Malicious Website Protection, Stopped, Scan, 7/20/2016 9:57 PM, SYSTEM, PC-CHRISTINA, Context, Start:7/20/2016 9:56 PM, Duration:0 min 48 sec, Threat Scan, Cancelled, 0 Malware Detections, 0 Non-Malware Detections, Protection, 7/20/2016 9:58 PM, SYSTEM, PC-CHRISTINA, Protection, Refresh, Success, Protection, 7/20/2016 9:58 PM, SYSTEM, PC-CHRISTINA, Protection, Malicious Website Protection, Starting, Protection, 7/20/2016 9:58 PM, SYSTEM, PC-CHRISTINA, Protection, Malicious Website Protection, Started, Scan, 7/20/2016 10:51 PM, SYSTEM, PC-CHRISTINA, Manual, Start:7/20/2016 9:58 PM, Duration:51 min 59 sec, Custom Scan, Completed, 0 Malware Detections, 5 Non-Malware Detections, Update, 7/20/2016 10:59 PM, SYSTEM, PC-CHRISTINA, Scheduler, Domain Database, 2016.7.21.1, 2016.7.21.2, Protection, 7/20/2016 10:59 PM, SYSTEM, PC-CHRISTINA, Protection, Refresh, Starting, Protection, 7/20/2016 10:59 PM, SYSTEM, PC-CHRISTINA, Protection, Refresh, Success, (end)
  2. Whichever way is fastest. If you have anything to tell me about how to fix this go ahead and post it here and let's get on with it.
  3. FYI this has changed from a free account to a paid account. Not sure how to move this support item to a paid support item but would appreciate doing that. If you need the license # or something let me know.
  4. I don't know why recovery is off. Might have been turned off by a previous tech. Fix result of Farbar Recovery Scan Tool (x86) Version: 10-07-2016 01 Ran by Admin (2016-07-12 11:18:25) Run:3 Running from C:\Users\Admin\Desktop Loaded Profiles: Admin (Available Profiles: Admin & Assistant2 & User & system32 & GhostUser & user1) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: HKLM\...\Run: [] => [X] HKU\S-1-5-21-491372964-234954144-3230604657-1002\...\Run: [akvplabe] => C:\Users\Admin\AppData\Roaming\setap21.exe IFEO\sethc.exe: [Debugger] C:\Windows\PreInstall\uddisrw.exe C:\Users\Admin\AppData\Roaming\setap21.exe EmptyTemp: end ***************** Error: (0) Failed to create a restore point. Processes closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found. HKU\S-1-5-21-491372964-234954144-3230604657-1002\Software\Microsoft\Windows\CurrentVersion\Run\\akvplabe => value not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sethc.exe => key not found. "C:\Users\Admin\AppData\Roaming\setap21.exe" => not found. =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8391936 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => -1904 B Edge => 0 B Chrome => 0 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 128 B LocalService => 0 B NetworkService => 0 B Admin => 79328 B Assistant2 => 0 B User => 0 B system32 => 0 B GhostUser => 0 B user1 => 0 B RecycleBin => 0 B EmptyTemp: => 8.1 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 11:18:29 ==== Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-07-2016 01 Ran by Admin (administrator) on PC-CHRISTINA (12-07-2016 11:20:04) Running from C:\Users\Admin\Desktop Loaded Profiles: Admin (Available Profiles: Admin & Assistant2 & User & system32 & GhostUser & user1) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe () C:\Windows\msapss\bin\msapp.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe (ImageMAKER Development Inc.) C:\Program Files\Common Files\ImageMAKER\VSTDAEMON.EXE ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.) HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-08-26] () HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated) HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.) HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2829624 2013-10-10] (Intuit Inc. All rights reserved.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation) HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-08-04] ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-08-04] ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-08-04] ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2015-05-14] ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe (Samsung Electronics Co., Ltd.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vista Fax Daemon.lnk [2014-08-07] ShortcutTarget: Vista Fax Daemon.lnk -> C:\Program Files\Common Files\ImageMAKER\Vstdaemon.exe (ImageMAKER Development Inc.) Startup: C:\Users\Assistant2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PHONEslips.lnk [2015-07-14] ShortcutTarget: PHONEslips.lnk -> \\JEP-SERVER\Data\PSLIPS\PSWIN32.EXE (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{D040FB1E-17F4-4B45-93D4-1BAFCFB1D776}: [NameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-491372964-234954144-3230604657-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP HKU\S-1-5-21-491372964-234954144-3230604657-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-23] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-02-29] (AO Kaspersky Lab) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-23] (Oracle Corporation) BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-02-29] (AO Kaspersky Lab) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2013-10-10] (Intuit, Inc.) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation) Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-23] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-23] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF HKLM\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox FF Extension: Kaspersky Protection - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-06-14] Chrome: ======= CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-24] CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka CHR HKLM\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP16.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2016-02-29] (Kaspersky Lab ZAO) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-08-04] (Macrovision Europe Ltd.) [File not signed] R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-10-10] (Intuit) [File not signed] S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed] R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-10-10] (Intuit Inc.) [File not signed] R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [458944 2014-11-04] (Samsung Electronics Co., Ltd.) R3 TermService; C:\Program Files\RDP Wrapper\rdpwrap.dll [77312 2016-04-04] (Stas'M Corp.) [File not signed] S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation) R2 WinMediaService; C:\Windows\msapss\bin\msapp.exe [990720 2016-07-07] () [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AX88179; C:\Windows\System32\DRIVERS\ax88179_178a.sys [54784 2013-12-05] (ASIX Electronics Corp.) S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [69632 2013-12-03] (ASIX Electronics Corp.) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO) R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [50016 2016-06-02] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [153784 2015-06-22] (Kaspersky Lab ZAO) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [58224 2015-06-27] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [66976 2016-02-29] (AO Kaspersky Lab) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [147328 2016-02-29] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [53168 2016-06-14] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [785328 2016-06-14] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [44120 2016-06-14] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [37048 2015-06-06] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [39304 2016-02-29] (AO Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [87736 2015-06-16] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [156856 2015-06-23] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-07-12] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation) R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2015-12-08] (Samsung Electronics) [File not signed] S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2011-03-24] (Microsoft Corporation) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-12 11:20 - 2016-07-12 11:20 - 00015222 _____ C:\Users\Admin\Desktop\FRST.txt 2016-07-12 11:10 - 2016-07-12 11:18 - 00001853 _____ C:\Users\Admin\Desktop\Fixlog.txt 2016-07-12 11:10 - 2016-07-12 11:05 - 01741312 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe 2016-07-12 11:09 - 2016-07-12 11:05 - 01741312 _____ (Farbar) C:\Users\Public\Documents\FRST.exe 2016-07-12 11:09 - 2016-07-12 11:03 - 00000307 _____ C:\Users\Public\Documents\fixlist.txt 2016-07-12 11:05 - 2016-07-12 11:05 - 00000000 ____D C:\Users\Assistant2\Downloads\FRST-OlderVersion 2016-07-12 11:05 - 2016-07-12 11:03 - 00000307 _____ C:\Users\Assistant2\Downloads\fixlist.txt 2016-07-11 06:39 - 2016-07-11 06:39 - 00183520 _____ C:\Windows\Minidump\071116-15771-01.dmp 2016-07-07 16:07 - 2016-07-07 16:07 - 106837452 _____ C:\Users\GhostUser\Downloads\Chrome.zip 2016-07-07 15:29 - 2016-07-07 15:29 - 00000000 ____D C:\Users\GhostUser\Desktop\Chrome 2016-07-07 12:58 - 2016-07-07 12:58 - 00335848 _____ C:\Users\Assistant2\Downloads\Copy_of_Evidence_Request__Src____ROBERTSON__PAUL_TODD_Tmt__Dt____Unknown___Unknown.tif 2016-07-07 12:58 - 2016-07-07 12:58 - 00029318 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (7).csv 2016-07-07 12:55 - 2016-07-07 12:55 - 01343532 _____ C:\Users\Assistant2\Downloads\Medical_Evidence_of_Record__Src____FLAGSTAFF_MEDICAL_CENTER_Tmt__Dt____Unknown___Unknown.tif 2016-07-07 12:54 - 2016-07-07 12:54 - 00055551 _____ C:\Users\Assistant2\Downloads\3D___Certified_Earnings_Records_Doc__Dt____12_03_2015.tif 2016-07-07 12:53 - 2016-07-07 12:53 - 00030970 _____ C:\Users\Assistant2\Downloads\1E___Disability_Report___Field_Office__Src____FO_Tmt__Dt____Unknown___08_29_2013.tif 2016-07-07 12:51 - 2016-07-07 12:51 - 00208752 _____ C:\Users\Assistant2\Downloads\2E___Disability_Report___Adult__Src____Claimant_Tmt__Dt____Unknown___09_04_2013.tif 2016-07-07 12:48 - 2016-07-07 12:48 - 00270228 _____ C:\Users\Assistant2\Downloads\3E___Work_Activity_Report_EE__Src____Unknown_Tmt__Dt____Unknown___08_01_2014.tif 2016-07-07 12:47 - 2016-07-07 12:47 - 00280420 _____ C:\Users\Assistant2\Downloads\5E___Disability_Report___Adult__Src____Unknown_Tmt__Dt____Unknown___08_01_2014 (1).tif 2016-07-07 12:47 - 2016-07-07 12:47 - 00032726 _____ C:\Users\Assistant2\Downloads\4E___Disability_Report___Field_Office__Src____Unknown_Tmt__Dt____Unknown___08_01_2014.tif 2016-07-07 12:46 - 2016-07-07 12:46 - 00280420 _____ C:\Users\Assistant2\Downloads\5E___Disability_Report___Adult__Src____Unknown_Tmt__Dt____Unknown___08_01_2014.tif 2016-07-07 12:41 - 2016-07-07 12:41 - 00062844 _____ C:\Users\Assistant2\Downloads\Medical_Evidence_of_Record__Src____Ellen_Lorenz_Tmt__Dt____Unknown___02_10_2015.tif 2016-07-07 12:34 - 2016-07-07 12:34 - 00194236 _____ C:\Users\Assistant2\Downloads\Office_Treatment_Records__Src____Prescott_Urology_Tmt__Dt____Unknown___Unknown.tif 2016-07-07 12:33 - 2016-07-07 12:33 - 00162178 _____ C:\Users\Assistant2\Downloads\Medical_Evidence_of_Record__Src____NORTHERN_ARIZONA_TUMOR_INSTITUTE_Tmt__Dt____Unknown___Unknown.tif 2016-07-07 12:32 - 2016-07-07 12:32 - 00203983 _____ C:\Users\Assistant2\Downloads\16F___Office_Treatment_Records__Src____Prescott_Urology_Tmt__Dt____Unknown___03_18_2016.tif 2016-07-07 12:30 - 2016-07-07 12:30 - 00364646 _____ C:\Users\Assistant2\Downloads\18F___Progress_Notes__Src____Tucille__Wendy__MD___Red_Rock_Pediatrics_Tmt__Dt____01_05_2016___02_05_2016.tif 2016-07-07 12:30 - 2016-07-07 12:30 - 00337380 _____ C:\Users\Assistant2\Downloads\16F___Emergency_Department_Records__Src____Verde_Valley_Medical_Center_Tmt__Dt____Unknown___01_27_2016.tif 2016-07-07 12:30 - 2016-07-07 12:30 - 00146908 _____ C:\Users\Assistant2\Downloads\17F___Inpatient_Hospital_Records__Src____Phoenix_Children_s_Hospital_Tmt__Dt____01_27_2016___02_01_2016.tif 2016-07-07 12:14 - 2016-07-07 12:14 - 00057974 _____ C:\Users\Assistant2\Downloads\3D___Certified_Earnings_Records_Doc__Dt____12_30_2015.tif 2016-07-06 15:12 - 2016-07-06 15:13 - 00029316 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (6).csv 2016-07-06 13:25 - 2016-07-06 13:24 - 41864528 _____ (Samsung Electronics Co., Ltd.) C:\Users\Public\Documents\M288x_Series_WIN_EPM_V1.06.00.04_CDV1.17.exe 2016-07-06 13:24 - 2016-07-06 13:24 - 41864528 _____ (Samsung Electronics Co., Ltd.) C:\Users\Assistant2\Downloads\M288x_Series_WIN_EPM_V1.06.00.04_CDV1.17.exe 2016-07-06 13:08 - 2016-07-06 13:08 - 45169264 _____ (Samsung Electronics Co., Ltd.) C:\Users\Assistant2\Downloads\EPM_V1.05.45.00.exe 2016-07-02 09:22 - 2016-07-02 09:22 - 00001063 _____ C:\Users\Assistant2\Desktop\7-5-16 scan.txt 2016-07-02 09:06 - 2016-07-02 09:06 - 00029399 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (5).csv 2016-06-30 20:38 - 2016-06-30 20:38 - 00001072 _____ C:\Users\Assistant2\Desktop\2malwarebytes6-30-16.txt 2016-06-30 12:14 - 2016-06-30 12:15 - 00040985 _____ C:\Users\Admin\Downloads\Addition.txt 2016-06-30 12:13 - 2016-06-30 12:15 - 00047445 _____ C:\Users\Admin\Downloads\FRST.txt 2016-06-30 12:13 - 2016-06-30 12:13 - 01740288 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe 2016-06-29 19:06 - 2016-06-29 19:06 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\72226758.sys 2016-06-29 08:32 - 2016-06-29 08:32 - 06069872 _____ (TeamViewer) C:\Users\Assistant2\Downloads\assist (1).exe 2016-06-28 12:39 - 2016-06-28 12:39 - 00025390 _____ C:\Users\Assistant2\Downloads\Addition.txt 2016-06-28 12:38 - 2016-07-12 11:20 - 00000000 ____D C:\FRST 2016-06-28 12:38 - 2016-07-12 11:05 - 01741312 _____ (Farbar) C:\Users\Assistant2\Downloads\FRST.exe 2016-06-28 12:38 - 2016-06-28 12:39 - 00045388 _____ C:\Users\Assistant2\Downloads\FRST.txt 2016-06-28 09:13 - 2016-07-11 06:39 - 00000000 ____D C:\Windows\Minidump 2016-06-28 09:13 - 2016-06-28 09:13 - 00183200 _____ C:\Windows\Minidump\062816-18236-01.dmp 2016-06-28 09:12 - 2016-07-11 06:39 - 307157393 _____ C:\Windows\MEMORY.DMP 2016-06-27 15:22 - 2008-04-07 05:38 - 00045392 ____R (Adobe Systems Inc) C:\Windows\system32\AdobePDF.dll 2016-06-27 15:22 - 2008-04-07 05:38 - 00022872 ____R (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll 2016-06-27 15:14 - 2016-06-27 15:14 - 22851472 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mbam-setup-2.2.1.1043.exe 2016-06-27 14:27 - 2016-07-12 09:27 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2016-06-27 14:27 - 2016-06-27 14:27 - 01858888 _____ (Malwarebytes ) C:\Users\Assistant2\Downloads\mbae-setup-1.08.1.2563.exe 2016-06-27 14:27 - 2016-06-27 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2016-06-27 14:27 - 2016-06-27 14:27 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit 2016-06-27 13:46 - 2016-06-27 13:46 - 22851472 _____ (Malwarebytes ) C:\Users\Assistant2\Downloads\mbam-setup-2.2.1.1043.exe 2016-06-27 09:30 - 2016-06-27 09:30 - 06069872 _____ (TeamViewer) C:\Users\Assistant2\Downloads\assist.exe 2016-06-26 16:14 - 2016-06-26 16:14 - 00000000 ____D C:\Users\user1\AppData\Roaming\Sun 2016-06-26 16:14 - 2016-06-26 16:14 - 00000000 ____D C:\Users\user1\AppData\LocalLow\Sun 2016-06-26 16:14 - 2016-06-26 16:14 - 00000000 ____D C:\Users\user1\.oracle_jre_usage 2016-06-26 08:01 - 2016-06-26 08:02 - 00000000 ____D C:\Users\user1\AppData\Local\WEB2Print 2016-06-26 07:57 - 2016-06-26 07:59 - 00000000 ____D C:\Users\user1\Desktop\NiceHashMiner_v1.6.0.0 2016-06-26 07:56 - 2016-06-26 07:56 - 127786015 _____ C:\Users\user1\Downloads\NiceHashMiner_v1.6.0.0.zip 2016-06-26 07:55 - 2016-06-26 08:04 - 00000000 ____D C:\Users\user1\AppData\Roaming\Samsung 2016-06-26 07:55 - 2016-06-26 07:55 - 00116280 _____ C:\Users\user1\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-26 07:55 - 2016-06-26 07:55 - 00002319 _____ C:\Users\user1\Desktop\Safe Money.lnk 2016-06-26 07:55 - 2016-06-26 07:55 - 00000000 ____D C:\Users\user1\AppData\Local\Intuit 2016-06-26 07:55 - 2016-06-26 07:55 - 00000000 ____D C:\Users\user1\AppData\Local\Adobe 2016-06-26 07:54 - 2016-06-26 16:14 - 00000000 ____D C:\Users\user1 2016-06-26 07:54 - 2016-06-26 07:55 - 00000000 ____D C:\Users\user1\AppData\Roaming\Adobe 2016-06-26 07:54 - 2016-06-26 07:54 - 00001419 _____ C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-06-26 07:54 - 2016-06-26 07:54 - 00000020 ___SH C:\Users\user1\ntuser.ini 2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 _SHDL C:\Users\user1\My Documents 2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 _SHDL C:\Users\user1\Documents\My Videos 2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 _SHDL C:\Users\user1\Documents\My Pictures 2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 _SHDL C:\Users\user1\Documents\My Music 2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 ____D C:\Users\user1\AppData\Local\VirtualStore 2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 ____D C:\Users\user1\AppData\Local\Google 2016-06-26 07:54 - 2014-11-11 08:03 - 00000000 ____D C:\Users\user1\AppData\Roaming\TuneUp Software 2016-06-26 07:54 - 2014-08-05 03:04 - 00000000 ____D C:\Users\user1\AppData\Local\Microsoft Help 2016-06-26 07:54 - 2010-11-20 17:47 - 00000000 ____D C:\Users\user1\AppData\Roaming\Media Center Programs 2016-06-25 06:24 - 2016-07-07 16:01 - 00000000 ____D C:\Windows\PreInstall 2016-06-25 06:24 - 2016-06-25 06:24 - 00000000 ____D C:\Windows\bin 2016-06-25 06:22 - 2016-06-25 06:22 - 00000000 ____D C:\Windows\msapss 2016-06-25 06:20 - 2016-06-25 06:20 - 00000000 ____D C:\Users\GhostUser\AppData\Roaming\Mythicsoft 2016-06-24 18:09 - 2016-06-24 18:09 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mythicsoft 2016-06-24 14:39 - 2016-06-24 14:39 - 00000000 ____D C:\Users\Assistant2\AppData\Roaming\Mythicsoft 2016-06-24 14:39 - 2016-06-24 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileLocator Lite 2016-06-24 14:39 - 2016-06-24 14:39 - 00000000 ____D C:\Program Files\Mythicsoft 2016-06-24 14:38 - 2016-06-24 14:38 - 14325936 _____ (Mythicsoft Ltd) C:\Users\Assistant2\Downloads\FileLocatorLite_828.exe 2016-06-24 14:08 - 2016-06-24 14:08 - 00000000 ____D C:\Users\Assistant2\AppData\Roaming\RUT_settings 2016-06-24 14:07 - 2016-06-24 14:07 - 03720232 _____ (Usoris LLC) C:\Users\Assistant2\Downloads\agent.exe 2016-06-24 14:00 - 2016-06-24 14:00 - 00116280 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-24 14:00 - 2016-06-24 14:00 - 00000020 ___SH C:\Users\Admin\ntuser.ini 2016-06-24 13:55 - 2016-06-24 13:55 - 00029380 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (4).csv 2016-06-24 12:25 - 2016-06-24 12:25 - 00085256 _____ C:\Users\Admin\Downloads\250005_1799385313482_2306440_n.jpg.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00062028 _____ C:\Users\Admin\Downloads\10991052_10203943058125890_3581715748894082962_n.jpg.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00026716 _____ C:\Users\Admin\Downloads\13266075_10206786569451896_5424350048535289440_n.jpg.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00024568 _____ C:\Users\Admin\Downloads\13521861_244840055897475_1831112710297003807_n.jpg.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00002560 _____ C:\Users\Admin\Desktop\Safe Money.lnk.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00001678 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00000650 ___SH C:\Users\Admin\Documents\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00000586 ___SH C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00000522 ___SH C:\Users\Public\Documents\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00000522 ___SH C:\Users\Admin\Downloads\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00000522 ___SH C:\Users\Admin\Desktop\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00000410 ___SH C:\Users\Public\Downloads\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00000410 ___SH C:\Users\Public\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00000410 ___SH C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00000264 ___SH C:\Users\Admin\ntuser.ini.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00000114 _____ C:\Users\Admin\Desktop\How to decrypt your files.txt 2016-06-24 12:24 - 2016-06-24 12:24 - 00910108 ____H C:\Users\Admin\AppData\Local\IconCache.db.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:23 - 2016-06-24 12:23 - 00116538 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-22 16:32 - 2016-06-22 16:32 - 00029371 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (3).csv 2016-06-22 12:00 - 2016-06-22 12:00 - 00044200 _____ C:\Users\Assistant2\Downloads\Objection_to_Video_Hearing_Doc__Dt____Unknown.tif 2016-06-21 08:03 - 2016-06-21 08:03 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Macromedia 2016-06-21 05:25 - 2016-06-21 05:25 - 00000000 ___HD C:\Users\GhostUser\AppData\Roaming\Sun 2016-06-21 05:25 - 2016-06-21 05:25 - 00000000 ___HD C:\Users\GhostUser\AppData\LocalLow\Sun 2016-06-21 05:25 - 2016-06-21 05:25 - 00000000 ___HD C:\Users\GhostUser\.oracle_jre_usage 2016-06-21 05:21 - 2016-06-21 05:21 - 00116280 ____H C:\Users\GhostUser\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-21 05:20 - 2016-06-25 18:53 - 00000000 ___HD C:\Users\GhostUser\AppData\Local\Google 2016-06-21 05:20 - 2016-06-21 05:31 - 00000000 ___HD C:\Users\GhostUser\AppData\Roaming\Samsung 2016-06-21 05:20 - 2016-06-21 05:21 - 00000000 ___HD C:\Users\GhostUser\AppData\Local\Intuit 2016-06-21 05:20 - 2016-06-21 05:20 - 00002319 ____H C:\Users\GhostUser\Desktop\Safe Money.lnk 2016-06-21 05:20 - 2016-06-21 05:20 - 00001419 ____H C:\Users\GhostUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-06-21 05:20 - 2016-06-21 05:20 - 00000000 ___HD C:\Users\GhostUser\AppData\Roaming\Adobe 2016-06-21 05:20 - 2016-06-21 05:20 - 00000000 ___HD C:\Users\GhostUser\AppData\Local\Adobe 2016-06-21 05:19 - 2016-06-21 05:25 - 00000000 ___HD C:\Users\GhostUser 2016-06-21 05:19 - 2016-06-21 05:19 - 00000020 ___SH C:\Users\GhostUser\ntuser.ini 2016-06-21 05:19 - 2016-06-21 05:19 - 00000000 _SHDL C:\Users\GhostUser\My Documents 2016-06-21 05:19 - 2016-06-21 05:19 - 00000000 _SHDL C:\Users\GhostUser\Documents\My Videos 2016-06-21 05:19 - 2016-06-21 05:19 - 00000000 _SHDL C:\Users\GhostUser\Documents\My Pictures 2016-06-21 05:19 - 2016-06-21 05:19 - 00000000 _SHDL C:\Users\GhostUser\Documents\My Music 2016-06-21 05:19 - 2016-06-21 05:19 - 00000000 ___HD C:\Users\GhostUser\AppData\Local\VirtualStore 2016-06-21 05:19 - 2014-11-11 08:03 - 00000000 ___HD C:\Users\GhostUser\AppData\Roaming\TuneUp Software 2016-06-21 05:19 - 2014-08-05 03:04 - 00000000 ___HD C:\Users\GhostUser\AppData\Local\Microsoft Help 2016-06-21 05:19 - 2010-11-20 17:47 - 00000000 ___HD C:\Users\GhostUser\AppData\Roaming\Media Center Programs 2016-06-15 02:38 - 2016-06-06 08:26 - 00037096 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-06-15 02:38 - 2016-06-06 08:23 - 01001472 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-06-15 02:38 - 2016-06-03 06:04 - 01225216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-06-15 02:38 - 2016-05-27 06:05 - 00466944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-06-15 02:38 - 2016-05-27 06:05 - 00461824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-06-15 02:38 - 2016-05-27 06:05 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-06-15 02:38 - 2016-05-27 06:05 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2016-06-15 02:38 - 2016-05-23 15:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-06-15 02:38 - 2016-05-22 06:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-06-15 02:38 - 2016-05-21 09:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-06-15 02:38 - 2016-05-20 15:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-06-15 02:38 - 2016-05-20 15:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-06-15 02:38 - 2016-05-20 14:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-06-15 02:38 - 2016-05-20 14:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-06-15 02:38 - 2016-05-20 14:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-06-15 02:38 - 2016-05-20 14:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-06-15 02:38 - 2016-05-20 14:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-06-15 02:38 - 2016-05-20 14:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-06-15 02:38 - 2016-05-20 14:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-06-15 02:38 - 2016-05-20 14:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-06-15 02:38 - 2016-05-20 14:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-06-15 02:38 - 2016-05-20 14:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-06-15 02:38 - 2016-05-20 14:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-06-15 02:38 - 2016-05-20 14:44 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-06-15 02:38 - 2016-05-20 14:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-06-15 02:38 - 2016-05-20 14:36 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-06-15 02:38 - 2016-05-20 14:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-06-15 02:38 - 2016-05-20 14:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-06-15 02:38 - 2016-05-20 14:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-06-15 02:38 - 2016-05-20 14:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-06-15 02:38 - 2016-05-20 14:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-06-15 02:38 - 2016-05-20 14:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-06-15 02:38 - 2016-05-20 14:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-06-15 02:38 - 2016-05-20 14:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-06-15 02:38 - 2016-05-20 14:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-06-15 02:38 - 2016-05-20 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-06-15 02:38 - 2016-05-20 14:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-06-15 02:38 - 2016-05-20 14:09 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-06-15 02:38 - 2016-05-20 14:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-06-15 02:38 - 2016-05-20 14:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-06-15 02:38 - 2016-05-20 13:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-06-15 02:38 - 2016-05-20 13:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-06-15 02:38 - 2016-05-20 13:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-06-15 02:38 - 2016-05-18 09:10 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-06-15 02:38 - 2016-05-13 14:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-06-15 02:38 - 2016-05-13 14:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2016-06-15 02:38 - 2016-05-13 14:49 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2016-06-15 02:38 - 2016-05-13 14:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2016-06-15 02:38 - 2016-05-13 14:27 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-06-15 02:38 - 2016-05-12 08:22 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-06-15 02:38 - 2016-05-12 08:22 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-06-15 02:38 - 2016-05-12 08:18 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL 2016-06-15 02:38 - 2016-05-12 08:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-06-15 02:38 - 2016-05-12 07:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll 2016-06-15 02:38 - 2016-05-12 07:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe 2016-06-15 02:38 - 2016-05-12 07:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-06-15 02:38 - 2016-05-12 07:54 - 02397696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-06-15 02:38 - 2016-05-12 07:52 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2016-06-15 02:38 - 2016-05-12 07:52 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2016-06-15 02:38 - 2016-05-12 07:52 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-06-15 02:38 - 2016-05-12 07:52 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-06-15 02:38 - 2016-05-12 07:52 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2016-06-15 02:38 - 2016-05-12 07:52 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-06-15 02:38 - 2016-05-12 07:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-06-15 02:38 - 2016-05-12 07:51 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-06-15 02:38 - 2016-05-12 07:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-06-15 02:38 - 2016-05-12 06:04 - 00370784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2016-06-15 02:38 - 2016-05-12 06:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2016-06-15 02:38 - 2016-05-11 08:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll 2016-06-15 02:38 - 2016-05-11 08:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll 2016-06-15 02:38 - 2016-05-11 08:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2016-06-15 02:38 - 2016-05-11 08:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll 2016-06-15 02:38 - 2016-05-11 08:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe 2016-06-15 02:38 - 2016-05-11 07:52 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys 2016-06-15 02:38 - 2016-04-14 08:38 - 00105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2016-06-15 02:38 - 2016-04-14 08:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2016-06-15 02:38 - 2016-04-14 08:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-06-15 02:38 - 2016-04-14 08:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2016-06-15 02:38 - 2016-04-14 08:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2016-06-15 02:38 - 2016-04-14 08:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2016-06-15 02:38 - 2016-04-14 08:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2016-06-15 02:38 - 2016-04-08 23:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2016-06-15 02:38 - 2016-04-08 23:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2016-06-15 02:38 - 2016-04-08 22:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2016-06-15 02:38 - 2016-03-09 11:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-12 11:19 - 2015-05-26 16:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2016-07-12 11:19 - 2014-11-12 15:29 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-07-12 11:19 - 2014-08-13 08:07 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-12 11:19 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-07-12 11:18 - 2009-07-13 21:34 - 00030896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-07-12 11:18 - 2009-07-13 21:34 - 00030896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-12 11:05 - 2010-11-20 14:01 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI 2016-07-12 11:05 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\inf 2016-07-12 10:19 - 2014-08-13 08:07 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-11 09:03 - 2014-10-21 08:34 - 00000000 ____D C:\PREVAIL_CLIENT 2016-07-06 13:50 - 2015-05-14 13:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers 2016-07-06 13:50 - 2015-05-14 13:10 - 00000000 ____D C:\Program Files\Samsung 2016-07-06 13:50 - 2015-05-14 13:04 - 00000000 ____D C:\ProgramData\Samsung 2016-07-02 09:10 - 2014-08-04 15:39 - 00000091 _____ C:\Windows\QBChanUtil_Trigger.ini 2016-06-28 09:12 - 2014-11-12 15:28 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2016-06-27 15:25 - 2014-10-30 16:10 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe 2016-06-27 15:22 - 2014-08-04 14:59 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Standard.lnk 2016-06-27 15:22 - 2014-08-04 14:59 - 00002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk 2016-06-27 15:22 - 2014-08-04 14:59 - 00002015 _____ C:\Users\Public\Desktop\Adobe Acrobat 9 Standard.lnk 2016-06-27 15:15 - 2014-11-12 15:28 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-06-27 15:15 - 2014-11-12 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-06-27 15:13 - 2016-04-04 12:42 - 00000000 ____D C:\Users\Admin\AppData\Local\GWX 2016-06-27 10:06 - 2014-08-04 15:01 - 00000000 ____D C:\ProgramData\FLEXnet 2016-06-27 09:47 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\tracing 2016-06-24 18:20 - 2014-12-02 14:43 - 00000000 ____D C:\Users\Assistant2\AppData\LocalLow\Temp 2016-06-24 18:18 - 2016-04-04 13:08 - 00000000 ____D C:\Temp 2016-06-24 16:29 - 2012-03-02 08:27 - 00000000 ____D C:\Windows\Panther 2016-06-24 14:00 - 2014-08-04 11:54 - 00000000 ____D C:\Users\Admin 2016-06-24 13:57 - 2014-07-21 07:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-06-24 13:57 - 2014-07-21 06:59 - 00000000 ____D C:\ProgramData\NVIDIA 2016-06-24 13:49 - 2009-07-13 19:37 - 00000000 __RHD C:\Users\Public\Libraries 2016-06-24 12:25 - 2015-07-15 12:30 - 00000000 ____D C:\Users\Public\Documents\scans 2016-06-24 12:25 - 2010-11-20 17:47 - 00000000 ___RD C:\Users\Public\Recorded TV 2016-06-24 12:24 - 2016-04-04 13:25 - 00000000 ____D C:\Users\Admin\AppData\Local\minergate-cli 2016-06-24 12:23 - 2015-06-24 16:42 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-06-24 12:23 - 2015-06-02 09:30 - 00000000 ____D C:\Users\Admin\AppData\Local\Avg 2016-06-24 12:23 - 2014-10-20 17:22 - 00000000 ____D C:\ProgramData\AVG Security Toolbar 2016-06-24 12:23 - 2014-10-20 12:02 - 00000000 ____D C:\ProgramData\MFAData 2016-06-24 12:23 - 2014-08-04 15:39 - 00000000 ____D C:\ProgramData\SQL Anywhere 11 2016-06-24 12:23 - 2014-08-04 11:54 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore 2016-06-24 03:01 - 2014-07-21 07:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-06-21 12:13 - 2014-08-04 14:41 - 00400552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-06-21 05:17 - 2014-10-30 16:10 - 00000000 ____D C:\Users\Admin\AppData\Local\Google 2016-06-19 01:00 - 2015-12-07 12:19 - 00000000 ____D C:\Users\Assistant2\AppData\Local\ElevatedDiagnostics 2016-06-17 14:21 - 2014-08-13 08:07 - 00002147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-17 14:21 - 2014-08-13 08:07 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-06-15 03:58 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\rescache 2016-06-15 03:33 - 2009-07-13 21:33 - 00449912 _____ C:\Windows\system32\FNTCACHE.DAT 2016-06-15 03:31 - 2014-12-10 03:23 - 00000000 ____D C:\Windows\system32\appraiser 2016-06-15 03:14 - 2015-06-24 16:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2016-06-15 03:12 - 2014-08-05 09:04 - 00000000 ____D C:\Windows\system32\MRT 2016-06-15 03:01 - 2014-08-05 09:04 - 139785240 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-06-14 03:48 - 2016-02-29 09:27 - 00785328 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2016-06-14 03:48 - 2015-06-11 19:32 - 00044120 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys 2016-06-14 03:41 - 2015-07-04 02:18 - 00053168 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2016-06-14 03:07 - 2009-07-13 19:04 - 00000478 _____ C:\Windows\win.ini ==================== Files in the root of some directories ======= 2016-06-24 12:25 - 2016-06-24 12:25 - 0002552 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\04-04-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0000440 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\04-10-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0000440 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\04-16-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0001544 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\04-18-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0000440 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\04-22-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0000488 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\05-06-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0000440 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\05-09-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0000584 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\05-15-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0000504 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\05-17-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0001032 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\05-31-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0000616 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-05-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0000440 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-15-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0017144 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-21-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0001160 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-22-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0002232 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-23-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 13:55 - 2016-06-24 14:00 - 0000000 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-24-2016 2016-06-24 12:25 - 2016-06-24 12:25 - 0014232 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-24-2016.id-9A91A1D6.Vegclass@aol.com.xtbl ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-07-11 06:56 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-07-2016 01 Ran by Admin (2016-07-12 11:20:54) Running from C:\Users\Admin\Desktop Microsoft Windows 7 Professional Service Pack 1 (X86) (2014-08-04 18:54:45) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Admin (S-1-5-21-491372964-234954144-3230604657-1002 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-491372964-234954144-3230604657-500 - Administrator - Disabled) Assistant2 (S-1-5-21-491372964-234954144-3230604657-1003 - Limited - Enabled) => C:\Users\Assistant2 GhostUser (S-1-5-21-491372964-234954144-3230604657-1006 - Administrator - Enabled) => C:\Users\GhostUser Guest (S-1-5-21-491372964-234954144-3230604657-501 - Limited - Disabled) system32 (S-1-5-21-491372964-234954144-3230604657-1005 - Administrator - Enabled) => C:\Users\system32 User (S-1-5-21-491372964-234954144-3230604657-1004 - Administrator - Enabled) => C:\Users\User user1 (S-1-5-21-491372964-234954144-3230604657-1007 - Administrator - Enabled) => C:\Users\user1 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adblock Plus for IE (32-bit) (HKLM\...\{A243D0E2-D027-4340-AA12-6B13B2A96AC0}) (Version: 1.4 - Eyeo GmbH) Adobe Acrobat 9 Standard (HKLM\...\{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}) (Version: 9.0.0 - Adobe Systems) Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Common Desktop Agent (Version: 1.62.0 - OEM) Hidden D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version: - SEIKO EPSON Corporation) Fax Upload (HKLM\...\Fax Upload) (Version: - ) FileLocator Lite (HKLM\...\{16B89C6C-17B6-47ED-9E56-4557B339C580}) (Version: 7.0.828.1 - Mythicsoft Ltd) Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden Java 8 Update 77 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kaspersky Total Security (HKLM\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab) Kaspersky Total Security (Version: 16.0.0.614 - Kaspersky Lab) Hidden Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Standard 2013 (HKLM\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5981 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.13065 - NVIDIA Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden QuickBooks (Version: 24.0.4003.2403 - Intuit Inc.) Hidden QuickBooks Pro 2014 (HKLM\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4003.2403 - Intuit Inc.) Samsung Easy Document Creator (HKLM\...\Samsung Easy Document Creator) (Version: 1.06.46 (10/30/2014) - Samsung Electronics Co., Ltd.) Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.06.00.04(1/29/2016) - Samsung Electronics Co., Ltd.) Samsung M288x Series (HKLM\...\Samsung M288x Series) (Version: 1.14 (7/16/2015) - Samsung Electronics Co., Ltd.) Samsung Network PC Fax (HKLM\...\Samsung Network PC Fax) (Version: 1.11.14 (11/4/2014) - Samsung Electronics Co., Ltd.) Samsung Printer Diagnostics (HKLM\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Samsung Scan Process Machine (Version: 1.03.05.18 - Samsung Electronics Co., Ltd.) Hidden SNS Upload for Easy Document Creator (HKLM\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd) View User's Guide (HKLM\...\View User Guide) (Version: 3.60.45.0 - ) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version: - Yahoo Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{3CDEA288-D759-4C3B-B07F-7AFBCC842D98}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{DA654E0C-E75D-4507-8AC2-71698C5B5C93}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {31721CD7-A98B-4ACF-BC31-634BDE42D995} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {4DDF8DC1-6EE4-4263-96F6-6D0485A7373B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {4E025D0F-4D90-41D0-A720-7C308D8D67B5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {72FAA2D1-648F-4190-989A-B556979A87FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {A0BADACD-3EAC-452B-90AE-A76A4E0FA158} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-05-14 13:11 - 2015-06-26 08:21 - 00018432 _____ () C:\Windows\System32\ssa7mlm.dll 2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll 2015-05-14 13:03 - 2013-02-22 13:30 - 00307200 _____ () C:\Windows\system32\SaMinDrv.dll 2015-06-25 00:45 - 2015-06-25 00:45 - 00094208 ____N () C:\Windows\system32\ssdevm.dll 2016-07-07 16:04 - 2016-07-07 16:03 - 00990720 _____ () C:\Windows\msapss\bin\msapp.exe 2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-491372964-234954144-3230604657-1002\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: CDAServer => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{0878F646-9ADD-4307-9C02-308FB5B036FA}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe FirewallRules: [{F2A46496-33D1-4906-8804-0FE0C770680D}] => (Allow) LPort=2869 FirewallRules: [{FF3AA63C-06E8-4D14-A344-6446AF16D0D7}] => (Allow) LPort=1900 FirewallRules: [{56812BDE-50F1-4DF7-85C5-E8B999964D69}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{30E5470D-A414-4F80-877B-4680A71E5265}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{149A5C47-0D79-40B0-B5DF-74CC629C405B}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe FirewallRules: [{1F87D08A-EF6B-422E-87AE-4992C9B58B56}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe FirewallRules: [{1C19A6E2-4D32-4806-9731-48A3C3031811}] => (Allow) C:\Windows\twain_32\Samsung\SLM288x\ScanCDLM\ScanCDLM.exe FirewallRules: [{E552974E-6EEC-4DF9-BC7D-4340FDAD074A}] => (Allow) C:\Windows\twain_32\Samsung\SLM288x\ScanCDLM\ScanCDLM.exe FirewallRules: [TCP Query User{DBBE19B2-5BC8-41D3-A91B-4C3921A51038}C:\program files\common files\common desktop agent\cdasrv.exe] => (Allow) C:\program files\common files\common desktop agent\cdasrv.exe FirewallRules: [UDP Query User{F51E5224-A6F4-4E3B-8C1B-7D4667151111}C:\program files\common files\common desktop agent\cdasrv.exe] => (Allow) C:\program files\common files\common desktop agent\cdasrv.exe FirewallRules: [{F8C0240D-15AC-4F26-AC52-1AF5730399A9}] => (Allow) C:\Program Files\Samsung\Easy Document Creator\EDC.exe FirewallRules: [{D4A09F55-62B5-4154-8292-DC6DD1AEFE8E}] => (Allow) C:\Program Files\Samsung\Easy Document Creator\EDC.exe FirewallRules: [TCP Query User{AE704F67-032D-4497-9CF7-6A8B7E547EAE}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe FirewallRules: [UDP Query User{A91052F3-1507-4B2C-9FA5-ADF528958AE0}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe FirewallRules: [{9CE8B091-A0C4-4C82-9ECA-55B4AE1EE5E6}] => (Allow) LPort=3389 FirewallRules: [{B8772483-6577-4788-8216-A94BA070AA63}] => (Allow) LPort=3395 FirewallRules: [{CA51C6BB-E6BA-4838-B083-50E7AE31628A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{0E529920-1CB7-446F-B97E-1F861238D39D}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{15C65C6C-B7B9-444E-A1FC-0C5275BE3649}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{E5244CF3-0F1F-42EB-9B14-55BE2C77FEBB}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{2D4C3AF7-5685-4EF2-9A87-E9374938F7BA}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe FirewallRules: [{EEF18449-820D-4BFB-A8F0-9951B34F5ACF}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [{3542A30C-65F6-4890-B64C-A5C38895C6F5}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe FirewallRules: [{273D3A12-9AD1-4BA1-8176-B2C156F1E61B}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/12/2016 11:21:07 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2016 11:19:52 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/12/2016 11:19:52 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/12/2016 11:17:33 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/12/2016 11:17:33 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/12/2016 11:15:13 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST.exe version 10.7.2016.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 24e0 Start Time: 01d1dc68ba4dae1a Termination Time: 229 Application Path: C:\Users\Admin\Desktop\FRST.exe Report Id: Error: (07/12/2016 11:07:04 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/12/2016 11:07:04 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/11/2016 11:18:48 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/11/2016 11:18:48 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (07/12/2016 11:18:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (07/12/2016 11:18:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (07/12/2016 11:18:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (07/12/2016 11:18:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (07/12/2016 11:18:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The WinMedia Service service terminated unexpectedly. It has done this 1 time(s). Error: (07/12/2016 11:18:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Samsung Network Fax Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (07/12/2016 11:18:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The QBIDPService service terminated unexpectedly. It has done this 1 time(s). Error: (07/12/2016 11:18:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s). Error: (07/12/2016 11:18:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (07/12/2016 11:18:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Malwarebytes Anti-Exploit Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2016-07-11 21:49:55.108 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-11 21:49:55.057 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-07-11 21:23:25.163 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-11 21:23:25.114 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-07-11 21:18:11.751 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-11 21:18:11.697 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-07-11 21:09:15.840 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-11 21:09:15.796 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-07-07 16:13:18.968 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-07 16:13:18.899 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz Percentage of memory in use: 40% Total physical RAM: 3005.59 MB Available physical RAM: 1802.98 MB Total Virtual: 9003.91 MB Available Virtual: 7702.1 MB ==================== Drives ================================ Drive c: (OSDisk) (Fixed) (Total:219.15 GB) (Free:165.01 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (Recovery) (Fixed) (Total:13.68 GB) (Free:13.31 GB) NTFS Drive f: (Transcend) (Removable) (Total:58.9 GB) (Free:41.48 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: BC9D6F56) Partition 1: (Active) - (Size=219.1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 58.9 GB) (Disk ID: 6E697373) No partition Table on disk 1. ==================== End of Addition.txt ============================
  5. I know the instructions say not to bump a topic, be patient, but I posted the logs that were requested on 6/30. It's now 7/11. Can someone please respond to this request?
  6. Naathim, I will get admin logs and post them, but if that's what's needed then the instructions for getting the logs should say so. I don't see anything in the page I was directed to with instructions on getting the logs that says to run as admin. Of course the standard log in is not admin, and I don't run anything as admin unless there's a reason to, so naturally I didn't run these log apps that way. Or if the log apps need to be run as admin, why not create them so they request that permission when they run? I'll have new logs posted here shortly. Also note that it got infected when logged on as the normal user. Admin does not have access to that user (if you log on as Admin and click on the other user's folder it says you don't have permission. It would take permission if I let it but I try to keep user permissions separated.) Here are the logs run as Admin: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-06-2016 Ran by Admin (administrator) on PC-CHRISTINA (30-06-2016 12:13:52) Running from C:\Users\Admin\Downloads Loaded Profiles: Admin (Available Profiles: Admin & Assistant2 & User & system32 & GhostUser & user1) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\LogonUI.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\System32\rdpclip.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe (ImageMAKER Development Inc.) C:\Program Files\Common Files\ImageMAKER\VSTDAEMON.EXE (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.) HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-08-26] () HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated) HKLM\...\Run: [] => [X] HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.) HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2829624 2013-10-10] (Intuit Inc. All rights reserved.) HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [351968 2014-09-08] () HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation) HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation) HKU\S-1-5-21-491372964-234954144-3230604657-1002\...\Run: [akvplabe] => C:\Users\Admin\AppData\Roaming\setap21.exe IFEO\sethc.exe: [Debugger] C:\Windows\PreInstall\uddisrw.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-08-04] ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-08-04] ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-08-04] ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2015-05-14] ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe (Samsung Electronics Co., Ltd.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vista Fax Daemon.lnk [2014-08-07] ShortcutTarget: Vista Fax Daemon.lnk -> C:\Program Files\Common Files\ImageMAKER\Vstdaemon.exe (ImageMAKER Development Inc.) Startup: C:\Users\Assistant2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PHONEslips.lnk [2015-07-14] ShortcutTarget: PHONEslips.lnk -> \\JEP-SERVER\Data\PSLIPS\PSWIN32.EXE (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{D040FB1E-17F4-4B45-93D4-1BAFCFB1D776}: [NameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-491372964-234954144-3230604657-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP HKU\S-1-5-21-491372964-234954144-3230604657-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-23] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-02-29] (AO Kaspersky Lab) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-23] (Oracle Corporation) BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-02-29] (AO Kaspersky Lab) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2013-10-10] (Intuit, Inc.) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation) Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-23] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-23] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF HKLM\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox FF Extension: Kaspersky Protection - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-06-14] Chrome: ======= CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-24] CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka CHR HKLM\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP16.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2016-02-29] (Kaspersky Lab ZAO) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-08-04] (Macrovision Europe Ltd.) [File not signed] R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-10-10] (Intuit) [File not signed] S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed] R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-10-10] (Intuit Inc.) [File not signed] R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [458944 2014-11-04] (Samsung Electronics Co., Ltd.) R3 TermService; C:\Program Files\RDP Wrapper\rdpwrap.dll [77312 2016-04-04] (Stas'M Corp.) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation) S2 WinMediaService; C:\Windows\msapss\bin\msapp.exe [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AX88179; C:\Windows\System32\DRIVERS\ax88179_178a.sys [54784 2013-12-05] (ASIX Electronics Corp.) S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [69632 2013-12-03] (ASIX Electronics Corp.) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO) R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [50016 2016-06-02] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [153784 2015-06-22] (Kaspersky Lab ZAO) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [58224 2015-06-27] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [66976 2016-02-29] (AO Kaspersky Lab) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [147328 2016-02-29] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [53168 2016-06-14] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [785328 2016-06-14] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [44120 2016-06-14] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [37048 2015-06-06] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [39304 2016-02-29] (AO Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [87736 2015-06-16] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [156856 2015-06-23] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-06-30] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation) R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2014-05-07] (Samsung Electronics) [File not signed] S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2011-03-24] (Microsoft Corporation) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-30 12:13 - 2016-06-30 12:14 - 00015770 _____ C:\Users\Admin\Downloads\FRST.txt 2016-06-30 12:13 - 2016-06-30 12:13 - 01740288 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe 2016-06-29 19:06 - 2016-06-29 19:06 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\72226758.sys 2016-06-29 10:59 - 2016-06-29 10:59 - 00101360 _____ C:\Users\Assistant2\Desktop\W. Rodgers.pdf 2016-06-29 08:32 - 2016-06-29 08:32 - 06069872 _____ (TeamViewer) C:\Users\Assistant2\Downloads\assist (1).exe 2016-06-28 12:39 - 2016-06-28 12:39 - 00025390 _____ C:\Users\Assistant2\Downloads\Addition.txt 2016-06-28 12:38 - 2016-06-30 12:13 - 00000000 ____D C:\FRST 2016-06-28 12:38 - 2016-06-28 12:39 - 00045388 _____ C:\Users\Assistant2\Downloads\FRST.txt 2016-06-28 12:38 - 2016-06-28 12:38 - 01740288 _____ (Farbar) C:\Users\Assistant2\Downloads\FRST.exe 2016-06-28 09:13 - 2016-06-28 09:13 - 00183200 _____ C:\Windows\Minidump\062816-18236-01.dmp 2016-06-28 09:13 - 2016-06-28 09:13 - 00000000 ____D C:\Windows\Minidump 2016-06-28 09:12 - 2016-06-28 09:12 - 387574161 _____ C:\Windows\MEMORY.DMP 2016-06-27 15:22 - 2008-04-07 05:38 - 00045392 ____R (Adobe Systems Inc) C:\Windows\system32\AdobePDF.dll 2016-06-27 15:22 - 2008-04-07 05:38 - 00022872 ____R (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll 2016-06-27 15:14 - 2016-06-27 15:14 - 22851472 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mbam-setup-2.2.1.1043.exe 2016-06-27 14:27 - 2016-06-29 18:28 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2016-06-27 14:27 - 2016-06-27 14:27 - 01858888 _____ (Malwarebytes ) C:\Users\Assistant2\Downloads\mbae-setup-1.08.1.2563.exe 2016-06-27 14:27 - 2016-06-27 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2016-06-27 14:27 - 2016-06-27 14:27 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit 2016-06-27 13:46 - 2016-06-27 13:46 - 22851472 _____ (Malwarebytes ) C:\Users\Assistant2\Downloads\mbam-setup-2.2.1.1043.exe 2016-06-27 09:30 - 2016-06-27 09:30 - 06069872 _____ (TeamViewer) C:\Users\Assistant2\Downloads\assist.exe 2016-06-26 16:14 - 2016-06-26 16:14 - 00000000 ____D C:\Users\user1\AppData\Roaming\Sun 2016-06-26 16:14 - 2016-06-26 16:14 - 00000000 ____D C:\Users\user1\AppData\LocalLow\Sun 2016-06-26 16:14 - 2016-06-26 16:14 - 00000000 ____D C:\Users\user1\.oracle_jre_usage 2016-06-26 08:01 - 2016-06-26 08:02 - 00000000 ____D C:\Users\user1\AppData\Local\WEB2Print 2016-06-26 07:57 - 2016-06-26 07:59 - 00000000 ____D C:\Users\user1\Desktop\NiceHashMiner_v1.6.0.0 2016-06-26 07:56 - 2016-06-26 07:56 - 127786015 _____ C:\Users\user1\Downloads\NiceHashMiner_v1.6.0.0.zip 2016-06-26 07:55 - 2016-06-26 08:04 - 00000000 ____D C:\Users\user1\AppData\Roaming\Samsung 2016-06-26 07:55 - 2016-06-26 07:55 - 00116280 _____ C:\Users\user1\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-26 07:55 - 2016-06-26 07:55 - 00002319 _____ C:\Users\user1\Desktop\Safe Money.lnk 2016-06-26 07:55 - 2016-06-26 07:55 - 00000000 ____D C:\Users\user1\AppData\Local\Intuit 2016-06-26 07:55 - 2016-06-26 07:55 - 00000000 ____D C:\Users\user1\AppData\Local\Adobe 2016-06-26 07:54 - 2016-06-26 16:14 - 00000000 ____D C:\Users\user1 2016-06-26 07:54 - 2016-06-26 07:55 - 00000000 ____D C:\Users\user1\AppData\Roaming\Adobe 2016-06-26 07:54 - 2016-06-26 07:54 - 00001419 _____ C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-06-26 07:54 - 2016-06-26 07:54 - 00000020 ___SH C:\Users\user1\ntuser.ini 2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 _SHDL C:\Users\user1\My Documents 2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 _SHDL C:\Users\user1\Documents\My Videos 2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 _SHDL C:\Users\user1\Documents\My Pictures 2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 _SHDL C:\Users\user1\Documents\My Music 2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 ____D C:\Users\user1\AppData\Local\VirtualStore 2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 ____D C:\Users\user1\AppData\Local\Google 2016-06-26 07:54 - 2014-11-11 08:03 - 00000000 ____D C:\Users\user1\AppData\Roaming\TuneUp Software 2016-06-26 07:54 - 2014-08-05 03:04 - 00000000 ____D C:\Users\user1\AppData\Local\Microsoft Help 2016-06-26 07:54 - 2010-11-20 17:47 - 00000000 ____D C:\Users\user1\AppData\Roaming\Media Center Programs 2016-06-25 06:24 - 2016-06-25 06:24 - 00000000 ____D C:\Windows\PreInstall 2016-06-25 06:24 - 2016-06-25 06:24 - 00000000 ____D C:\Windows\bin 2016-06-25 06:22 - 2016-06-25 06:22 - 00000000 ____D C:\Windows\msapss 2016-06-25 06:20 - 2016-06-25 06:20 - 00000000 ____D C:\Users\GhostUser\AppData\Roaming\Mythicsoft 2016-06-24 18:09 - 2016-06-24 18:09 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mythicsoft 2016-06-24 14:39 - 2016-06-24 14:39 - 00000000 ____D C:\Users\Assistant2\AppData\Roaming\Mythicsoft 2016-06-24 14:39 - 2016-06-24 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileLocator Lite 2016-06-24 14:39 - 2016-06-24 14:39 - 00000000 ____D C:\Program Files\Mythicsoft 2016-06-24 14:38 - 2016-06-24 14:38 - 14325936 _____ (Mythicsoft Ltd) C:\Users\Assistant2\Downloads\FileLocatorLite_828.exe 2016-06-24 14:08 - 2016-06-24 14:08 - 00000000 ____D C:\Users\Assistant2\AppData\Roaming\RUT_settings 2016-06-24 14:07 - 2016-06-24 14:07 - 03720232 _____ (Usoris LLC) C:\Users\Assistant2\Downloads\agent.exe 2016-06-24 14:00 - 2016-06-24 14:00 - 00116280 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-24 14:00 - 2016-06-24 14:00 - 00000020 ___SH C:\Users\Admin\ntuser.ini 2016-06-24 13:55 - 2016-06-24 13:55 - 00029380 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (4).csv 2016-06-24 12:25 - 2016-06-24 12:25 - 00085256 _____ C:\Users\Admin\Downloads\250005_1799385313482_2306440_n.jpg.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00062028 _____ C:\Users\Admin\Downloads\10991052_10203943058125890_3581715748894082962_n.jpg.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00026716 _____ C:\Users\Admin\Downloads\13266075_10206786569451896_5424350048535289440_n.jpg.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00024568 _____ C:\Users\Admin\Downloads\13521861_244840055897475_1831112710297003807_n.jpg.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00002560 _____ C:\Users\Admin\Desktop\Safe Money.lnk.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00001678 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00000650 ___SH C:\Users\Admin\Documents\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00000586 ___SH C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00000522 ___SH C:\Users\Public\Documents\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00000522 ___SH C:\Users\Admin\Downloads\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00000522 ___SH C:\Users\Admin\Desktop\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00000410 ___SH C:\Users\Public\Downloads\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00000410 ___SH C:\Users\Public\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00000410 ___SH C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00000264 ___SH C:\Users\Admin\ntuser.ini.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00000114 _____ C:\Users\Admin\Desktop\How to decrypt your files.txt 2016-06-24 12:24 - 2016-06-24 12:24 - 00910108 ____H C:\Users\Admin\AppData\Local\IconCache.db.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:23 - 2016-06-24 12:23 - 00116538 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-22 16:32 - 2016-06-22 16:32 - 00029371 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (3).csv 2016-06-22 12:00 - 2016-06-22 12:00 - 00044200 _____ C:\Users\Assistant2\Downloads\Objection_to_Video_Hearing_Doc__Dt____Unknown.tif 2016-06-21 08:03 - 2016-06-21 08:03 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Macromedia 2016-06-21 05:25 - 2016-06-21 05:25 - 00000000 ___HD C:\Users\GhostUser\AppData\Roaming\Sun 2016-06-21 05:25 - 2016-06-21 05:25 - 00000000 ___HD C:\Users\GhostUser\AppData\LocalLow\Sun 2016-06-21 05:25 - 2016-06-21 05:25 - 00000000 ___HD C:\Users\GhostUser\.oracle_jre_usage 2016-06-21 05:21 - 2016-06-21 05:21 - 00116280 ____H C:\Users\GhostUser\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-21 05:20 - 2016-06-25 18:53 - 00000000 ___HD C:\Users\GhostUser\AppData\Local\Google 2016-06-21 05:20 - 2016-06-21 05:31 - 00000000 ___HD C:\Users\GhostUser\AppData\Roaming\Samsung 2016-06-21 05:20 - 2016-06-21 05:21 - 00000000 ___HD C:\Users\GhostUser\AppData\Local\Intuit 2016-06-21 05:20 - 2016-06-21 05:20 - 00002319 ____H C:\Users\GhostUser\Desktop\Safe Money.lnk 2016-06-21 05:20 - 2016-06-21 05:20 - 00001419 ____H C:\Users\GhostUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-06-21 05:20 - 2016-06-21 05:20 - 00000000 ___HD C:\Users\GhostUser\AppData\Roaming\Adobe 2016-06-21 05:20 - 2016-06-21 05:20 - 00000000 ___HD C:\Users\GhostUser\AppData\Local\Adobe 2016-06-21 05:19 - 2016-06-21 05:25 - 00000000 ___HD C:\Users\GhostUser 2016-06-21 05:19 - 2016-06-21 05:19 - 00000020 ___SH C:\Users\GhostUser\ntuser.ini 2016-06-21 05:19 - 2016-06-21 05:19 - 00000000 _SHDL C:\Users\GhostUser\My Documents 2016-06-21 05:19 - 2016-06-21 05:19 - 00000000 _SHDL C:\Users\GhostUser\Documents\My Videos 2016-06-21 05:19 - 2016-06-21 05:19 - 00000000 _SHDL C:\Users\GhostUser\Documents\My Pictures 2016-06-21 05:19 - 2016-06-21 05:19 - 00000000 _SHDL C:\Users\GhostUser\Documents\My Music 2016-06-21 05:19 - 2016-06-21 05:19 - 00000000 ___HD C:\Users\GhostUser\AppData\Local\VirtualStore 2016-06-21 05:19 - 2014-11-11 08:03 - 00000000 ___HD C:\Users\GhostUser\AppData\Roaming\TuneUp Software 2016-06-21 05:19 - 2014-08-05 03:04 - 00000000 ___HD C:\Users\GhostUser\AppData\Local\Microsoft Help 2016-06-21 05:19 - 2010-11-20 17:47 - 00000000 ___HD C:\Users\GhostUser\AppData\Roaming\Media Center Programs 2016-06-15 02:38 - 2016-06-06 08:26 - 00037096 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-06-15 02:38 - 2016-06-06 08:23 - 01001472 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-06-15 02:38 - 2016-06-03 06:04 - 01225216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-06-15 02:38 - 2016-05-27 06:05 - 00466944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-06-15 02:38 - 2016-05-27 06:05 - 00461824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-06-15 02:38 - 2016-05-27 06:05 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-06-15 02:38 - 2016-05-27 06:05 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2016-06-15 02:38 - 2016-05-23 15:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-06-15 02:38 - 2016-05-22 06:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-06-15 02:38 - 2016-05-21 09:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-06-15 02:38 - 2016-05-20 15:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-06-15 02:38 - 2016-05-20 15:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-06-15 02:38 - 2016-05-20 14:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-06-15 02:38 - 2016-05-20 14:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-06-15 02:38 - 2016-05-20 14:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-06-15 02:38 - 2016-05-20 14:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-06-15 02:38 - 2016-05-20 14:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-06-15 02:38 - 2016-05-20 14:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-06-15 02:38 - 2016-05-20 14:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-06-15 02:38 - 2016-05-20 14:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-06-15 02:38 - 2016-05-20 14:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-06-15 02:38 - 2016-05-20 14:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-06-15 02:38 - 2016-05-20 14:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-06-15 02:38 - 2016-05-20 14:44 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-06-15 02:38 - 2016-05-20 14:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-06-15 02:38 - 2016-05-20 14:36 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-06-15 02:38 - 2016-05-20 14:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-06-15 02:38 - 2016-05-20 14:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-06-15 02:38 - 2016-05-20 14:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-06-15 02:38 - 2016-05-20 14:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-06-15 02:38 - 2016-05-20 14:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-06-15 02:38 - 2016-05-20 14:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-06-15 02:38 - 2016-05-20 14:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-06-15 02:38 - 2016-05-20 14:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-06-15 02:38 - 2016-05-20 14:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-06-15 02:38 - 2016-05-20 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-06-15 02:38 - 2016-05-20 14:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-06-15 02:38 - 2016-05-20 14:09 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-06-15 02:38 - 2016-05-20 14:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-06-15 02:38 - 2016-05-20 14:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-06-15 02:38 - 2016-05-20 13:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-06-15 02:38 - 2016-05-20 13:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-06-15 02:38 - 2016-05-20 13:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-06-15 02:38 - 2016-05-18 09:10 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-06-15 02:38 - 2016-05-13 14:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-06-15 02:38 - 2016-05-13 14:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2016-06-15 02:38 - 2016-05-13 14:49 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2016-06-15 02:38 - 2016-05-13 14:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2016-06-15 02:38 - 2016-05-13 14:27 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-06-15 02:38 - 2016-05-12 08:22 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-06-15 02:38 - 2016-05-12 08:22 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-06-15 02:38 - 2016-05-12 08:18 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL 2016-06-15 02:38 - 2016-05-12 08:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-06-15 02:38 - 2016-05-12 07:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll 2016-06-15 02:38 - 2016-05-12 07:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe 2016-06-15 02:38 - 2016-05-12 07:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-06-15 02:38 - 2016-05-12 07:54 - 02397696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-06-15 02:38 - 2016-05-12 07:52 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2016-06-15 02:38 - 2016-05-12 07:52 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2016-06-15 02:38 - 2016-05-12 07:52 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-06-15 02:38 - 2016-05-12 07:52 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-06-15 02:38 - 2016-05-12 07:52 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2016-06-15 02:38 - 2016-05-12 07:52 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-06-15 02:38 - 2016-05-12 07:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-06-15 02:38 - 2016-05-12 07:51 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-06-15 02:38 - 2016-05-12 07:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-06-15 02:38 - 2016-05-12 06:04 - 00370784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2016-06-15 02:38 - 2016-05-12 06:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2016-06-15 02:38 - 2016-05-11 08:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll 2016-06-15 02:38 - 2016-05-11 08:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll 2016-06-15 02:38 - 2016-05-11 08:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2016-06-15 02:38 - 2016-05-11 08:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll 2016-06-15 02:38 - 2016-05-11 08:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe 2016-06-15 02:38 - 2016-05-11 07:52 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys 2016-06-15 02:38 - 2016-04-14 08:38 - 00105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2016-06-15 02:38 - 2016-04-14 08:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2016-06-15 02:38 - 2016-04-14 08:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-06-15 02:38 - 2016-04-14 08:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2016-06-15 02:38 - 2016-04-14 08:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2016-06-15 02:38 - 2016-04-14 08:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2016-06-15 02:38 - 2016-04-14 08:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2016-06-15 02:38 - 2016-04-08 23:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2016-06-15 02:38 - 2016-04-08 23:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2016-06-15 02:38 - 2016-04-08 22:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2016-06-15 02:38 - 2016-03-09 11:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll 2016-06-06 15:17 - 2016-06-06 15:17 - 00029291 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (2).csv 2016-06-06 13:19 - 2016-06-06 13:19 - 00284110 _____ C:\Users\Assistant2\Downloads\19F___CE_Psychology__Src____STEPHEN_GILL_PH_D__PRESCOTT__Tmt__Dt____Unknown___04_20_2016.tif 2016-06-02 21:09 - 2016-06-02 21:09 - 00029088 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (1).csv 2016-06-01 20:43 - 2016-06-01 20:43 - 00029390 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport.csv 2016-06-01 16:17 - 2016-06-01 16:17 - 30503216 _____ C:\Users\Assistant2\Downloads\vlc-2.2.3-win32.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-30 12:09 - 2015-05-26 16:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2016-06-30 12:09 - 2014-11-12 15:29 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-06-30 12:09 - 2014-08-13 08:07 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-30 12:08 - 2014-10-21 08:34 - 00000000 ____D C:\PREVAIL_CLIENT 2016-06-30 11:49 - 2009-07-13 21:34 - 00030896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-06-30 11:49 - 2009-07-13 21:34 - 00030896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-06-30 11:19 - 2014-08-13 08:07 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-28 09:17 - 2010-11-20 14:01 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI 2016-06-28 09:17 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\inf 2016-06-28 09:13 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-06-28 09:12 - 2014-11-12 15:28 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2016-06-27 15:25 - 2014-10-30 16:10 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe 2016-06-27 15:22 - 2014-08-04 14:59 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Standard.lnk 2016-06-27 15:22 - 2014-08-04 14:59 - 00002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk 2016-06-27 15:22 - 2014-08-04 14:59 - 00002015 _____ C:\Users\Public\Desktop\Adobe Acrobat 9 Standard.lnk 2016-06-27 15:15 - 2014-11-12 15:28 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-06-27 15:15 - 2014-11-12 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-06-27 15:13 - 2016-04-04 12:42 - 00000000 ____D C:\Users\Admin\AppData\Local\GWX 2016-06-27 10:06 - 2014-08-04 15:01 - 00000000 ____D C:\ProgramData\FLEXnet 2016-06-27 09:47 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\tracing 2016-06-24 18:20 - 2014-12-02 14:43 - 00000000 ____D C:\Users\Assistant2\AppData\LocalLow\Temp 2016-06-24 18:18 - 2016-04-04 13:08 - 00000000 ____D C:\Temp 2016-06-24 16:29 - 2012-03-02 08:27 - 00000000 ____D C:\Windows\Panther 2016-06-24 14:00 - 2014-08-04 11:54 - 00000000 ____D C:\Users\Admin 2016-06-24 13:57 - 2014-07-21 07:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-06-24 13:57 - 2014-07-21 06:59 - 00000000 ____D C:\ProgramData\NVIDIA 2016-06-24 13:49 - 2009-07-13 19:37 - 00000000 __RHD C:\Users\Public\Libraries 2016-06-24 12:25 - 2015-07-15 12:30 - 00000000 ____D C:\Users\Public\Documents\scans 2016-06-24 12:25 - 2010-11-20 17:47 - 00000000 ___RD C:\Users\Public\Recorded TV 2016-06-24 12:24 - 2016-04-04 13:25 - 00000000 ____D C:\Users\Admin\AppData\Local\minergate-cli 2016-06-24 12:23 - 2015-06-24 16:42 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-06-24 12:23 - 2015-06-02 09:30 - 00000000 ____D C:\Users\Admin\AppData\Local\Avg 2016-06-24 12:23 - 2014-10-20 17:22 - 00000000 ____D C:\ProgramData\AVG Security Toolbar 2016-06-24 12:23 - 2014-10-20 12:02 - 00000000 ____D C:\ProgramData\MFAData 2016-06-24 12:23 - 2014-08-04 15:39 - 00000000 ____D C:\ProgramData\SQL Anywhere 11 2016-06-24 12:23 - 2014-08-04 11:54 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore 2016-06-24 03:01 - 2014-07-21 07:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-06-21 05:17 - 2014-10-30 16:10 - 00000000 ____D C:\Users\Admin\AppData\Local\Google 2016-06-19 01:00 - 2015-12-07 12:19 - 00000000 ____D C:\Users\Assistant2\AppData\Local\ElevatedDiagnostics 2016-06-17 14:21 - 2014-08-13 08:07 - 00002147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-17 14:21 - 2014-08-13 08:07 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-06-15 03:58 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\rescache 2016-06-15 03:33 - 2009-07-13 21:33 - 00449912 _____ C:\Windows\system32\FNTCACHE.DAT 2016-06-15 03:31 - 2014-12-10 03:23 - 00000000 ____D C:\Windows\system32\appraiser 2016-06-15 03:14 - 2015-06-24 16:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2016-06-15 03:12 - 2014-08-05 09:04 - 00000000 ____D C:\Windows\system32\MRT 2016-06-15 03:01 - 2014-08-05 09:04 - 139785240 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-06-14 03:48 - 2016-02-29 09:27 - 00785328 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2016-06-14 03:48 - 2015-06-11 19:32 - 00044120 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys 2016-06-14 03:41 - 2015-07-04 02:18 - 00053168 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2016-06-14 03:07 - 2009-07-13 19:04 - 00000478 _____ C:\Windows\win.ini 2016-06-13 19:31 - 2014-08-04 14:41 - 00400040 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2016-06-24 12:25 - 2016-06-24 12:25 - 0002552 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\04-04-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0000440 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\04-10-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0000440 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\04-16-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0001544 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\04-18-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0000440 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\04-22-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0000488 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\05-06-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0000440 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\05-09-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0000584 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\05-15-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0000504 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\05-17-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0001032 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\05-31-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0000616 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-05-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0000440 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-15-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0017144 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-21-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0001160 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-22-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 0002232 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-23-2016.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 13:55 - 2016-06-24 14:00 - 0000000 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-24-2016 2016-06-24 12:25 - 2016-06-24 12:25 - 0014232 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-24-2016.id-9A91A1D6.Vegclass@aol.com.xtbl ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-06-27 00:45 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-06-2016 Ran by Admin (2016-06-30 12:14:25) Running from C:\Users\Admin\Downloads Microsoft Windows 7 Professional Service Pack 1 (X86) (2014-08-04 18:54:45) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Admin (S-1-5-21-491372964-234954144-3230604657-1002 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-491372964-234954144-3230604657-500 - Administrator - Disabled) Assistant2 (S-1-5-21-491372964-234954144-3230604657-1003 - Limited - Enabled) => C:\Users\Assistant2 GhostUser (S-1-5-21-491372964-234954144-3230604657-1006 - Administrator - Enabled) => C:\Users\GhostUser Guest (S-1-5-21-491372964-234954144-3230604657-501 - Limited - Disabled) system32 (S-1-5-21-491372964-234954144-3230604657-1005 - Administrator - Enabled) => C:\Users\system32 User (S-1-5-21-491372964-234954144-3230604657-1004 - Administrator - Enabled) => C:\Users\User user1 (S-1-5-21-491372964-234954144-3230604657-1007 - Administrator - Enabled) => C:\Users\user1 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adblock Plus for IE (32-bit) (HKLM\...\{A243D0E2-D027-4340-AA12-6B13B2A96AC0}) (Version: 1.4 - Eyeo GmbH) Adobe Acrobat 9 Standard (HKLM\...\{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}) (Version: 9.0.0 - Adobe Systems) Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Common Desktop Agent (Version: 1.62.0 - OEM) Hidden D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version: - SEIKO EPSON Corporation) Fax Upload (HKLM\...\Fax Upload) (Version: - ) FileLocator Lite (HKLM\...\{16B89C6C-17B6-47ED-9E56-4557B339C580}) (Version: 7.0.828.1 - Mythicsoft Ltd) Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden Java 8 Update 77 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kaspersky Total Security (HKLM\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab) Kaspersky Total Security (Version: 16.0.0.614 - Kaspersky Lab) Hidden Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Standard 2013 (HKLM\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5981 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.13065 - NVIDIA Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden QuickBooks (Version: 24.0.4003.2403 - Intuit Inc.) Hidden QuickBooks Pro 2014 (HKLM\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4003.2403 - Intuit Inc.) Samsung Easy Document Creator (HKLM\...\Samsung Easy Document Creator) (Version: 1.06.46 (10/30/2014) - Samsung Electronics Co., Ltd.) Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.05.81.00(5/25/2015) - Samsung Electronics Co., Ltd.) Samsung M288x Series (HKLM\...\Samsung M288x Series) (Version: 1.14 (7/16/2015) - Samsung Electronics Co., Ltd.) Samsung Network PC Fax (HKLM\...\Samsung Network PC Fax) (Version: 1.11.14 (11/4/2014) - Samsung Electronics Co., Ltd.) Samsung Printer Diagnostics (HKLM\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Samsung Scan Process Machine (Version: 1.03.05.18 - Samsung Electronics Co., Ltd.) Hidden SNS Upload for Easy Document Creator (HKLM\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd) View User's Guide (HKLM\...\View User Guide) (Version: 3.60.45.0 - ) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version: - Yahoo Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{3CDEA288-D759-4C3B-B07F-7AFBCC842D98}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{DA654E0C-E75D-4507-8AC2-71698C5B5C93}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {31721CD7-A98B-4ACF-BC31-634BDE42D995} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {4DDF8DC1-6EE4-4263-96F6-6D0485A7373B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {4E025D0F-4D90-41D0-A720-7C308D8D67B5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {72FAA2D1-648F-4190-989A-B556979A87FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {A0BADACD-3EAC-452B-90AE-A76A4E0FA158} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-05-14 13:11 - 2015-06-26 08:21 - 00018432 _____ () C:\Windows\System32\ssa7mlm.dll 2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll 2015-05-14 13:03 - 2013-02-22 13:30 - 00307200 _____ () C:\Windows\system32\SaMinDrv.dll 2015-06-25 00:45 - 2015-06-25 00:45 - 00094208 ____N () C:\Windows\system32\ssdevm.dll 2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-09-08 13:30 - 2014-09-08 13:30 - 00351968 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe 2014-09-08 13:32 - 2014-09-08 13:32 - 00050688 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-491372964-234954144-3230604657-1002\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: CDAServer => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{0878F646-9ADD-4307-9C02-308FB5B036FA}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe FirewallRules: [{F2A46496-33D1-4906-8804-0FE0C770680D}] => (Allow) LPort=2869 FirewallRules: [{FF3AA63C-06E8-4D14-A344-6446AF16D0D7}] => (Allow) LPort=1900 FirewallRules: [{56812BDE-50F1-4DF7-85C5-E8B999964D69}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{30E5470D-A414-4F80-877B-4680A71E5265}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{149A5C47-0D79-40B0-B5DF-74CC629C405B}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe FirewallRules: [{1F87D08A-EF6B-422E-87AE-4992C9B58B56}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe FirewallRules: [{1C19A6E2-4D32-4806-9731-48A3C3031811}] => (Allow) C:\Windows\twain_32\Samsung\SLM288x\ScanCDLM\ScanCDLM.exe FirewallRules: [{E552974E-6EEC-4DF9-BC7D-4340FDAD074A}] => (Allow) C:\Windows\twain_32\Samsung\SLM288x\ScanCDLM\ScanCDLM.exe FirewallRules: [TCP Query User{DBBE19B2-5BC8-41D3-A91B-4C3921A51038}C:\program files\common files\common desktop agent\cdasrv.exe] => (Allow) C:\program files\common files\common desktop agent\cdasrv.exe FirewallRules: [UDP Query User{F51E5224-A6F4-4E3B-8C1B-7D4667151111}C:\program files\common files\common desktop agent\cdasrv.exe] => (Allow) C:\program files\common files\common desktop agent\cdasrv.exe FirewallRules: [{F8C0240D-15AC-4F26-AC52-1AF5730399A9}] => (Allow) C:\Program Files\Samsung\Easy Document Creator\EDC.exe FirewallRules: [{D4A09F55-62B5-4154-8292-DC6DD1AEFE8E}] => (Allow) C:\Program Files\Samsung\Easy Document Creator\EDC.exe FirewallRules: [{475BAAF6-0CCB-456D-A607-590BBDDDEAA8}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{1D093E84-DECF-4E4C-A6C2-40D6298E141A}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{74E6A098-B3FE-4D7E-8CF7-D80A512B0537}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{BBB77926-0FFD-46AE-8FC2-89BE458D2767}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe FirewallRules: [{2D738D47-B916-4A69-B7EB-583121140968}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [{2EE30B18-B135-4901-BB02-42D2FD184057}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe FirewallRules: [{D754E037-5F71-4260-ADB5-7186CEB5F4AD}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe FirewallRules: [TCP Query User{AE704F67-032D-4497-9CF7-6A8B7E547EAE}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe FirewallRules: [UDP Query User{A91052F3-1507-4B2C-9FA5-ADF528958AE0}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe FirewallRules: [{9CE8B091-A0C4-4C82-9ECA-55B4AE1EE5E6}] => (Allow) LPort=3389 FirewallRules: [{B8772483-6577-4788-8216-A94BA070AA63}] => (Allow) LPort=3395 FirewallRules: [{CA51C6BB-E6BA-4838-B083-50E7AE31628A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/30/2016 12:09:42 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/30/2016 12:09:42 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/29/2016 07:30:58 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/29/2016 07:30:58 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/29/2016 07:13:49 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/29/2016 07:13:49 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/29/2016 07:11:49 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/29/2016 07:11:49 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/29/2016 07:07:14 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/29/2016 07:07:14 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (06/29/2016 07:10:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The WinMedia Service service terminated unexpectedly. It has done this 1 time(s). Error: (06/29/2016 06:46:54 PM) (Source: TermDD) (EventID: 56) (User: ) Description: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 95.220.137.166. Error: (06/29/2016 06:46:54 PM) (Source: TermDD) (EventID: 50) (User: ) Description: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client. Error: (06/29/2016 01:03:00 PM) (Source: TermDD) (EventID: 56) (User: ) Description: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 95.211.168.97. Error: (06/29/2016 01:03:00 PM) (Source: TermDD) (EventID: 56) (User: ) Description: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 95.211.168.97. Error: (06/29/2016 11:49:47 AM) (Source: TermDD) (EventID: 56) (User: ) Description: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 95.220.137.166. Error: (06/29/2016 11:49:47 AM) (Source: TermDD) (EventID: 50) (User: ) Description: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client. Error: (06/28/2016 07:27:01 PM) (Source: TermDD) (EventID: 56) (User: ) Description: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 160.3.165.158. Error: (06/28/2016 09:13:06 AM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000007f (0x00000008, 0x8df39750, 0x00000000, 0x00000000)C:\Windows\MEMORY.DMP062816-18236-01 Error: (06/28/2016 09:13:00 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 9:11:33 AM on ‎6/‎28/‎2016 was unexpected. CodeIntegrity: =================================== Date: 2016-06-30 12:09:14.702 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-30 12:09:14.639 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-06-29 19:11:39.014 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-29 19:11:38.936 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-06-29 19:05:20.702 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-29 19:05:20.656 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-06-29 18:43:35.229 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-29 18:43:35.179 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-06-29 18:28:15.931 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-29 18:28:15.868 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz Percentage of memory in use: 49% Total physical RAM: 3005.59 MB Available physical RAM: 1509.6 MB Total Virtual: 9003.91 MB Available Virtual: 7003.19 MB ==================== Drives ================================ Drive c: (OSDisk) (Fixed) (Total:219.15 GB) (Free:163.12 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (Recovery) (Fixed) (Total:13.68 GB) (Free:13.31 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: BC9D6F56) Partition 1: (Active) - (Size=219.1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  7. Naathim, I will get admin logs and post them, but if that's what's needed then the instructions for getting the logs should say so. I don't see anything in the page I was directed to with instructions on getting the logs that says to run as admin. Of course the standard log in is not admin, and I don't run anything as admin unless there's a reason to, so naturally I didn't run these log apps that way. Or if the log apps need to be run as admin, why not create them so they request that permission when they run? I'll have new logs posted here shortly.
  8. This is logs posted as requested following up on post: forums.malwarebytes.org/topic/185098-finds-problems-but-wont-list-or-remove-them/ I didn't mention there that malwarebytes also fails to make any log of the scan. Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2016 Ran by Assistant2 (2016-06-28 12:39:13) Running from C:\Users\Assistant2\Downloads Microsoft Windows 7 Professional Service Pack 1 (X86) (2014-08-04 18:54:45) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Admin (S-1-5-21-491372964-234954144-3230604657-1002 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-491372964-234954144-3230604657-500 - Administrator - Disabled) Assistant2 (S-1-5-21-491372964-234954144-3230604657-1003 - Limited - Enabled) => C:\Users\Assistant2 GhostUser (S-1-5-21-491372964-234954144-3230604657-1006 - Administrator - Enabled) => C:\Users\GhostUser Guest (S-1-5-21-491372964-234954144-3230604657-501 - Limited - Disabled) system32 (S-1-5-21-491372964-234954144-3230604657-1005 - Administrator - Enabled) => C:\Users\system32 User (S-1-5-21-491372964-234954144-3230604657-1004 - Administrator - Enabled) => C:\Users\User user1 (S-1-5-21-491372964-234954144-3230604657-1007 - Administrator - Enabled) => C:\Users\user1 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adblock Plus for IE (32-bit) (HKLM\...\{A243D0E2-D027-4340-AA12-6B13B2A96AC0}) (Version: 1.4 - Eyeo GmbH) Adobe Acrobat 9 Standard (HKLM\...\{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}) (Version: 9.0.0 - Adobe Systems) Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Common Desktop Agent (Version: 1.62.0 - OEM) Hidden D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version: - SEIKO EPSON Corporation) Fax Upload (HKLM\...\Fax Upload) (Version: - ) FileLocator Lite (HKLM\...\{16B89C6C-17B6-47ED-9E56-4557B339C580}) (Version: 7.0.828.1 - Mythicsoft Ltd) Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden Java 8 Update 77 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kaspersky Total Security (HKLM\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab) Kaspersky Total Security (Version: 16.0.0.614 - Kaspersky Lab) Hidden Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Standard 2013 (HKLM\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5981 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.13065 - NVIDIA Corporation) Office@Hand Meetings (HKU\S-1-5-21-491372964-234954144-3230604657-1003\...\ATTMeetings) (Version: 3.5 - Zoom Video Communications, Inc., AT&T and RingCentral Inc.) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden QuickBooks (Version: 24.0.4003.2403 - Intuit Inc.) Hidden QuickBooks Pro 2014 (HKLM\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4003.2403 - Intuit Inc.) Samsung Easy Document Creator (HKLM\...\Samsung Easy Document Creator) (Version: 1.06.46 (10/30/2014) - Samsung Electronics Co., Ltd.) Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.05.81.00(5/25/2015) - Samsung Electronics Co., Ltd.) Samsung M288x Series (HKLM\...\Samsung M288x Series) (Version: 1.14 (7/16/2015) - Samsung Electronics Co., Ltd.) Samsung Network PC Fax (HKLM\...\Samsung Network PC Fax) (Version: 1.11.14 (11/4/2014) - Samsung Electronics Co., Ltd.) Samsung Printer Diagnostics (HKLM\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Samsung Scan Process Machine (Version: 1.03.05.18 - Samsung Electronics Co., Ltd.) Hidden SNS Upload for Easy Document Creator (HKLM\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd) View User's Guide (HKLM\...\View User Guide) (Version: 3.60.45.0 - ) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version: - Yahoo Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => <==== ATTENTION ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-09-08 13:30 - 2014-09-08 13:30 - 00351968 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe 2014-08-22 00:09 - 2014-08-22 00:09 - 03650048 _____ () C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\sf.dll 2014-08-22 00:09 - 2014-08-22 00:09 - 00300032 _____ () C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\log4cplus.dll 2014-09-08 13:32 - 2014-09-08 13:32 - 00050688 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll 2016-06-24 18:39 - 2012-09-13 14:59 - 00637952 _____ () C:\Users\Assistant2\AppData\Local\Temp\tlx_app\PSPARTS.BPL 2016-06-24 18:39 - 2012-10-04 12:13 - 00527360 _____ () C:\Users\Assistant2\AppData\Local\Temp\tlx_app\FR6.BPL 2016-06-24 18:39 - 2004-04-20 16:28 - 00100864 ____R () C:\Users\Assistant2\AppData\Local\Temp\tlx_app\ZLIB32.DLL 2016-06-24 18:39 - 2011-01-11 09:02 - 00051200 ____R () C:\Users\Assistant2\AppData\Local\Temp\tlx_app\TLXDBENG.DLL 2016-06-24 18:39 - 2013-05-30 16:26 - 00572928 ____R () C:\Users\Assistant2\AppData\Local\Temp\tlx_app\TLXDBLIB.DLL 2014-12-02 13:20 - 2015-06-26 08:21 - 01325568 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\ssa7mdu.dll 2015-10-13 15:07 - 2015-10-13 15:07 - 01032360 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll 2015-05-13 18:31 - 2015-05-13 18:31 - 00125088 _____ () C:\Program Files\Microsoft Office\Office15\OUTLCTL.DLL 2016-06-27 09:34 - 2016-01-06 19:35 - 36646400 _____ () C:\PREVAIL_CLIENT\Prevail.exe 2014-10-30 00:02 - 2014-10-30 00:02 - 00537088 _____ () C:\Program Files\Samsung\Easy Document Creator\EDCAddin.dll 2014-10-30 00:02 - 2014-10-30 00:02 - 00626176 _____ () C:\Program Files\Samsung\Easy Document Creator\EDCOffice.dll 2014-10-30 00:02 - 2014-10-30 00:02 - 00098816 _____ () C:\Program Files\Samsung\Easy Document Creator\EDCFaxEngine.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-491372964-234954144-3230604657-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Assistant2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: CDAServer => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{0878F646-9ADD-4307-9C02-308FB5B036FA}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe FirewallRules: [{F2A46496-33D1-4906-8804-0FE0C770680D}] => (Allow) LPort=2869 FirewallRules: [{FF3AA63C-06E8-4D14-A344-6446AF16D0D7}] => (Allow) LPort=1900 FirewallRules: [{56812BDE-50F1-4DF7-85C5-E8B999964D69}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{30E5470D-A414-4F80-877B-4680A71E5265}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{149A5C47-0D79-40B0-B5DF-74CC629C405B}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe FirewallRules: [{1F87D08A-EF6B-422E-87AE-4992C9B58B56}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe FirewallRules: [{1C19A6E2-4D32-4806-9731-48A3C3031811}] => (Allow) C:\Windows\twain_32\Samsung\SLM288x\ScanCDLM\ScanCDLM.exe FirewallRules: [{E552974E-6EEC-4DF9-BC7D-4340FDAD074A}] => (Allow) C:\Windows\twain_32\Samsung\SLM288x\ScanCDLM\ScanCDLM.exe FirewallRules: [TCP Query User{DBBE19B2-5BC8-41D3-A91B-4C3921A51038}C:\program files\common files\common desktop agent\cdasrv.exe] => (Allow) C:\program files\common files\common desktop agent\cdasrv.exe FirewallRules: [UDP Query User{F51E5224-A6F4-4E3B-8C1B-7D4667151111}C:\program files\common files\common desktop agent\cdasrv.exe] => (Allow) C:\program files\common files\common desktop agent\cdasrv.exe FirewallRules: [{F8C0240D-15AC-4F26-AC52-1AF5730399A9}] => (Allow) C:\Program Files\Samsung\Easy Document Creator\EDC.exe FirewallRules: [{D4A09F55-62B5-4154-8292-DC6DD1AEFE8E}] => (Allow) C:\Program Files\Samsung\Easy Document Creator\EDC.exe FirewallRules: [{475BAAF6-0CCB-456D-A607-590BBDDDEAA8}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{1D093E84-DECF-4E4C-A6C2-40D6298E141A}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{74E6A098-B3FE-4D7E-8CF7-D80A512B0537}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{BBB77926-0FFD-46AE-8FC2-89BE458D2767}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe FirewallRules: [{2D738D47-B916-4A69-B7EB-583121140968}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [{2EE30B18-B135-4901-BB02-42D2FD184057}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe FirewallRules: [{D754E037-5F71-4260-ADB5-7186CEB5F4AD}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe FirewallRules: [TCP Query User{AE704F67-032D-4497-9CF7-6A8B7E547EAE}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe FirewallRules: [UDP Query User{A91052F3-1507-4B2C-9FA5-ADF528958AE0}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe FirewallRules: [{9CE8B091-A0C4-4C82-9ECA-55B4AE1EE5E6}] => (Allow) LPort=3389 FirewallRules: [{B8772483-6577-4788-8216-A94BA070AA63}] => (Allow) LPort=3395 FirewallRules: [{CA51C6BB-E6BA-4838-B083-50E7AE31628A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/28/2016 09:14:41 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2016 09:01:43 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/28/2016 09:01:43 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/27/2016 03:17:43 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/27/2016 03:17:43 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/27/2016 03:12:33 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1250 Start Time: 01d1d0ba6f656007 Termination Time: 0 Application Path: C:\Program Files\Malwarebytes Anti-Malware\mbam.exe Report Id: 3cfd2544-3cb4-11e6-9640-b8ac6f2a249c Error: (06/27/2016 02:25:21 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/27/2016 02:25:21 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/27/2016 09:49:26 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2016 12:15:12 AM) (Source: Winlogon) (EventID: 4005) (User: ) Description: The Windows logon process has unexpectedly terminated. System errors: ============= Error: (06/28/2016 09:13:06 AM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000007f (0x00000008, 0x8df39750, 0x00000000, 0x00000000)C:\Windows\MEMORY.DMP062816-18236-01 Error: (06/28/2016 09:13:00 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 9:11:33 AM on ‎6/‎28/‎2016 was unexpected. Error: (06/27/2016 12:15:08 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 1203. Error: (06/27/2016 12:15:08 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 1203. Error: (06/26/2016 11:59:45 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 1203. Error: (06/26/2016 11:59:45 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 1203. Error: (06/26/2016 11:54:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 1203. Error: (06/26/2016 11:54:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 1203. Error: (06/26/2016 08:04:02 AM) (Source: TermDD) (EventID: 56) (User: ) Description: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 85.12.249.21. Error: (06/25/2016 03:13:57 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 1203. CodeIntegrity: =================================== Date: 2016-06-28 12:39:24.900 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-28 12:39:24.853 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-06-28 09:16:53.180 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-28 09:16:53.087 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-06-28 09:02:00.856 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-28 09:02:00.810 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-06-28 08:26:50.033 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-28 08:26:49.830 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-06-26 07:55:18.839 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-26 07:55:18.784 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz Percentage of memory in use: 39% Total physical RAM: 3005.59 MB Available physical RAM: 1821.85 MB Total Virtual: 9003.91 MB Available Virtual: 6862.41 MB ==================== Drives ================================ Drive c: (OSDisk) (Fixed) (Total:219.15 GB) (Free:163.44 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Recovery) (Fixed) (Total:13.68 GB) (Free:13.31 GB) NTFS ==================== MBR & Partition Table ================== ==================== End of Addition.txt ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2016 Ran by Assistant2 (ATTENTION: The user is not administrator) on PC-CHRISTINA (28-06-2016 12:38:42) Running from C:\Users\Assistant2\Downloads Loaded Profiles: Assistant2 (Available Profiles: Admin & Assistant2 & User & system32 & GhostUser & user1) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> wininit.exe Failed to access process -> services.exe Failed to access process -> lsass.exe Failed to access process -> lsm.exe Failed to access process -> svchost.exe Failed to access process -> nvvsvc.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> spoolsv.exe Failed to access process -> svchost.exe Failed to access process -> avp.exe Failed to access process -> svchost.exe Failed to access process -> mbae-svc.exe Failed to access process -> mbamscheduler.exe Failed to access process -> mbamservice.exe Failed to access process -> QBCFMonitorService.exe Failed to access process -> QBIDPService.exe Failed to access process -> NetFaxServer.exe Failed to access process -> msapp.exe Failed to access process -> WLIDSVC.EXE Failed to access process -> WLIDSVCM.EXE Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> SearchIndexer.exe Failed to access process -> csrss.exe Failed to access process -> winlogon.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe (ImageMAKER Development Inc.) C:\Program Files\Common Files\ImageMAKER\VSTDAEMON.EXE (Telexis Software, LLC) C:\Users\Assistant2\AppData\Local\Temp\tlx_app\_PSWIN32.EXE (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe Failed to access process -> wmpnetwk.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe Failed to access process -> nvvsvc.exe () C:\PREVAIL_CLIENT\Prevail.exe Failed to access process -> TrustedInstaller.exe Failed to access process -> FNPLicensingService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE Failed to access process -> csrss.exe Failed to access process -> winlogon.exe Failed to access process -> LogonUI.exe (Microsoft Corporation) C:\Windows\System32\rdpclip.exe Failed to access process -> nvvsvc.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe Failed to access process -> SearchProtocolHost.exe Failed to access process -> SearchFilterHost.exe Failed to access process -> WmiPrvSE.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.) HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-08-26] () HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated) HKLM\...\Run: [] => [X] HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.) HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2829624 2013-10-10] (Intuit Inc. All rights reserved.) HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [351968 2014-09-08] () HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation) HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation) HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [360448 2009-07-13] (Microsoft Corporation) HKU\S-1-5-21-491372964-234954144-3230604657-1003\...\Run: [Intel] => "C:\Temp\start.bat" <===== ATTENTION HKU\S-1-5-21-491372964-234954144-3230604657-1003\...\MountPoints2: {2544c0ec-6119-11e4-ac33-b8ac6f2a249c} - F:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-491372964-234954144-3230604657-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation) IFEO\sethc.exe: [Debugger] C:\Windows\PreInstall\uddisrw.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-08-04] ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-08-04] ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-08-04] ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2015-05-14] ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe (Samsung Electronics Co., Ltd.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vista Fax Daemon.lnk [2014-08-07] ShortcutTarget: Vista Fax Daemon.lnk -> C:\Program Files\Common Files\ImageMAKER\Vstdaemon.exe (ImageMAKER Development Inc.) Startup: C:\Users\Assistant2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PHONEslips.lnk [2015-07-14] ShortcutTarget: PHONEslips.lnk -> \\JEP-SERVER\Data\PSLIPS\PSWIN32.EXE (Telexis Software, LLC) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{D040FB1E-17F4-4B45-93D4-1BAFCFB1D776}: [NameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-491372964-234954144-3230604657-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset HKU\S-1-5-21-491372964-234954144-3230604657-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com SearchScopes: HKU\S-1-5-21-491372964-234954144-3230604657-1003 -> {649F33D1-A542-418B-95D6-78D1AB7B1B07} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-491372964-234954144-3230604657-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={1D400F9B-F767-4844-8536-5144C0886475}&mid=ff72a6714e9647d29f3b69e529cecd6f-609c553d77daee3e767235c70eba4e6dda32dbaa&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915tb&pr=fr&d=2014-10-20 17:21:56&v=4.1.6.294&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-491372964-234954144-3230604657-1003 -> {C8309296-833A-4A61-86A3-477D0AA49F50} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-23] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-02-29] (AO Kaspersky Lab) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-23] (Oracle Corporation) BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-02-29] (AO Kaspersky Lab) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2013-10-10] (Intuit, Inc.) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation) Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-23] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-23] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin HKU\S-1-5-21-491372964-234954144-3230604657-1003: @att.com/ATTMeetingsPlugin -> C:\Users\Assistant2\AppData\Roaming\ATTMeetings\bin\npattmsplugin.dll [2015-07-02] (Zoom Video Communications, Inc. AT&T and RingCentral Inc.) FF HKLM\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox FF Extension: Kaspersky Protection - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-06-14] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => No File CHR Plugin: (Shockwave Flash) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll => No File CHR Profile: C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05] CHR Extension: (Google Drive) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (YouTube) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28] CHR Extension: (Google Search) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Kaspersky Protection) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-03-01] CHR Extension: (Google Docs Offline) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (AdBlock) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-01] CHR Extension: (Chrome Web Store Payments) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03] CHR Extension: (Yahoo Partner) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-06-21] CHR Extension: (Gmail) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31] CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka CHR HKLM\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP16.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2016-02-29] (Kaspersky Lab ZAO) R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-08-04] (Macrovision Europe Ltd.) [File not signed] R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-10-10] (Intuit) [File not signed] S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed] R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-10-10] (Intuit Inc.) [File not signed] R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [458944 2014-11-04] (Samsung Electronics Co., Ltd.) R3 TermService; C:\Program Files\RDP Wrapper\rdpwrap.dll [77312 2016-04-04] (Stas'M Corp.) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation) R2 WinMediaService; C:\Windows\msapss\bin\msapp.exe [990720 2016-06-25] () [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AX88179; C:\Windows\System32\DRIVERS\ax88179_178a.sys [54784 2013-12-05] (ASIX Electronics Corp.) S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [69632 2013-12-03] (ASIX Electronics Corp.) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO) R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [50016 2016-06-02] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [153784 2015-06-22] (Kaspersky Lab ZAO) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [58224 2015-06-27] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [66976 2016-02-29] (AO Kaspersky Lab) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [147328 2016-02-29] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [53168 2016-06-14] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [785328 2016-06-14] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [44120 2016-06-14] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [37048 2015-06-06] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [39304 2016-02-29] (AO Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [87736 2015-06-16] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [156856 2015-06-23] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-06-27] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation) R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2014-05-07] (Samsung Electronics) [File not signed] S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2011-03-24] (Microsoft Corporation) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-28 12:38 - 2016-06-28 12:39 - 00020923 _____ C:\Users\Assistant2\Downloads\FRST.txt 2016-06-28 12:38 - 2016-06-28 12:38 - 01740288 _____ (Farbar) C:\Users\Assistant2\Downloads\FRST.exe 2016-06-28 12:38 - 2016-06-28 12:38 - 00000000 ____D C:\FRST 2016-06-28 09:13 - 2016-06-28 09:13 - 00000000 ____D C:\Windows\Minidump 2016-06-28 09:12 - 2016-06-28 09:12 - 387574161 _____ C:\Windows\MEMORY.DMP 2016-06-27 15:22 - 2008-04-07 05:38 - 00045392 ____R (Adobe Systems Inc) C:\Windows\system32\AdobePDF.dll 2016-06-27 15:22 - 2008-04-07 05:38 - 00022872 ____R (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll 2016-06-27 14:27 - 2016-06-28 10:16 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2016-06-27 14:27 - 2016-06-27 14:27 - 01858888 _____ (Malwarebytes ) C:\Users\Assistant2\Downloads\mbae-setup-1.08.1.2563.exe 2016-06-27 14:27 - 2016-06-27 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2016-06-27 14:27 - 2016-06-27 14:27 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit 2016-06-27 13:46 - 2016-06-27 13:46 - 22851472 _____ (Malwarebytes ) C:\Users\Assistant2\Downloads\mbam-setup-2.2.1.1043.exe 2016-06-27 09:30 - 2016-06-27 09:30 - 06069872 _____ (TeamViewer) C:\Users\Assistant2\Downloads\assist.exe 2016-06-26 07:54 - 2016-06-26 16:14 - 00000000 ____D C:\Users\user1 2016-06-25 06:24 - 2016-06-25 06:24 - 00000000 ____D C:\Windows\PreInstall 2016-06-25 06:24 - 2016-06-25 06:24 - 00000000 ____D C:\Windows\bin 2016-06-25 06:22 - 2016-06-25 06:22 - 00000000 ____D C:\Windows\msapss 2016-06-24 14:39 - 2016-06-24 14:39 - 00000000 ____D C:\Users\Assistant2\AppData\Roaming\Mythicsoft 2016-06-24 14:39 - 2016-06-24 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileLocator Lite 2016-06-24 14:39 - 2016-06-24 14:39 - 00000000 ____D C:\Program Files\Mythicsoft 2016-06-24 14:38 - 2016-06-24 14:38 - 14325936 _____ (Mythicsoft Ltd) C:\Users\Assistant2\Downloads\FileLocatorLite_828.exe 2016-06-24 14:08 - 2016-06-24 14:08 - 00000000 ____D C:\Users\Assistant2\AppData\Roaming\RUT_settings 2016-06-24 14:07 - 2016-06-24 14:07 - 03720232 _____ (Usoris LLC) C:\Users\Assistant2\Downloads\agent.exe 2016-06-24 13:55 - 2016-06-24 13:55 - 00029380 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (4).csv 2016-06-24 12:25 - 2016-06-24 12:25 - 00000522 ___SH C:\Users\Public\Documents\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00000410 ___SH C:\Users\Public\Downloads\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-24 12:25 - 2016-06-24 12:25 - 00000410 ___SH C:\Users\Public\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl 2016-06-22 16:32 - 2016-06-22 16:32 - 00029371 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (3).csv 2016-06-22 12:00 - 2016-06-22 12:00 - 00044200 _____ C:\Users\Assistant2\Downloads\Objection_to_Video_Hearing_Doc__Dt____Unknown.tif 2016-06-21 05:19 - 2016-06-21 05:25 - 00000000 ___HD C:\Users\GhostUser 2016-06-15 02:38 - 2016-06-06 08:26 - 00037096 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-06-15 02:38 - 2016-06-06 08:23 - 01001472 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-06-15 02:38 - 2016-06-03 06:04 - 01225216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-06-15 02:38 - 2016-05-27 06:05 - 00466944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-06-15 02:38 - 2016-05-27 06:05 - 00461824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-06-15 02:38 - 2016-05-27 06:05 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-06-15 02:38 - 2016-05-27 06:05 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2016-06-15 02:38 - 2016-05-23 15:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-06-15 02:38 - 2016-05-22 06:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-06-15 02:38 - 2016-05-21 09:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-06-15 02:38 - 2016-05-20 15:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-06-15 02:38 - 2016-05-20 15:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-06-15 02:38 - 2016-05-20 14:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-06-15 02:38 - 2016-05-20 14:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-06-15 02:38 - 2016-05-20 14:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-06-15 02:38 - 2016-05-20 14:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-06-15 02:38 - 2016-05-20 14:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-06-15 02:38 - 2016-05-20 14:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-06-15 02:38 - 2016-05-20 14:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-06-15 02:38 - 2016-05-20 14:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-06-15 02:38 - 2016-05-20 14:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-06-15 02:38 - 2016-05-20 14:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-06-15 02:38 - 2016-05-20 14:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-06-15 02:38 - 2016-05-20 14:44 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-06-15 02:38 - 2016-05-20 14:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-06-15 02:38 - 2016-05-20 14:36 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-06-15 02:38 - 2016-05-20 14:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-06-15 02:38 - 2016-05-20 14:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-06-15 02:38 - 2016-05-20 14:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-06-15 02:38 - 2016-05-20 14:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-06-15 02:38 - 2016-05-20 14:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-06-15 02:38 - 2016-05-20 14:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-06-15 02:38 - 2016-05-20 14:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-06-15 02:38 - 2016-05-20 14:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-06-15 02:38 - 2016-05-20 14:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-06-15 02:38 - 2016-05-20 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-06-15 02:38 - 2016-05-20 14:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-06-15 02:38 - 2016-05-20 14:09 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-06-15 02:38 - 2016-05-20 14:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-06-15 02:38 - 2016-05-20 14:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-06-15 02:38 - 2016-05-20 13:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-06-15 02:38 - 2016-05-20 13:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-06-15 02:38 - 2016-05-20 13:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-06-15 02:38 - 2016-05-18 09:10 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-06-15 02:38 - 2016-05-13 14:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-06-15 02:38 - 2016-05-13 14:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2016-06-15 02:38 - 2016-05-13 14:49 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2016-06-15 02:38 - 2016-05-13 14:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2016-06-15 02:38 - 2016-05-13 14:27 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-06-15 02:38 - 2016-05-12 08:22 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-06-15 02:38 - 2016-05-12 08:22 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-06-15 02:38 - 2016-05-12 08:18 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL 2016-06-15 02:38 - 2016-05-12 08:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-06-15 02:38 - 2016-05-12 08:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-06-15 02:38 - 2016-05-12 07:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll 2016-06-15 02:38 - 2016-05-12 07:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe 2016-06-15 02:38 - 2016-05-12 07:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-06-15 02:38 - 2016-05-12 07:54 - 02397696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-06-15 02:38 - 2016-05-12 07:52 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2016-06-15 02:38 - 2016-05-12 07:52 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2016-06-15 02:38 - 2016-05-12 07:52 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-06-15 02:38 - 2016-05-12 07:52 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-06-15 02:38 - 2016-05-12 07:52 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2016-06-15 02:38 - 2016-05-12 07:52 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-06-15 02:38 - 2016-05-12 07:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-06-15 02:38 - 2016-05-12 07:51 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-06-15 02:38 - 2016-05-12 07:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-06-15 02:38 - 2016-05-12 06:04 - 00370784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2016-06-15 02:38 - 2016-05-12 06:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2016-06-15 02:38 - 2016-05-11 08:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll 2016-06-15 02:38 - 2016-05-11 08:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll 2016-06-15 02:38 - 2016-05-11 08:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2016-06-15 02:38 - 2016-05-11 08:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll 2016-06-15 02:38 - 2016-05-11 08:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe 2016-06-15 02:38 - 2016-05-11 07:52 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys 2016-06-15 02:38 - 2016-04-14 08:38 - 00105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2016-06-15 02:38 - 2016-04-14 08:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2016-06-15 02:38 - 2016-04-14 08:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-06-15 02:38 - 2016-04-14 08:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2016-06-15 02:38 - 2016-04-14 08:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2016-06-15 02:38 - 2016-04-14 08:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2016-06-15 02:38 - 2016-04-14 08:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2016-06-15 02:38 - 2016-04-08 23:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2016-06-15 02:38 - 2016-04-08 23:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2016-06-15 02:38 - 2016-04-08 22:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2016-06-15 02:38 - 2016-03-09 11:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll 2016-06-06 15:17 - 2016-06-06 15:17 - 00029291 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (2).csv 2016-06-06 13:19 - 2016-06-06 13:19 - 00284110 _____ C:\Users\Assistant2\Downloads\19F___CE_Psychology__Src____STEPHEN_GILL_PH_D__PRESCOTT__Tmt__Dt____Unknown___04_20_2016.tif 2016-06-02 21:09 - 2016-06-02 21:09 - 00029088 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (1).csv 2016-06-01 20:43 - 2016-06-01 20:43 - 00029390 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport.csv 2016-06-01 16:17 - 2016-06-01 16:17 - 30503216 _____ C:\Users\Assistant2\Downloads\vlc-2.2.3-win32.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-28 12:19 - 2014-08-13 08:07 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-28 11:29 - 2015-05-26 16:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2016-06-28 09:28 - 2009-07-13 21:34 - 00030896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-06-28 09:28 - 2009-07-13 21:34 - 00030896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-06-28 09:23 - 2014-10-21 08:34 - 00000000 ____D C:\PREVAIL_CLIENT 2016-06-28 09:17 - 2010-11-20 14:01 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI 2016-06-28 09:17 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\inf 2016-06-28 09:16 - 2014-08-13 08:07 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-28 09:13 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-06-28 09:12 - 2014-11-12 15:28 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2016-06-27 15:22 - 2014-08-04 14:59 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Standard.lnk 2016-06-27 15:22 - 2014-08-04 14:59 - 00002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk 2016-06-27 15:22 - 2014-08-04 14:59 - 00002015 _____ C:\Users\Public\Desktop\Adobe Acrobat 9 Standard.lnk 2016-06-27 15:16 - 2014-11-12 15:29 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-06-27 15:15 - 2014-11-12 15:28 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-06-27 15:15 - 2014-11-12 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-06-27 10:06 - 2014-08-04 15:01 - 00000000 ____D C:\ProgramData\FLEXnet 2016-06-27 09:47 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\tracing 2016-06-24 18:20 - 2014-12-02 14:43 - 00000000 ____D C:\Users\Assistant2\AppData\LocalLow\Temp 2016-06-24 18:18 - 2016-04-04 13:08 - 00000000 ____D C:\Temp 2016-06-24 16:29 - 2012-03-02 08:27 - 00000000 ____D C:\Windows\Panther 2016-06-24 14:00 - 2014-08-04 11:54 - 00000000 ____D C:\Users\Admin 2016-06-24 13:57 - 2014-07-21 07:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-06-24 13:57 - 2014-07-21 06:59 - 00000000 ____D C:\ProgramData\NVIDIA 2016-06-24 13:49 - 2009-07-13 19:37 - 00000000 __RHD C:\Users\Public\Libraries 2016-06-24 12:25 - 2015-07-15 12:30 - 00000000 ____D C:\Users\Public\Documents\scans 2016-06-24 12:25 - 2010-11-20 17:47 - 00000000 ___RD C:\Users\Public\Recorded TV 2016-06-24 12:23 - 2015-06-24 16:42 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-06-24 12:23 - 2014-10-20 17:22 - 00000000 ____D C:\ProgramData\AVG Security Toolbar 2016-06-24 12:23 - 2014-10-20 12:02 - 00000000 ____D C:\ProgramData\MFAData 2016-06-24 12:23 - 2014-08-04 15:39 - 00000000 ____D C:\ProgramData\SQL Anywhere 11 2016-06-24 03:01 - 2014-07-21 07:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-06-19 01:00 - 2015-12-07 12:19 - 00000000 ____D C:\Users\Assistant2\AppData\Local\ElevatedDiagnostics 2016-06-17 14:21 - 2014-08-13 08:07 - 00002147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-17 14:21 - 2014-08-13 08:07 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-06-15 03:58 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\rescache 2016-06-15 03:33 - 2009-07-13 21:33 - 00449912 _____ C:\Windows\system32\FNTCACHE.DAT 2016-06-15 03:31 - 2014-12-10 03:23 - 00000000 ____D C:\Windows\system32\appraiser 2016-06-15 03:14 - 2015-06-24 16:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2016-06-15 03:12 - 2014-08-05 09:04 - 00000000 ____D C:\Windows\system32\MRT 2016-06-15 03:01 - 2014-08-05 09:04 - 139785240 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-06-14 03:48 - 2016-02-29 09:27 - 00785328 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2016-06-14 03:48 - 2015-06-11 19:32 - 00044120 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys 2016-06-14 03:41 - 2015-07-04 02:18 - 00053168 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2016-06-14 03:07 - 2009-07-13 19:04 - 00000478 _____ C:\Windows\win.ini 2016-06-13 19:31 - 2014-08-04 14:41 - 00400040 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2016-04-04 14:31 - 2016-04-04 14:31 - 0000288 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-04-2016 2016-04-05 09:09 - 2016-04-05 20:34 - 0052368 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-05-2016 2016-04-06 08:38 - 2016-04-06 17:17 - 0043344 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-06-2016 2016-04-07 08:46 - 2016-04-07 17:15 - 0064432 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-07-2016 2016-04-08 08:58 - 2016-04-08 13:10 - 0023456 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-08-2016 2016-04-10 10:21 - 2016-04-10 11:59 - 0007488 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-10-2016 2016-04-11 08:26 - 2016-04-11 17:07 - 0039824 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-11-2016 2016-04-12 08:43 - 2016-04-12 16:22 - 0066256 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-12-2016 2016-04-13 08:37 - 2016-04-13 16:10 - 0031936 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-13-2016 2016-04-14 08:38 - 2016-04-14 16:49 - 0072528 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-14-2016 2016-04-15 08:07 - 2016-04-15 17:04 - 0005232 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-15-2016 2016-04-18 09:17 - 2016-04-18 20:19 - 0019504 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-18-2016 2016-04-19 08:05 - 2016-04-19 17:21 - 0026320 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-19-2016 2016-04-20 08:31 - 2016-04-20 20:41 - 0045232 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-20-2016 2016-04-21 08:20 - 2016-04-21 17:18 - 0054688 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-21-2016 2016-04-22 08:20 - 2016-04-22 14:42 - 0041120 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-22-2016 2016-05-10 08:41 - 2016-05-10 17:01 - 0035328 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\05-10-2016 2016-05-11 08:28 - 2016-05-11 14:57 - 0013904 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\05-11-2016 2016-05-12 08:27 - 2016-05-12 17:41 - 0057792 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\05-12-2016 2016-05-13 07:26 - 2016-05-13 14:39 - 0032960 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\05-13-2016 2016-05-16 08:53 - 2016-05-16 15:12 - 0024352 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\05-16-2016 2016-05-17 08:49 - 2016-05-17 10:11 - 0001584 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\05-17-2016 2016-06-14 08:40 - 2016-06-14 16:40 - 0040448 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\06-14-2016 2016-06-15 07:37 - 2016-06-15 09:31 - 0018576 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\06-15-2016 2016-06-16 09:01 - 2016-06-16 13:31 - 0014080 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\06-16-2016 2016-06-22 13:45 - 2016-06-22 16:41 - 0006432 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\06-22-2016 2016-06-23 08:56 - 2016-06-23 16:53 - 0043648 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\06-23-2016 2016-06-24 09:08 - 2016-06-24 16:22 - 0037312 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\06-24-2016 2014-11-12 15:24 - 2016-04-01 12:40 - 0007600 _____ () C:\Users\Assistant2\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. The user is not administrator ==================== End of FRST.txt ============================
  9. A system was infected with an encryption virus. Malwarebytes was installed but not as active protection, just as an on-demand scanner. If I tried to run it it would immediately close. I think some of its files were encrypted. This virus encrypted files in program directories other than exe and dll files, so messed up several programs. Reran the install file and then Malwarebytes ran and removed the infection. But subsequent scans find 5 items but it won't give me the screen at the end to list them and let them be removed. It also doesn't have the link on the scan screen to see what these problems are. I fetched a fresh install file and did a new install, tried logging in as admin and running it from there, nothing helps. Active protection is running now and the system seems to be okay now but I need to get this resolved. Thanks.
  10. I have a system that was encrypted. We recovered data for other systems on the network from a backup but decided this system was going to be replaced anyway so are using it offline to learn about ransomware. enctypted files are marked .locky The ransomware beta (9.14.361) would not activate. I suspect because it has no internet connection, and I'm not going to give it one. This is the system where the problem started, where a user opened an attachment. It seems to be still infected. I made a new doc file and it immediately was encrypted. Though I've tried that numerous times since and now they don't get encrypted. Not sure if it's laying in wait. malwarebytes found malware.trace in the system. I did not quarantine it because want to learn more before cleaning it. Is malware.trace probably the item that can continue to encrypt? If I did clean that am I likely safe if I wanted to use this system? Mostly what I want to learn is when such an attack happens, how I know if the code is gone and it's safe to go back to using a system or putting it on the network.
  11. When I run MB the system event log shows several "Event ID 7, The device, \Device\Harddisk0, has a bad block". This doesn't show up any other time. Scandisk (standard, not surface test) doesn't show errors. Is MB maybe checking places on the disk which might be known bad blocks and triggers this error? Or is it actually encountering this error when checking what should be good files? If it's just known and marked bad blocks I won't worry about it. If it's blocks in use then I've got a failing disk. It would be nice to know. Thanks.
  12. When I installed MB on a system I declined the trial. Now I'd like to start the trial. How do I do that?
  13. I think you missed what I was trying to ask. I would not give up other antivirus. But it is consistent lately that all kinds of systems I work on with all kinds of different anti-virus are infected, many having been infected for some time. MB finds it and almost always gets rid of it. Are these anti-virus programs failing to block because they aren't as good at knowing what's a virus? Or because it is a more sure fire thing to find an infection after it's in and remove it? And if that's the case is there a way, along with some anti-virus, to get MB to run continuously or hourly or something, except in that case it would have to run at a low priority to not slow down the system (much). Or if not, then this is a suggestion.
  14. None of the anti-virus programs seem to block recent attacks. So either A: MB is that much better (not likely with all the resources Symantec has), or B: blocking doesn't really work and what does work is scanning after the infection to get rid of it. If it's B then is there a way to put MB in a pretty much continuous scan but at a very low priority?
  15. Nope, didn't work. I still ended up with what seemed like a frozen machine. And every test takes forever, some variation on the sequence: reboot to safe mode, uninstall mbam, reboot normal, turn off avg shield, maybe run mbam cleaner, maybe reboot again, install mbam, activate shield, try some things to see if it's running. If it isn't and I have to power cycle I'm risking trashing the HD. I'll just have to hope you all get it worked out. In the meantime since on other systems a trojan got past avg I've taken avg off entirely and just have mbam. I know that's not recommended but it's the best compromise for now.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.