Jump to content

Scans hang up


Recommended Posts

My scans hang up at C:WINDOWS/SYSWOW64/wbem/, first at wsdapi.mof and now at xsl-mappings.xml. Both with rootkits enabled. The scan will run without rootkits enabled. I have been working with bleepingcomputer tech on other issues and they recommended I come to you with this. I have done a MBAM Clean and reinstall after the first hangup and it hung up a second time. The log file is below. there is no addition log as this is not the first time the tool has been run.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-11-2015
Ran by Dot (administrator) on DOT-PC (18-11-2015 09:01:56)
Running from C:\Users\Dot\Desktop
Loaded Profiles: Dot (Available Profiles: Dot & QBDataServiceUser22 & QBDataServiceUser25)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Memeo) C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Monotype Inc.) C:\Program Files\Monotype\SkyFonts\Monotype.SkyFonts.Service.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-03-17] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-4154183769-122929292-2090752055-1002\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-4154183769-122929292-2090752055-1002\...\Run: [Monotype SkyFonts System Extension] => C:\Program Files\Monotype\SkyFonts\SkyFonts.exe [2403792 2015-10-27] (Monotype Inc.)
HKU\S-1-5-21-4154183769-122929292-2090752055-1002\...\Run: [Monotype SkyFonts Rack Up] => C:\Program Files\Monotype\SkyFonts\SFC.exe [24016 2015-10-27] (Monotype Imaging)
HKU\S-1-5-21-4154183769-122929292-2090752055-1002\...\Run: [GoogleChromeAutoLaunch_0BBCD82A44F2A3C2BB7EBD870E321555] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-06] (Google Inc.)
HKU\S-1-5-21-4154183769-122929292-2090752055-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Monotype SkyFonts System Extension] => C:\Program Files\Monotype\SkyFonts\SkyFonts.exe [2403792 2015-10-27] (Monotype Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-07-29]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-07-29]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{DF35EC01-C6E8-4697-8369-41264D2ABBD6}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-02] (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-02] (Oracle Corporation)
DPF: HKLM-x32 {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} hxxp://aceonline.asicentral.com/ace/ltocx13n.cab
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\HelpAsyncPluggableProtocol.dll [2015-10-15] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.searchqu.com/406
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\PepperFlash\19.0.0.226\pepflashplayer.dll ()
CHR Profile: C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-06]
CHR Extension: (Google Docs) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-06]
CHR Extension: (Google Drive) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-10-16]
CHR Extension: (YouTube) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2015-10-16]
CHR Extension: (Google Search) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-06]
CHR Extension: (Google Docs Offline) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Love Smoke) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgibfhhccaknggplelmbaepoikkcnllb [2015-10-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Read Your AOL Mail) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\phgdojkomekmnemlclopfjlmbamhnafp [2015-10-16]
CHR Extension: (Gmail) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
S2 HPSLPSVC; C:\Users\Dot\AppData\Local\Temp\7zS0D8A\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MemeoBackgroundService; C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [25824 2009-11-12] (Memeo)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-10-15] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-03-17] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-03-17] (Intuit Inc.) [File not signed]
U3 QuickBooksDB25; C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\QBDBMgrN.exe [827392 2015-03-17] (Intuit, Inc.) [File not signed]
R2 SkyFontsService; C:\Program Files\Monotype\SkyFonts\Monotype.SkyFonts.Service.exe [44496 2015-10-27] (Monotype Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-02] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-18] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 PciIsaSerial; C:\Windows\system32\drivers\PciIsaSerial.sys [68608 2008-12-19] (Windows ® Codename Longhorn DDK provider)
R3 PciPPorts; C:\Windows\system32\drivers\PciPPorts.sys [96768 2009-07-23] ()
R3 PciSPorts; C:\Windows\system32\drivers\PciSPorts.sys [122880 2008-12-19] ()
R3 VUSB3HUB; C:\Windows\system32\drivers\ViaHub3.sys [231112 2013-01-02] (VIA Technologies, Inc.)
S3 VUSBSTOR; C:\Windows\System32\Drivers\vusbstor.sys [86064 2013-01-17] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\system32\drivers\xhcdrv.sys [301256 2013-01-02] (VIA Technologies, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-18 09:01 - 2015-11-18 09:01 - 00000000 ____D C:\Users\Dot\Desktop\FRST-OlderVersion
2015-11-17 23:22 - 2015-11-17 23:22 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-11-17 17:38 - 2015-11-17 23:02 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForDot.job
2015-11-17 17:38 - 2015-11-17 21:37 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDot
2015-11-16 09:31 - 2015-11-16 09:31 - 00000000 ____D C:\Users\Dot\AppData\Roaming\Hewlett-Packard
2015-11-16 09:28 - 2015-11-16 09:28 - 00002227 _____ C:\Users\Dot\Desktop\HP Support Assistant.lnk
2015-11-16 09:28 - 2015-11-16 09:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-11-16 09:27 - 2015-11-16 10:18 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-16 09:27 - 2015-11-16 09:27 - 00000000 ____D C:\System.sav
2015-11-16 09:25 - 2015-11-16 09:25 - 00000000 ____D C:\Users\Dot\AppData\Roaming\hpqLog
2015-11-16 09:23 - 2015-11-16 10:23 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2015-11-16 09:18 - 2015-11-16 09:18 - 00003118 _____ C:\Windows\System32\Tasks\{6247BA63-0D11-4187-AB0D-98B3B4D700A5}
2015-11-16 09:16 - 2015-11-16 09:17 - 03795680 _____ (Oleg N. Scherbakov) C:\Users\Dot\Downloads\HPSupportSolutionsFramework-12.0.30.219.exe
2015-11-16 08:01 - 2015-11-18 09:01 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-16 08:01 - 2015-11-16 08:01 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-16 08:01 - 2015-11-16 08:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-16 08:00 - 2015-11-16 08:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-16 08:00 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-16 08:00 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-16 08:00 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-16 07:59 - 2015-11-16 08:00 - 00001554 _____ C:\Users\Dot\Desktop\mbam-setup-2.2.0.1024 - Shortcut.lnk
2015-11-16 07:58 - 2015-11-16 07:58 - 22908888 _____ (Malwarebytes ) C:\Users\Dot\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-15 19:50 - 2015-11-15 19:50 - 22908888 _____ (Malwarebytes ) C:\Users\Dot\Desktop\mbam-setup-2.2.0.1024 (3).exe
2015-11-15 09:11 - 2015-11-15 09:11 - 00001353 _____ C:\Users\Dot\Desktop\fixlist.txt
2015-11-14 23:24 - 2015-11-15 09:03 - 00000000 ____D C:\AdwCleaner
2015-11-14 23:24 - 2015-11-14 23:23 - 01732096 _____ C:\Users\Dot\Desktop\adwcleaner_5.021.exe
2015-11-14 23:23 - 2015-11-14 23:23 - 01732096 _____ C:\Users\Dot\Downloads\adwcleaner_5.021.exe
2015-11-14 23:07 - 2015-11-15 18:05 - 00043627 _____ C:\Users\Dot\Desktop\Addition.txt
2015-11-14 23:05 - 2015-11-18 09:01 - 00016510 _____ C:\Users\Dot\Desktop\FRST.txt
2015-11-14 23:04 - 2015-11-18 09:01 - 00000000 ____D C:\FRST
2015-11-14 17:59 - 2015-11-14 17:59 - 01624774 _____ C:\Users\Dot\Downloads\htd_paris.zip
2015-11-14 08:34 - 2015-11-18 09:01 - 02008576 _____ (Farbar) C:\Users\Dot\Desktop\FRST64.exe
2015-11-14 08:33 - 2015-11-14 08:33 - 02198528 _____ (Farbar) C:\Users\Dot\Downloads\FRST64.exe
2015-11-14 08:02 - 2015-11-14 08:02 - 00002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-11-14 08:02 - 2015-11-14 08:02 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-11-14 08:02 - 2015-11-14 08:02 - 00000796 _____ C:\Users\Public\Desktop\Speccy.lnk
2015-11-14 08:02 - 2015-11-14 08:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-11-14 08:02 - 2015-11-14 08:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-11-14 08:02 - 2015-11-14 08:02 - 00000000 ____D C:\Program Files\Speccy
2015-11-14 08:02 - 2015-11-14 08:02 - 00000000 ____D C:\Program Files\CCleaner
2015-11-14 08:00 - 2015-11-14 08:01 - 05127432 _____ (Piriform Ltd) C:\Users\Dot\Downloads\spsetup128.exe
2015-11-14 07:36 - 2015-11-14 07:36 - 00001125 _____ C:\Users\Dot\Desktop\DriveImage XML.lnk
2015-11-14 07:35 - 2015-11-14 07:35 - 00001107 _____ C:\Users\Public\Desktop\DriveImage XML.lnk
2015-11-14 07:35 - 2015-11-14 07:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2015-11-14 07:35 - 2015-11-14 07:35 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2015-11-14 07:33 - 2015-11-14 07:33 - 02026456 _____ C:\Users\Dot\Desktop\dixmlsetup.exe
2015-11-14 07:21 - 2015-11-03 12:01 - 03214848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 02:31 - 2015-10-12 22:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 02:30 - 2015-10-19 19:17 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 02:30 - 2015-10-19 19:17 - 00706496 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-11-11 02:30 - 2015-10-19 19:17 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 02:30 - 2015-10-19 19:17 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 02:30 - 2015-10-19 19:14 - 01729984 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 02:30 - 2015-10-19 19:14 - 00631384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-11-11 02:30 - 2015-10-19 19:12 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-11 02:30 - 2015-10-19 19:12 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-11 02:30 - 2015-10-19 19:12 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-11 02:30 - 2015-10-19 19:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 01166336 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-11 02:30 - 2015-10-19 19:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-11 02:30 - 2015-10-19 19:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-11 02:30 - 2015-10-19 19:10 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-11 02:30 - 2015-10-19 19:10 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-11-11 02:30 - 2015-10-19 19:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-11 02:30 - 2015-10-19 19:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-11 02:30 - 2015-10-19 19:10 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-11-11 02:30 - 2015-10-19 19:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:54 - 03996608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-11 02:30 - 2015-10-19 18:54 - 03940800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-11 02:30 - 2015-10-19 18:50 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-11 02:30 - 2015-10-19 18:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-11 02:30 - 2015-10-19 18:46 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-11 02:30 - 2015-10-19 18:45 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-11 02:30 - 2015-10-19 18:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-11 02:30 - 2015-10-19 18:45 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-11 02:30 - 2015-10-19 18:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-11 02:30 - 2015-10-19 18:45 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:05 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-11-11 02:30 - 2015-10-19 17:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 02:30 - 2015-10-19 17:47 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-11 02:30 - 2015-10-19 17:47 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 02:30 - 2015-10-19 17:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-11 02:30 - 2015-10-19 17:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 17:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 17:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 17:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 02:30 - 2015-09-23 07:18 - 00459344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 02:30 - 2015-09-23 07:18 - 00298192 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 02:30 - 2015-09-23 07:08 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 02:29 - 2015-10-19 19:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-11 02:29 - 2015-10-19 19:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-11 02:29 - 2015-10-19 19:01 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-11 02:29 - 2015-10-19 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 02:29 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 02:29 - 2015-10-19 18:41 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-11 02:29 - 2015-10-19 18:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-11 02:29 - 2015-10-19 18:37 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-11 02:29 - 2015-10-19 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 02:29 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 02:29 - 2015-10-19 17:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-11 02:27 - 2015-11-03 16:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-11 02:27 - 2015-11-03 15:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-11 02:27 - 2015-10-30 17:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-11 02:27 - 2015-10-30 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-11 02:27 - 2015-10-30 17:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 02:27 - 2015-10-30 17:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-11 02:27 - 2015-10-30 17:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-11 02:27 - 2015-10-30 17:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-11 02:27 - 2015-10-30 17:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 02:27 - 2015-10-30 17:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-11 02:27 - 2015-10-30 17:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-11 02:27 - 2015-10-30 17:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-11 02:27 - 2015-10-30 17:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-11 02:27 - 2015-10-30 17:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-11 02:27 - 2015-10-30 17:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-11 02:27 - 2015-10-30 17:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 02:27 - 2015-10-30 17:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 02:27 - 2015-10-30 17:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-11 02:27 - 2015-10-30 17:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-11 02:27 - 2015-10-30 17:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-11 02:27 - 2015-10-30 16:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-11 02:27 - 2015-10-30 16:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-11 02:27 - 2015-10-30 16:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 02:27 - 2015-10-30 16:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-11 02:27 - 2015-10-30 16:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-11 02:27 - 2015-10-30 16:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 02:27 - 2015-10-30 16:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-11 02:27 - 2015-10-30 16:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-11 02:27 - 2015-10-30 16:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-11 02:27 - 2015-10-30 16:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-11 02:27 - 2015-10-30 16:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-11 02:27 - 2015-10-30 16:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-11 02:27 - 2015-10-30 16:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 02:27 - 2015-10-30 16:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-11 02:27 - 2015-10-30 16:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-11 02:27 - 2015-10-30 16:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-11 02:27 - 2015-10-30 16:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 02:27 - 2015-10-30 16:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-11 02:27 - 2015-10-30 16:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-11 02:27 - 2015-10-30 16:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-11 02:27 - 2015-10-30 16:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 02:27 - 2015-10-30 16:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 02:27 - 2015-10-30 16:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-11 02:27 - 2015-10-30 16:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-11 02:27 - 2015-10-30 16:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-11 02:27 - 2015-10-30 16:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-11 02:27 - 2015-10-30 16:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 02:27 - 2015-10-30 16:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-11 02:27 - 2015-10-30 16:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-11 02:27 - 2015-10-30 16:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-11 02:27 - 2015-10-30 16:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 02:27 - 2015-10-30 16:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-11 02:27 - 2015-10-30 16:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 02:27 - 2015-10-30 16:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-11 02:27 - 2015-10-30 16:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 02:27 - 2015-10-30 16:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 02:27 - 2015-10-30 16:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-11 02:27 - 2015-10-30 16:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-11 02:27 - 2015-10-30 16:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 02:27 - 2015-10-30 15:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 02:27 - 2015-10-30 15:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 02:27 - 2015-10-30 15:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 02:27 - 2015-10-30 15:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 02:27 - 2015-10-20 12:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 02:27 - 2015-10-20 12:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 02:27 - 2015-10-20 12:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 02:27 - 2015-10-20 12:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 02:27 - 2015-10-20 12:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 02:27 - 2015-10-20 12:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-11 02:27 - 2015-10-20 12:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-11 02:27 - 2015-10-20 12:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 02:27 - 2015-10-20 12:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-11 02:27 - 2015-10-20 12:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 02:27 - 2015-10-20 12:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 02:27 - 2015-10-20 11:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 02:27 - 2015-10-20 11:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 02:27 - 2015-10-20 11:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 02:27 - 2015-10-20 11:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-11 02:27 - 2015-10-20 11:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 02:26 - 2015-10-30 17:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 02:26 - 2015-10-29 11:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-11 02:26 - 2015-10-29 11:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-11 02:26 - 2015-10-29 11:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-11 02:26 - 2015-10-29 11:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-11 02:26 - 2015-10-29 11:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-11 02:26 - 2015-10-29 11:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-11 02:26 - 2015-10-29 11:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-11 02:26 - 2015-10-13 18:50 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 02:26 - 2015-10-13 10:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 02:05 - 2015-10-01 12:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-11 02:05 - 2015-10-01 12:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-11 02:05 - 2015-10-01 11:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-10 13:32 - 2015-11-10 13:32 - 00440829 _____ C:\Users\Dot\Downloads\BJD_SC1.zip
2015-11-10 13:32 - 2015-11-10 13:32 - 00439048 _____ C:\Users\Dot\Downloads\BJD_SB3-1.zip
2015-11-03 09:45 - 2015-11-03 09:45 - 00000000 ____D C:\Users\Dot\AppData\Local\Monotype_Inc
2015-11-02 12:37 - 2015-11-09 09:53 - 00000000 ____D C:\Users\Dot\AppData\Local\CrashDumps
2015-11-01 11:25 - 2015-11-01 11:25 - 05749660 _____ C:\Users\Dot\Downloads\61049-900.zip
2015-10-30 03:42 - 2015-11-16 15:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-10-28 09:36 - 2015-10-28 09:36 - 00040494 _____ C:\Users\Dot\Downloads\--SV-DFS01-ClubRunnerdata-PublicAccounts-2386-ExportMember-590912_ExportMember.csv
2015-10-23 15:29 - 2015-10-23 15:29 - 00003692 _____ C:\Users\Dot\Downloads\1_Chicago_West_Chicago_Dupage_Airport.csv
2015-10-23 14:46 - 2015-10-23 14:46 - 00128301 _____ C:\Users\Dot\Downloads\EXAMPLE.xlsb
2015-10-23 14:34 - 2015-10-23 14:34 - 00035840 _____ C:\Users\Dot\Downloads\D9374 (2).xls
2015-10-23 14:34 - 2015-10-23 14:34 - 00034304 _____ C:\Users\Dot\Downloads\D9374 (3).xls
2015-10-23 14:32 - 2015-10-23 14:32 - 00034304 _____ C:\Users\Dot\Downloads\D9374 (1).xls
2015-10-23 14:23 - 2015-10-23 14:23 - 00035328 _____ C:\Users\Dot\Downloads\D9374.xls
2015-10-22 13:21 - 2015-11-18 08:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-22 13:21 - 2015-11-10 17:34 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-19 11:54 - 2015-11-10 07:25 - 00000000 ____D C:\EEK
2015-10-19 11:54 - 2015-10-19 11:54 - 00000743 _____ C:\Users\Dot\Desktop\Start Emsisoft Emergency Kit.lnk
2015-10-19 11:53 - 2015-10-19 11:53 - 168848536 _____ C:\Users\Dot\Downloads\EmsisoftEmergencyKit.exe
2015-10-19 11:50 - 2015-10-19 11:50 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-10-19 11:48 - 2015-10-19 11:48 - 00089276 _____ C:\Users\Dot\Downloads\HitmanPro_20151019_1247.log
2015-10-19 11:28 - 2015-10-19 11:28 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-10-19 11:28 - 2015-10-19 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-10-19 11:28 - 2015-10-19 11:28 - 00000000 ____D C:\Program Files\HitmanPro
2015-10-19 11:20 - 2015-10-19 11:20 - 22795336 _____ C:\Users\Dot\Downloads\RogueKillerX64.exe
2015-10-19 10:24 - 2015-10-19 10:25 - 11336600 _____ (SurfRight B.V.) C:\Users\Dot\Downloads\HitmanPro_x64.exe
2015-10-19 10:23 - 2015-10-19 11:52 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-19 10:23 - 2015-10-19 10:23 - 10357568 _____ (SurfRight B.V.) C:\Users\Dot\Downloads\HitmanPro.exe
2015-10-19 10:13 - 2015-10-19 10:13 - 00018752 _____ C:\Users\Dot\Downloads\RogueKillerRegistryReport.txt
2015-10-19 10:12 - 2015-10-19 10:12 - 00018754 _____ C:\Users\Dot\Downloads\rk_54D3.tmp.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-18 09:00 - 2014-07-21 16:47 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-18 09:00 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-18 09:00 - 2009-07-13 22:51 - 00064824 _____ C:\Windows\setupact.log
2015-11-18 08:59 - 2015-02-28 09:09 - 02022984 _____ C:\Windows\WindowsUpdate.log
2015-11-17 23:28 - 2009-07-13 22:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-17 23:28 - 2009-07-13 22:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-17 23:17 - 2009-07-13 23:13 - 00785858 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-17 17:38 - 2015-04-13 08:14 - 00000000 ____D C:\Users\Dot\AppData\Local\Hewlett-Packard
2015-11-16 22:42 - 2010-11-20 21:47 - 00063154 _____ C:\Windows\PFRO.log
2015-11-16 22:41 - 2015-10-07 16:34 - 00000000 ____D C:\Users\Dot\AppData\Roaming\Monotype
2015-11-16 16:03 - 2014-06-10 12:03 - 00000000 ____D C:\Windows\Panther
2015-11-16 09:28 - 2014-06-10 12:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-16 09:27 - 2015-03-17 15:48 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-11-16 08:00 - 2015-10-17 16:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-15 14:25 - 2015-07-27 12:53 - 00000000 ____D C:\Users\QBDataServiceUser25
2015-11-15 09:13 - 2015-07-27 15:30 - 00000000 ____D C:\Users\Dot\AppData\LocalLow\Temp
2015-11-15 03:19 - 2009-07-13 22:45 - 05114032 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-11 04:52 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2015-11-11 03:56 - 2014-06-10 12:33 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 03:38 - 2014-06-10 12:33 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 03:37 - 2015-03-06 14:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 03:16 - 2014-06-10 13:03 - 00777980 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-11 03:08 - 2011-04-12 02:28 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-10 21:12 - 2015-10-17 16:01 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-10 17:34 - 2015-10-17 16:00 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 17:34 - 2015-10-17 16:00 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-10 16:21 - 2015-03-06 14:03 - 00138568 _____ C:\Users\Dot\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-10 16:16 - 2014-07-21 17:10 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-10 16:15 - 2014-07-21 17:10 - 00000000 ____D C:\ProgramData\Adobe
2015-11-10 16:04 - 2015-03-06 14:35 - 00000000 ____D C:\Program Files\Adobe
2015-11-10 07:20 - 2015-08-17 12:43 - 00001377 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-11-10 07:20 - 2014-07-21 16:46 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-05 00:06 - 2015-07-27 14:32 - 00000000 ____D C:\Users\Dot\Documents\QB
2015-11-05 00:06 - 2015-03-17 19:23 - 00000000 ____D C:\ESPOnline
2015-11-03 10:33 - 2015-07-27 12:53 - 00038901 _____ C:\Users\Dot\AppData\Roaming\QBFileDrTool.log
2015-11-03 09:44 - 2015-10-07 16:35 - 00001880 _____ C:\Users\Public\Desktop\SkyFonts.lnk
2015-11-02 13:00 - 2015-03-06 16:24 - 00000111 _____ C:\Windows\QBChanUtil_Trigger.ini
2015-10-22 13:23 - 2015-03-17 15:28 - 00000000 ____D C:\Users\Dot\AppData\Local\Adobe
2015-10-19 12:02 - 2015-03-06 16:26 - 00000000 ____D C:\Users\QBDataServiceUser22
2015-10-19 11:20 - 2015-10-18 08:01 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-10-19 10:15 - 2015-10-18 08:01 - 00000000 ____D C:\ProgramData\RogueKiller
 
==================== Files in the root of some directories =======
 
2015-04-28 17:41 - 2015-05-26 08:34 - 0000132 _____ () C:\Users\Dot\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-07-27 15:03 - 2015-07-29 14:50 - 0031669 _____ () C:\Users\Dot\AppData\Roaming\FileDrTool.log
2015-07-27 12:53 - 2015-11-03 10:33 - 0038901 _____ () C:\Users\Dot\AppData\Roaming\QBFileDrTool.log
2015-05-13 15:55 - 2015-06-27 11:55 - 0001456 _____ () C:\Users\Dot\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-03-17 15:47 - 2015-03-17 15:47 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
C:\Users\Dot\AppData\Local\Temp\Abspdf.exe
C:\Users\Dot\AppData\Local\Temp\acfpdfu.dll
C:\Users\Dot\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Dot\AppData\Local\Temp\acfpdfui.dll
C:\Users\Dot\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Dot\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Dot\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Dot\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\Dot\AppData\Local\Temp\cdintf.dll
C:\Users\Dot\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Dot\AppData\Local\Temp\HPPSdr.exe
C:\Users\Dot\AppData\Local\Temp\hrlxp3gz.dll
C:\Users\Dot\AppData\Local\Temp\MSIZAP.EXE
C:\Users\Dot\AppData\Local\Temp\nvStInst.exe
C:\Users\Dot\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Dot\AppData\Local\Temp\RatsHelper.dll
C:\Users\Dot\AppData\Local\Temp\sqlite3.dll
C:\Users\Dot\AppData\Local\Temp\stlport_r50.dll
C:\Users\Dot\AppData\Local\Temp\xmllite.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-10 18:42
 
==================== End of FRST.txt ============================
CheckResults.txt is attached.

CheckResults.txt

Link to post
Share on other sites

Hello and welcome back: :)

 

You might want to try the steps here, especially the recommendation for checking the disk.

 

If that doesn't resolve your issue, please re-run FRST (instructions are here) -- before you do, please place a checkmark in the "Addition.txt" option.

 

Then, please ATTACH both logs (FRST.txt and Addition.txt) to your next reply here in this thread.

 

Thanks,

Link to post
Share on other sites

have tried the recommendations of running in safe mode (it will complete the scan) and then trying to run 'regular' (won't complete). Ran CHKDSK, which literally took hours; found no issues reported. Tried to run scan, still hangs up (always at C:\WINDOWS/SYSWOW64/wbem/, but always at a different file...first at wsdapi.mof then xsl-mappings.xml, then wscmisetup.mof, then wscenter.mof. Ran/running(?) defrag bat file. How do I know when it is done? It sat for several minutes then popped up and said 0% fragmented space but says this is a pre-defragmentation report.

Link to post
Share on other sites

  • Root Admin

I know you just had some cleanup work done on Bleepingcomputer but we need to look at some other routines. Since we can't do those in this specific forum please create a new topic in this forum.

 

https://forums.malwarebytes.org/index.php?/forum/7-malware-removal-help/

 

Then post a link in your new topic to this topic and say that Ron asked you to post and that he will assist you further.

Send me a private message with the link to your new topic when ready.

 

https://forums.malwarebytes.org/index.php?/topic/175189-scans-hang-up/

 

Thanks

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.