Jump to content

Has the malware gone?


Recommended Posts

A windows security essentials scan picked up a trojan virus. I promptly deleted it and ran a malwarebytes custom scan which detected nothing. The next day the microsoft security scan picked up a detected malware: Trojan: win32/fuery.B!cl .it also detected a seeder.  I ran a custom scan for both essentials and malwarebytes, and downloaded emisoft and then ran rkill. i have no idea how rkill works but i didn't do it in safe mode.

I have always been vigilant. malwarebytes and security essentials have always been up to date. i have https everywhere and a firewall by zonealarm. either this was from a torrent my friends used or a caused by an infected attachment. i also ran hijack this but access was denied, intructions were given to input commands in note pad but i'm inept at this.

how can i be sure there isn't a trojan right now? is there any way to complete ascertain a clean computer?

There isn't any files missing that i know off ( i'm borderline computer illiterate) and nothing has changed with speed or programs.

help would be appreciated. thank you for your time in advance.

Link to post
Share on other sites

Hello hopelessuser and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..
Link to post
Share on other sites

hi kevin, thank you for your input. what is an alternative to edge? i have windows seven home premium and decided to opt out of the new update.

i also upgraded the malwarebytes to premium 3.0 (free trial) which found nothing. i'm currently writing this in safemode after just running rkill. nothing at all was found.

is there an alternative to edge? another answer on google has told me it's impossible to download for windows 7.

Link to post
Share on other sites

Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Comfort Software Group) C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-03-24] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2017-02-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-550324307-2678909858-868305039-1000\...\Run: [F.lux] => "C:\Users\stephen\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
HKU\S-1-5-21-550324307-2678909858-868305039-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-550324307-2678909858-868305039-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-550324307-2678909858-868305039-1000\...\Run: [FreeCT] => C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe [4126624 2016-01-22] (Comfort Software Group)
HKU\S-1-5-21-550324307-2678909858-868305039-1000\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-550324307-2678909858-868305039-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-550324307-2678909858-868305039-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [96056 2013-02-06] (Siber Systems)
HKU\S-1-5-21-550324307-2678909858-868305039-1000\...\RunOnce: [Uninstall C:\Users\stephen\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\stephen\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\S-1-5-21-550324307-2678909858-868305039-1000\...\RunOnce: [Uninstall C:\Users\stephen\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\stephen\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
HKU\S-1-5-21-550324307-2678909858-868305039-1000\...\RunOnce: [Uninstall C:\Users\stephen\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\stephen\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64"
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKU\S-1-5-21-550324307-2678909858-868305039-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{81066A3E-AD27-434E-9121-457A66760857}: [DhcpNameServer] 192.168.1.254 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-550324307-2678909858-868305039-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
HKU\S-1-5-21-550324307-2678909858-868305039-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=EN&gu=f193acada036438c8d0a53a4587c7fa0&tu=10Gpy00FM2D30q0&sku=&tstsId=&ver=&
SearchScopes: HKLM -> DefaultScope {396120C8-56EE-4708-981C-29CDC9C92F4B} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {396120C8-56EE-4708-981C-29CDC9C92F4B} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-550324307-2678909858-868305039-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&q={searchTerms}&gu=f193acada036438c8d0a53a4587c7fa0&tu=10Gpy00FM2D30q0&sku=&tstsId=&ver=&&r=251
SearchScopes: HKU\S-1-5-21-550324307-2678909858-868305039-1000 -> {396120C8-56EE-4708-981C-29CDC9C92F4B} URL =
SearchScopes: HKU\S-1-5-21-550324307-2678909858-868305039-1000 -> {66052801-8FF6-4D84-B7D7-0C27C0802965} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: avast! EasyPass Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-02-06] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO-x32: Zonealarm Helper Object -> {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} -> C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\bh\zonealarm.dll => No File
BHO-x32: avast! EasyPass Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2013-02-06] (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-28] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-28] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - avast! EasyPass Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-02-06] (AVAST Software)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - avast! EasyPass Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2013-02-06] (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-550324307-2678909858-868305039-1000 -> avast! EasyPass Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-02-06] (AVAST Software)

FireFox:
========
FF DefaultProfile: xozy6k3k.profile reloaded
FF ProfilePath: C:\Users\stephen\AppData\Roaming\Mozilla\Firefox\Profiles\yk3jvdh7.default-1391828629242 [not found]
FF ProfilePath: C:\Users\stephen\AppData\Roaming\Mozilla\Firefox\Profiles\xk3kcfm3.default-1475807605357 [2016-10-07]
FF NetworkProxy: Mozilla\Firefox\Profiles\xk3kcfm3.default-1475807605357 -> type",
FF ProfilePath: C:\Users\stephen\AppData\Roaming\Mozilla\Firefox\Profiles\xozy6k3k.profile reloaded [2017-04-15]
FF Extension: (Adblock Plus) - C:\Users\stephen\AppData\Roaming\Mozilla\Firefox\Profiles\xozy6k3k.profile reloaded\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Extension: (Disable Prefetch) - C:\Users\stephen\AppData\Roaming\Mozilla\Firefox\Profiles\xozy6k3k.profile reloaded\features\{91053515-d79a-4ee6-a37b-51e91a30eb6b}\disable-prefetch@mozilla.org.xpi [2017-04-05]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-28] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://uk.search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=926458&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\stephen\AppData\Local\Google\Chrome\User Data\Default [2016-08-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2604664 2017-03-01] (AnchorFree Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
R2 VIAKaraokeService; C:\windows\system32\viakaraokesrv.exe [27760 2010-12-14] (VIA Technologies, Inc.)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-03-24] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 wpscloudsvr; C:\Users\stephen\AppData\Local\Kingsoft\WPS Office\wpscloudsvr.exe [173824 2017-01-06] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2015-10-19] (Check Point Software Technologies, Ltd.)
S2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AFTrafMgr1.2; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_2_64.sys [57272 2017-02-16] (AnchorFree Inc.)
S3 AMDCIR64; C:\windows\system32\drivers\AMDCIR64.sys [79488 2010-10-04] (Advanced Micro Devices)
S3 Apowersoft_AudioDevice; C:\windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [77440 2017-03-22] ()
R2 inpoutx64; C:\windows\System32\Drivers\inpoutx64.sys [15008 2012-12-20] (Highresolution Enterprises [www.highrez.co.uk])
R0 ioatdma; C:\windows\System32\Drivers\ioatdma.sys [46792 2009-11-16] (Intel Corporation)
R2 MBAMChameleon; C:\windows\system32\drivers\MBAMChameleon.sys [186304 2017-04-14] (Malwarebytes)
R3 MBAMFarflt; C:\windows\system32\drivers\farflt.sys [111544 2017-04-15] (Malwarebytes)
R3 MBAMProtection; C:\windows\system32\drivers\mbam.sys [43968 2017-04-15] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-15] (Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\drivers\mwac.sys [82720 2017-04-15] (Malwarebytes)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 MTsensor; C:\windows\system32\drivers\ASACPI.sys [15416 2009-07-16] ()
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 taphss6; C:\windows\System32\DRIVERS\taphss6.sys [42064 2016-07-21] (Anchorfree Inc.)
S3 TrojanKillerDriver; C:\windows\System32\DRIVERS\gtkdrv.sys [16640 2013-10-11] (Windows (R) Win 7 DDK provider)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
R1 Vsdatant; C:\windows\System32\DRIVERS\vsdatant.sys [462304 2016-03-24] (Check Point Software Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-15 21:00 - 2017-04-15 21:01 - 00020321 _____ C:\Users\stephen\Desktop\FRST.txt
2017-04-15 20:22 - 2017-04-15 21:00 - 00000000 ____D C:\FRST
2017-04-15 20:17 - 2017-04-15 20:17 - 02424832 _____ (Farbar) C:\Users\stephen\Desktop\FRST64.exe
2017-04-15 20:09 - 2017-04-15 20:09 - 00000000 ____H C:\ProgramData\cm-lock
2017-04-15 06:13 - 2017-04-15 06:13 - 00000000 ____D C:\ProgramData\Keylogger Detector
2017-04-15 06:12 - 2017-04-15 06:12 - 00000000 ____D C:\Users\stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Keylogger Detector
2017-04-15 06:12 - 2017-04-15 06:12 - 00000000 ____D C:\Program Files\Keylogger Detector
2017-04-15 06:11 - 2017-04-15 06:11 - 00613868 _____ C:\Users\stephen\Desktop\inst_antispy.exe
2017-04-15 04:10 - 2017-04-15 04:10 - 00000000 ____D C:\Users\stephen\AppData\Local\ElevatedDiagnostics
2017-04-15 03:10 - 2017-04-15 03:10 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\stephen\Desktop\rkill.exe
2017-04-15 03:10 - 2017-04-15 03:10 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\stephen\Desktop\rkill64.exe
2017-04-15 02:56 - 2017-04-15 04:11 - 00000000 ____D C:\windows\pss
2017-04-14 13:32 - 2017-04-15 20:24 - 00082720 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2017-04-14 13:32 - 2017-04-15 20:10 - 00251832 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-14 13:32 - 2017-04-15 20:10 - 00111544 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2017-04-14 13:32 - 2017-04-15 20:10 - 00043968 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2017-04-14 13:32 - 2017-04-14 13:32 - 00186304 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMChameleon.sys
2017-04-14 13:32 - 2017-04-14 13:32 - 00001875 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-14 13:32 - 2017-04-14 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-14 13:32 - 2017-04-14 13:32 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-14 13:32 - 2017-03-22 11:02 - 00077440 _____ C:\windows\system32\Drivers\mbae64.sys
2017-04-14 13:31 - 2017-04-14 13:31 - 60107896 _____ (Malwarebytes ) C:\Users\stephen\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-04-14 12:06 - 2017-04-14 12:06 - 00001136 _____ C:\Users\stephen\Desktop\rkill - Shortcut.lnk
2017-04-14 04:49 - 2017-04-14 05:59 - 00000000 ____D C:\ProgramData\Emsisoft
2017-04-14 04:48 - 2017-04-14 11:31 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-04-14 04:46 - 2017-04-14 04:47 - 250504992 _____ (Emsisoft Ltd. ) C:\Users\stephen\Downloads\EmsisoftAntiMalwareSetup.exe
2017-04-13 22:15 - 2017-04-13 22:15 - 21893192 _____ C:\Users\stephen\Downloads\RogueKiller.exe
2017-04-12 13:52 - 2017-04-12 13:52 - 55356624 _____ (Microsoft Corporation) C:\Users\stephen\Downloads\Windows-KB890830-x64-V5.47.exe
2017-04-12 13:22 - 2017-04-12 13:22 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\stephen\Downloads\rkill.exe
2017-04-12 13:11 - 2017-04-12 13:11 - 00388608 _____ (Trend Micro Inc.) C:\Users\stephen\Downloads\HijackThis.exe
2017-04-12 12:48 - 2017-04-13 21:32 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2017-04-12 12:48 - 2017-04-13 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-04-12 12:48 - 2017-04-13 21:32 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-04-12 12:48 - 2017-04-12 12:48 - 00001399 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-04-12 12:48 - 2017-04-12 12:48 - 00001387 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-04-12 12:48 - 2017-04-12 12:48 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-04-12 12:48 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2017-04-12 12:47 - 2017-04-12 12:47 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\stephen\Downloads\spybot-2-4.exe
2017-04-12 12:43 - 2017-04-12 12:43 - 29714736 _____ (SUPERAntiSpyware) C:\Users\stephen\Downloads\SUPERAntiSpyware.exe
2017-04-12 12:13 - 2017-04-12 12:14 - 00613868 _____ C:\Users\stephen\Downloads\inst_antispy.exe
2017-04-11 20:47 - 2017-03-27 19:13 - 00394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-04-11 20:47 - 2017-03-27 18:28 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2017-04-11 20:47 - 2017-03-25 20:39 - 20284416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-04-11 20:47 - 2017-03-25 20:07 - 04604416 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-04-11 20:47 - 2017-03-25 20:06 - 13654016 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-04-11 20:47 - 2017-03-25 19:55 - 02767360 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-04-11 20:47 - 2017-03-25 19:52 - 02289152 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2017-04-11 20:47 - 2017-03-25 19:51 - 01313280 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-04-11 20:47 - 2017-03-25 19:48 - 00499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-04-11 20:47 - 2017-03-25 19:47 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2017-04-11 20:47 - 2017-03-25 19:47 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-04-11 20:47 - 2017-03-25 19:47 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2017-04-11 20:47 - 2017-03-25 19:46 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-04-11 20:47 - 2017-03-25 19:46 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-04-11 20:47 - 2017-03-25 19:46 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2017-04-11 20:47 - 2017-03-25 19:46 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2017-04-11 20:47 - 2017-03-25 19:46 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2017-04-11 20:47 - 2017-03-25 19:46 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2017-04-11 20:47 - 2017-03-25 19:46 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-04-11 20:47 - 2017-03-25 19:46 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2017-04-11 20:47 - 2017-03-25 19:45 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2017-04-11 20:47 - 2017-03-25 19:45 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2017-04-11 20:47 - 2017-03-25 19:45 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2017-04-11 20:47 - 2017-03-25 19:45 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2017-04-11 20:47 - 2017-03-25 19:45 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2017-04-11 20:47 - 2017-03-25 19:45 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2017-04-11 20:47 - 2017-03-25 19:45 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2017-04-11 20:47 - 2017-03-25 19:44 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2017-04-11 20:47 - 2017-03-25 19:44 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2017-04-11 20:47 - 2017-03-25 19:35 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2017-04-11 20:47 - 2017-03-25 19:35 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2017-04-11 20:47 - 2017-03-25 19:16 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2017-04-11 20:47 - 2017-03-25 19:14 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2017-04-11 20:47 - 2017-03-25 19:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2017-04-11 20:47 - 2017-03-25 19:13 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-04-11 20:47 - 2017-03-25 19:13 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2017-04-11 20:47 - 2017-03-25 19:10 - 02898432 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-04-11 20:47 - 2017-03-25 19:04 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2017-04-11 20:47 - 2017-03-25 19:02 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2017-04-11 20:47 - 2017-03-25 18:57 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2017-04-11 20:47 - 2017-03-25 18:56 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-04-11 20:47 - 2017-03-25 18:56 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2017-04-11 20:47 - 2017-03-25 18:56 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2017-04-11 20:47 - 2017-03-25 18:56 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2017-04-11 20:47 - 2017-03-25 18:52 - 25746944 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-04-11 20:47 - 2017-03-25 18:45 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2017-04-11 20:47 - 2017-03-25 18:41 - 06045696 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-04-11 20:47 - 2017-03-25 18:41 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2017-04-11 20:47 - 2017-03-25 18:30 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2017-04-11 20:47 - 2017-03-25 18:29 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2017-04-11 20:47 - 2017-03-25 18:24 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2017-04-11 20:47 - 2017-03-25 18:23 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2017-04-11 20:47 - 2017-03-25 18:20 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-04-11 20:47 - 2017-03-25 18:19 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2017-04-11 20:47 - 2017-03-25 18:17 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2017-04-11 20:47 - 2017-03-25 18:06 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2017-04-11 20:47 - 2017-03-25 18:04 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-04-11 20:47 - 2017-03-25 18:00 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2017-04-11 20:47 - 2017-03-25 17:59 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-04-11 20:47 - 2017-03-25 17:57 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-04-11 20:47 - 2017-03-25 17:57 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2017-04-11 20:47 - 2017-03-25 17:28 - 15259136 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-04-11 20:47 - 2017-03-25 17:27 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2017-04-11 20:47 - 2017-03-25 17:24 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-04-11 20:47 - 2017-03-25 17:10 - 01546240 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-04-11 20:47 - 2017-03-25 17:01 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-04-11 20:47 - 2017-03-24 23:50 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2017-04-11 20:47 - 2017-03-24 23:42 - 00313344 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2017-04-11 20:47 - 2017-03-22 16:32 - 03165184 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2017-04-11 20:47 - 2017-03-22 16:32 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2017-04-11 20:47 - 2017-03-22 16:32 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2017-04-11 20:47 - 2017-03-22 16:30 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2017-04-11 20:47 - 2017-03-22 16:24 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2017-04-11 20:47 - 2017-03-22 16:17 - 02651136 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2017-04-11 20:47 - 2017-03-22 16:15 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2017-04-11 20:47 - 2017-03-22 16:15 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2017-04-11 20:47 - 2017-03-22 16:15 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2017-04-11 20:47 - 2017-03-22 16:15 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2017-04-11 20:47 - 2017-03-22 16:15 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2017-04-11 20:47 - 2017-03-22 16:15 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2017-04-11 20:47 - 2017-03-22 16:05 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2017-04-11 20:47 - 2017-03-22 16:05 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2017-04-11 20:47 - 2017-03-22 16:05 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2017-04-11 20:47 - 2017-03-22 16:05 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2017-04-11 20:47 - 2017-03-14 16:34 - 00986344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2017-04-11 20:47 - 2017-03-14 16:34 - 00265448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2017-04-11 20:47 - 2017-03-14 16:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2017-04-11 20:47 - 2017-03-10 17:35 - 00382696 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2017-04-11 20:47 - 2017-03-10 17:31 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2017-04-11 20:47 - 2017-03-10 17:31 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2017-04-11 20:47 - 2017-03-10 17:31 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2017-04-11 20:47 - 2017-03-10 17:31 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2017-04-11 20:47 - 2017-03-10 17:27 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2017-04-11 20:47 - 2017-03-10 17:20 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2017-04-11 20:47 - 2017-03-10 17:19 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2017-04-11 20:47 - 2017-03-10 17:19 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2017-04-11 20:47 - 2017-03-10 17:00 - 03219968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-04-11 20:47 - 2017-03-10 16:53 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2017-04-11 20:47 - 2017-03-08 21:20 - 01133568 _____ (Microsoft Corporation) C:\windows\system32\cdosys.dll
2017-04-11 20:47 - 2017-03-08 21:10 - 00805376 _____ (Microsoft Corporation) C:\windows\SysWOW64\cdosys.dll
2017-04-11 20:47 - 2017-03-08 05:37 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2017-04-11 20:47 - 2017-03-08 05:36 - 05548264 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-04-11 20:47 - 2017-03-08 05:36 - 00706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2017-04-11 20:47 - 2017-03-08 05:36 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-04-11 20:47 - 2017-03-08 05:36 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-04-11 20:47 - 2017-03-08 05:34 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 02064384 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:26 - 04000488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2017-04-11 20:47 - 2017-03-08 05:26 - 03945192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2017-04-11 20:47 - 2017-03-08 05:24 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2017-04-11 20:47 - 2017-03-08 05:22 - 01416192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2017-04-11 20:47 - 2017-03-08 05:22 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2017-04-11 20:47 - 2017-03-08 05:22 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2017-04-11 20:47 - 2017-03-08 05:22 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-04-11 20:47 - 2017-03-08 05:22 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2017-04-11 20:47 - 2017-03-08 05:22 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-04-11 20:47 - 2017-03-08 05:22 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2017-04-11 20:47 - 2017-03-08 05:22 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2017-04-11 20:47 - 2017-03-08 05:22 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2017-04-11 20:47 - 2017-03-08 05:22 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2017-04-11 20:47 - 2017-03-08 05:22 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2017-04-11 20:47 - 2017-03-08 05:22 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2017-04-11 20:47 - 2017-03-08 05:22 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2017-04-11 20:47 - 2017-03-08 05:22 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2017-04-11 20:47 - 2017-03-08 05:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-04-11 20:47 - 2017-03-08 05:22 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2017-04-11 20:47 - 2017-03-08 05:22 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2017-04-11 20:47 - 2017-03-08 05:22 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2017-04-11 20:47 - 2017-03-08 05:22 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 05:03 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2017-04-11 20:47 - 2017-03-08 05:03 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-04-11 20:47 - 2017-03-08 05:03 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2017-04-11 20:47 - 2017-03-08 05:03 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2017-04-11 20:47 - 2017-03-08 05:00 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2017-04-11 20:47 - 2017-03-08 04:59 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2017-04-11 20:47 - 2017-03-08 04:57 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2017-04-11 20:47 - 2017-03-08 04:56 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-04-11 20:47 - 2017-03-08 04:56 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-04-11 20:47 - 2017-03-08 04:56 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-04-11 20:47 - 2017-03-08 04:55 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2017-04-11 20:47 - 2017-03-08 04:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-04-11 20:47 - 2017-03-08 04:54 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2017-04-11 20:47 - 2017-03-08 04:54 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2017-04-11 20:47 - 2017-03-08 04:54 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2017-04-11 20:47 - 2017-03-08 04:54 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2017-04-11 20:47 - 2017-03-08 04:53 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2017-04-11 20:47 - 2017-03-08 04:53 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 04:53 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 04:53 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-11 20:47 - 2017-03-08 04:53 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-11 20:47 - 2017-03-07 17:30 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2017-04-11 20:47 - 2017-03-07 17:17 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2017-04-11 20:47 - 2017-03-04 02:27 - 01574912 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2017-04-11 20:47 - 2017-03-04 02:27 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\mfmjpegdec.dll
2017-04-11 20:47 - 2017-03-04 02:14 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2017-04-11 20:47 - 2017-03-04 02:14 - 00077312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmjpegdec.dll
2017-04-11 20:47 - 2017-02-14 17:33 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2017-04-11 20:47 - 2017-02-14 17:19 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2017-04-11 20:47 - 2017-02-11 17:33 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2017-04-11 20:47 - 2017-02-11 17:16 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2017-04-11 20:47 - 2017-02-09 17:32 - 00769536 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2017-04-11 20:47 - 2017-02-09 17:32 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2017-04-11 20:47 - 2017-02-09 17:14 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2017-04-11 20:47 - 2017-01-18 16:36 - 00994760 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2017-04-11 20:47 - 2017-01-18 16:36 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:36 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:36 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:36 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:36 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:36 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:36 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:36 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:36 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-11 20:47 - 2017-01-18 16:36 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-11 20:47 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-11 20:47 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:36 - 00011608 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-11 20:47 - 2017-01-18 16:35 - 00922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2017-04-11 20:47 - 2017-01-18 16:35 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:35 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:35 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:35 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:35 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:35 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:35 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:35 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:35 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-11 20:47 - 2017-01-18 16:35 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-11 20:47 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-11 20:47 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-11 20:47 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-02 15:21 - 2017-04-13 21:32 - 00000000 ____D C:\Users\stephen\Desktop\procrastination reddit_files
2017-04-02 15:21 - 2017-04-02 15:21 - 00832389 _____ C:\Users\stephen\Desktop\procrastination reddit.htm
2017-03-20 00:48 - 2017-03-20 00:48 - 00028352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr110_clr0400.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr100_clr0400.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp110_clr0400.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00030400 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\windows\system32\msvcr110_clr0400.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\windows\system32\msvcr100_clr0400.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\windows\system32\msvcp110_clr0400.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-15 20:56 - 2016-09-11 00:22 - 00000714 _____ C:\windows\Tasks\WpsKtpcntrQingTask_stephen.job
2017-04-15 20:44 - 2016-05-17 17:44 - 00000278 _____ C:\windows\Tasks\{591D161D-C3D9-7EB0-B5C3-070874C49306}.job
2017-04-15 20:22 - 2009-07-14 05:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-15 20:22 - 2009-07-14 05:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-15 20:15 - 2009-07-14 06:13 - 00006518 _____ C:\windows\system32\PerfStringBackup.INI
2017-04-15 20:11 - 2016-11-18 03:49 - 00000000 ____D C:\Users\stephen\AppData\LocalLow\Mozilla
2017-04-15 20:09 - 2017-01-06 03:31 - 00000398 _____ C:\windows\Tasks\WpsUpdateTask_stephen.job
2017-04-15 10:51 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-04-15 03:12 - 2014-05-25 22:05 - 00002944 _____ C:\Users\stephen\Desktop\Rkill.txt
2017-04-14 14:52 - 2017-03-14 06:07 - 00252576 _____ C:\windows\ntbtlog.txt
2017-04-14 13:32 - 2013-11-15 18:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-14 06:14 - 2014-12-06 05:00 - 00051200 _____ C:\Users\stephen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-14 06:04 - 2015-03-13 06:20 - 00000000 ____D C:\Users\stephen\Documents\liteCam
2017-04-13 21:32 - 2016-11-17 22:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-13 21:32 - 2015-07-30 15:13 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2017-04-13 21:32 - 2015-02-27 22:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-13 21:32 - 2015-02-03 07:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-13 21:32 - 2015-02-03 07:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-13 21:32 - 2015-02-03 07:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-13 21:32 - 2014-02-08 03:09 - 00000000 ____D C:\ProgramData\SecTaskMan
2017-04-13 21:32 - 2013-06-05 03:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-04-13 21:32 - 2012-12-28 04:20 - 00000000 ____D C:\Users\stephen
2017-04-13 21:32 - 2012-09-26 09:19 - 00000000 ____D C:\windows\system32\Macromed
2017-04-13 21:32 - 2009-07-14 04:20 - 00000000 ____D C:\windows\servicing
2017-04-13 21:32 - 2009-07-14 04:20 - 00000000 ____D C:\windows\registration
2017-04-13 21:32 - 2009-07-14 04:20 - 00000000 ____D C:\windows\inf
2017-04-13 21:32 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-04-12 13:52 - 2013-01-05 19:21 - 148601744 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-04-12 10:10 - 2016-07-29 10:01 - 00437152 _____ C:\windows\system32\FNTCACHE.DAT
2017-04-12 03:06 - 2013-08-14 20:19 - 00000000 ____D C:\windows\system32\MRT
2017-04-12 01:54 - 2013-02-04 20:32 - 00802904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-04-12 01:54 - 2013-02-04 20:32 - 00144472 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-12 01:54 - 2013-02-04 20:32 - 00004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-04-12 01:54 - 2012-09-26 09:19 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-04-11 21:02 - 2014-12-27 01:46 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-11 21:02 - 2013-02-06 22:12 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-04-10 23:05 - 2013-02-04 20:32 - 00003330 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-10 23:05 - 2013-02-04 20:32 - 00003202 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-07 23:06 - 2010-11-21 04:27 - 00532136 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2017-03-31 18:50 - 2016-08-16 10:38 - 00000000 ____D C:\Users\stephen\Desktop\New folder
2017-03-20 12:37 - 2012-12-28 04:29 - 00000000 ____D C:\Users\stephen\AppData\Roaming\SoftGrid Client

==================== Files in the root of some directories =======

2016-05-18 11:44 - 2016-05-22 19:44 - 0000075 _____ () C:\Users\stephen\AppData\Roaming\WB.CFG
2014-12-06 05:00 - 2017-04-14 06:14 - 0051200 _____ () C:\Users\stephen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-13 16:02 - 2015-01-13 16:02 - 0000000 _____ () C:\Users\stephen\AppData\Local\{19D2826A-03E0-4BFA-B2BF-49A8DCEE6D4D}
2017-04-15 20:09 - 2017-04-15 20:09 - 0000000 ____H () C:\ProgramData\cm-lock

Files to move or delete:
====================
C:\Windows\Tasks\{591D161D-C3D9-7EB0-B5C3-070874C49306}.job


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-06 01:01

==================== End of FRST.txt ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by stephen (15-04-2017 21:52:55)
Running from C:\Users\stephen\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-12-28 03:20:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-550324307-2678909858-868305039-500 - Administrator - Disabled)
Guest (S-1-5-21-550324307-2678909858-868305039-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-550324307-2678909858-868305039-1003 - Limited - Enabled)
stephen (S-1-5-21-550324307-2678909858-868305039-1000 - Administrator - Enabled) => C:\Users\stephen

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.20) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! EasyPass (HKLM-x32\...\AI RoboForm) (Version: 7-7-8-128 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brain Workshop 4.8.4 (HKLM-x32\...\Brain Workshop_is1) (Version: 4.8.4 - Paul Hoskinson & Jonathan Toomim)
Canon MX430 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ED209 Media Kit (HKLM-x32\...\ED209 Media Kit) (Version:  - )
FM JPG To PDF Converter Free 2.0 (HKLM-x32\...\FM JPG To PDF Converter Free_is1) (Version: 2.0 - )
Free Countdown Timer (HKLM-x32\...\{404245D0-E836-4737-9C12-D4D0034540F5}_is1) (Version: 4.0.1.0 - Comfort Software Group)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Hotspot Shield 6.5.2 (HKLM-x32\...\{3421ebee-874e-4668-9a74-fec88239d649}) (Version: 6.5.2.10372 - AnchorFree Inc.)
Hotspot Shield 6.5.2 (x32 Version: 6.5.2 - AnchorFree Inc.) Hidden
Hotspot Shield 6.5.2 (x32 Version: 6.5.2.10372 - AnchorFree Inc.) Hidden
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Keylogger Detector (HKLM-x32\...\Keylogger Detector) (Version:  - )
liteCam HD (HKLM-x32\...\{49D77BFA-135A-49AD-9A8A-8488EADA562D}) (Version: 5.05.0000 - RSUPPORT)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Maxthon 3 (HKLM-x32\...\Maxthon3) (Version:  - Maxthon International Limited)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-550324307-2678909858-868305039-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 52.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-GB)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version:  - )
OpenVPN 2.3.6-I001  (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
RMP4 (HKLM-x32\...\{F78FC958-7354-43EA-BF26-AFCBFE7B9C18}) (Version: 1.05.0000 - RSUPPORT)
RSCC (HKLM-x32\...\{562CBD30-CA59-4640-862C-99C0ECED4B4C}) (Version: 2.02.0000 - RSUPPORT)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}) (Version: 17.0.10381 - WinZip Computing, S.L. )
WPS Office (10.2.0.5811) (HKU\S-1-5-21-550324307-2678909858-868305039-1000\...\Kingsoft Office) (Version: 10.2.0.5811 - Kingsoft Corp.)
ZoneAlarm Firewall (x32 Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 14.1.057.000 - Check Point)
ZoneAlarm Security (x32 Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-550324307-2678909858-868305039-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\stephen\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-550324307-2678909858-868305039-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\stephen\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-550324307-2678909858-868305039-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\stephen\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-550324307-2678909858-868305039-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\stephen\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-550324307-2678909858-868305039-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\stephen\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08EA38E4-947D-408D-9C44-0C0FB4D9179A} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {1D6C87DF-6B59-4A56-AF37-E0B799B8C9C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1F47EE1A-A9DC-409C-9973-7368E14DA5FC} - System32\Tasks\{96EF1E04-6081-4F63-AADD-7F5AA948BE6D} => C:\Program Files (x86)\Apowersoft\Apowersoft Free Screen Recorder\Apowersoft Free Screen Recorder.exe
Task: {2CD3C840-1F11-4632-9736-37F779D5B62E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {2DCA5AE2-70B0-48B9-90A5-E0DACA40E2A1} - System32\Tasks\{1D23EFA0-194D-43AE-9C07-FC92C99429E9} => C:\Program Files (x86)\Apowersoft\Apowersoft Free Screen Recorder\Apowersoft Free Screen Recorder.exe
Task: {3B55F1F8-998D-4092-996B-E70DD8E58929} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {427FE026-6C53-4CFA-8A4D-0B6BA1E6CEC1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {42A4A1A1-DD79-4259-921F-72648AEC3F22} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {4B95884A-451A-4518-94B7-56D82A2149F9} - System32\Tasks\{6A2D2884-C143-41DE-99A7-2AC46403CED5} => C:\Program Files (x86)\Apowersoft\Apowersoft Free Screen Recorder\Apowersoft Free Screen Recorder.exe
Task: {58498BB9-2E81-4369-A0B9-310E83349FC1} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-12] (Adobe Systems Incorporated)
Task: {7B54FE64-6FC5-4262-B675-3AF126349DFA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {89B1E411-A526-4DB8-B17D-FD0A4AF22144} - System32\Tasks\WpsUpdateTask_stephen => C:\Users\stephen\AppData\Local\Kingsoft\WPS Office\10.2.0.5811\wtoolex\wpsupdate.exe [2017-01-06] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {8E90C951-1AB0-4BE2-A04D-E02D05E204DE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {994BC7BC-EC15-4378-BB9B-CAED5B60E5D2} - System32\Tasks\{591D161D-C3D9-7EB0-B5C3-070874C49306} => C:\Users\stephen\AppData\Local\{5C166~1\UNINST~1.EXE  <==== ATTENTION
Task: {AD1C34BD-7B07-4906-8F78-8C1248B98E67} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon3\Bin\mxup.exe [2015-05-08] (Maxthon International ltd.)
Task: {AE484044-C7F0-4508-921B-0CD65E9E3EE0} - System32\Tasks\{35432E3B-7BD2-4693-B094-C83714B994C6} => pcalua.exe -a C:\Users\stephen\Downloads\wlsetup-web(1).exe -d C:\Users\stephen\Downloads
Task: {AEF66CA9-56E9-4458-89C0-40A7F5165837} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B8D02317-9AD1-471A-AD95-F23D51F99F7D} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-02-06] (Siber Systems)
Task: {CDA811A3-08F1-40D5-BA13-91519C1E25E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D8FD4926-5200-4459-A46C-72E2C6C4A1C4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-07-30] (AVAST Software)
Task: {E8DD92B9-C53F-4548-950D-199A6207573A} - System32\Tasks\WpsKtpcntrQingTask_stephen => C:\Users\stephen\AppData\Local\Kingsoft\WPS Office\10.2.0.5811\office6\ktpcntr.exe [2017-01-06] (Zhuhai Kingsoft Office Software Co.,Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\WpsKtpcntrQingTask_stephen.job => C:\Users\stephen\AppData\Local\Kingsoft\WPS Office\10.2.0.5811\office6\ktpcntr.exe Ãqing 10.2.0.5811 xxx server_url=hxxp:/kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html ic_server_url=hxxp:/info.kingsoftstore.com/wpsv6internet/infos.ads
Task: C:\windows\Tasks\WpsUpdateTask_stephen.job => C:\Users\stephen\AppData\Local\Kingsoft\WPS Office\10.2.0.5811\wtoolex\wpsupdate.exe
Task: C:\windows\Tasks\{591D161D-C3D9-7EB0-B5C3-070874C49306}.job => C:\Users\stephen\AppData\Local\{5C166~1\UNINST~1.EXE <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-04-14 13:32 - 2017-03-22 10:24 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-04-14 13:32 - 2017-03-23 19:40 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2012-05-31 10:02 - 2012-02-28 01:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-04-12 12:48 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-04-12 12:48 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-04-12 12:48 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-04-12 12:48 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-08-28 08:22 - 00000826 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-550324307-2678909858-868305039-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\stephen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{411BDCFF-647B-4059-97E9-CD12C6D43911}] => (Allow) C:\Users\stephen\AppData\Local\Temp\nssEF14.tmp\CnetInstaller-10643835.exe
FirewallRules: [{F5463376-C422-4165-BB32-0C6AE1456AF2}] => (Allow) C:\Users\stephen\AppData\Local\Temp\nssEF14.tmp\CnetInstaller-10643835.exe
FirewallRules: [{76B1308A-8248-49D8-8521-26D92F3A773A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B9B6FAF8-7A2E-4FA9-A536-710C1E9B9018}] => (Allow) LPort=2869
FirewallRules: [{166A2C42-3CA2-42C8-870E-DCBCDF9E5C99}] => (Allow) LPort=1900
FirewallRules: [{6213CBFB-9AA4-47F2-AC08-D36120796D86}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F85453FA-7F0F-49F6-A922-4536EDFE348C}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{D908457A-E892-4C41-8DDC-6990219F18A4}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{30018C36-3BEC-423C-BF64-D273337F8F73}] => (Allow) C:\Users\stephen\AppData\Local\Temp\nsiD868.tmp\Installer-10050423.exe
FirewallRules: [{CA83F2E0-63A3-4656-882D-4B2411597DC3}] => (Allow) C:\Users\stephen\AppData\Local\Temp\nsiD868.tmp\Installer-10050423.exe
FirewallRules: [{9957EFA5-59FD-42E5-9B30-EE55980D2717}] => (Allow) C:\Users\stephen\Downloads\diskdigger-75001121.exe
FirewallRules: [{19A71807-2F50-4DFA-A678-D9A35167FCD9}] => (Allow) C:\Users\stephen\Downloads\diskdigger-75001121.exe
FirewallRules: [{CEA26A44-F948-463A-8345-0669A551BEC6}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{9AA1CF7B-15DC-4D4B-B645-B86517BB0E77}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{D0D79F4F-2703-47F2-98A9-44E8F54B69FA}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{1531CE83-86CF-487F-A23A-30594FEE3273}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{57853870-A0B7-4011-AE7D-2F7BBCB330AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{56AC6C2F-A4B1-456F-B105-A5C0A5EE6E3B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

23-03-2017 00:35:31 Windows Update
27-03-2017 02:18:46 Windows Update
30-03-2017 14:16:47 Windows Update
02-04-2017 20:42:05 Windows Update
06-04-2017 00:50:21 Windows Update
09-04-2017 15:23:54 Windows Update
12-04-2017 03:00:15 Windows Update
13-04-2017 20:38:58 Restore Operation
15-04-2017 04:16:24 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/15/2017 08:15:04 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/15/2017 08:15:04 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/15/2017 08:10:39 PM) (Source: SDFSSvc.exe) (EventID: 0) (User: )
Description: Event-ID 0

Error: (04/15/2017 08:09:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/15/2017 09:01:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10046

Error: (04/15/2017 09:01:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10046

Error: (04/15/2017 09:01:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/15/2017 09:01:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9017

Error: (04/15/2017 09:01:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9017

Error: (04/15/2017 09:01:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (04/15/2017 08:08:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.

Error: (04/15/2017 04:12:31 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.

Error: (04/15/2017 04:11:09 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.

Error: (04/15/2017 03:09:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/15/2017 03:09:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/15/2017 03:09:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/15/2017 03:09:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/15/2017 03:09:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/15/2017 03:09:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/15/2017 03:09:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 37%
Total physical RAM: 7885.96 MB
Available physical RAM: 4894.41 MB
Total Virtual: 15770.11 MB
Available Virtual: 12528.92 MB

==================== Drives ================================

Drive c: (Windows7) (Fixed) (Total:923.41 GB) (Free:824.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1C5D3872)
Partition 1: (Not Active) - (Size=7.8 GB) - (Type=27)
Partition 2: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=923.4 GB) - (Type=07 NTFS)

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017 (ATTENTION: ====> FRSTversion is 31 days old and could be outdated)
Ran by stephen (administrator) on EARLE89 (15-04-2017 21:52:14)
Running from C:\Users\stephen\Desktop
Loaded Profiles: stephen (Available Profiles: stephen & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

Link to post
Share on other sites

Thanks for those logs, there is no obvious malware or infection in those logs.  A bit of clean up with the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

We still need to run two more scans to double check your system...

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.



Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Let me see those logs, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin

 

fixlist.txt

Link to post
Share on other sites

You have FRST64 on your Desktop as quoted in the header of the primary log FRST.txt

Quote

Running from C:\Users\stephen\Desktop

So that is where you save the file I attached Fixlist.txt

Open FRST64.exe and select the "Fix" tab, the tool will run, read the commands in the file Fixlist.txt and create a new log Fixlog.txt

Link to post
Share on other sites

okay kevin here is the log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by stephen (15-04-2017 23:55:26) Run:1
Running from C:\Users\stephen\Desktop\frst64fixlist
Loaded Profiles: stephen (Available Profiles: stephen & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
2017-04-15 20:56 - 2016-09-11 00:22 - 00000714 _____ C:\windows\Tasks\WpsKtpcntrQingTask_stephen.job
2017-04-15 20:44 - 2016-05-17 17:44 - 00000278 _____ C:\windows\Tasks\{591D161D-C3D9-7EB0-B5C3-070874C49306}.job
Task: {994BC7BC-EC15-4378-BB9B-CAED5B60E5D2} - System32\Tasks\{591D161D-C3D9-7EB0-B5C3-070874C49306} => C:\Users\stephen\AppData\Local\{5C166~1\UNINST~1.EXE  <==== ATTENTION
C:\Users\stephen\AppData\Local\{5C166~1
FirewallRules: [{B9B6FAF8-7A2E-4FA9-A536-710C1E9B9018}] => (Allow) LPort=2869
FirewallRules: [{166A2C42-3CA2-42C8-870E-DCBCDF9E5C99}] => (Allow) LPort=1900
RemoveProxy:
Hosts:
EmptyTemp:
end

*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
C:\windows\Tasks\WpsKtpcntrQingTask_stephen.job => moved successfully
C:\windows\Tasks\{591D161D-C3D9-7EB0-B5C3-070874C49306}.job => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{994BC7BC-EC15-4378-BB9B-CAED5B60E5D2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{994BC7BC-EC15-4378-BB9B-CAED5B60E5D2} => key removed successfully
C:\windows\System32\Tasks\{591D161D-C3D9-7EB0-B5C3-070874C49306} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{591D161D-C3D9-7EB0-B5C3-070874C49306} => key removed successfully
"C:\Users\stephen\AppData\Local\{5C166~1" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B9B6FAF8-7A2E-4FA9-A536-710C1E9B9018} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{166A2C42-3CA2-42C8-870E-DCBCDF9E5C99} => value removed successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-550324307-2678909858-868305039-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-550324307-2678909858-868305039-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9871653 B
Java, Flash, Steam htmlcache => 523 B
Windows/system/drivers => 74780551 B
Edge => 0 B
Chrome => 23432654 B
Firefox => 302811583 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 93248 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42337801 B
systemprofile32 => 99436 B
LocalService => 0 B
NetworkService => 12195574 B
stephen => 171274313 B
Guest => 1590112 B

RecycleBin => 0 B
EmptyTemp: => 616.9 MB temporary data Removed.

================================

 

Link to post
Share on other sites

kevin may have posted in the wrong thread just now. here are the malwarebytes scan you requested:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/16/17
Scan Time: 12:09 AM
Logfile: malwarebytes3.0log.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1738
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: earle89\stephen

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 372660
Time Elapsed: 7 min, 30 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

Link to post
Share on other sites

Hi kevan, it's finally done, here is the log for the sophos scan:

2017-04-15 23:27:08.115    Sophos Virus Removal Tool version 2.5.6
2017-04-15 23:27:08.115    Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

2017-04-15 23:27:08.115    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-04-15 23:27:08.115    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2017-04-15 23:27:08.119    Checking for updates...
2017-04-15 23:27:08.888    Update progress: proxy server not available
2017-04-15 23:27:19.608    Downloading updates...
2017-04-15 23:27:19.611    Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-04-15 23:27:19.612    Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-04-15 23:27:19.612    Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-04-15 23:27:19.612    Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-04-15 23:27:19.612    Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-04-15 23:27:19.612    Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-04-15 23:27:19.612    Update progress: [I49502] sdds.data0910.xml: found supplement IDE539 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-04-15 23:27:19.612    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE539 LATEST path=
2017-04-15 23:27:19.612    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE539 LATEST path=
2017-04-15 23:27:19.612    Update progress: [I49502] sdds.data0910.xml: found supplement IDE540 LATEST path= baseVersion= [included from product IDE539 LATEST path=]
2017-04-15 23:27:19.612    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE540 LATEST path=
2017-04-15 23:27:19.612    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE540 LATEST path=
2017-04-15 23:27:19.612    Update progress: [I49502] sdds.data0910.xml: found supplement IDE541 LATEST path= baseVersion= [included from product IDE540 LATEST path=]
2017-04-15 23:27:19.612    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE541 LATEST path=
2017-04-15 23:27:19.612    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE541 LATEST path=
2017-04-15 23:27:19.612    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-04-15 23:27:19.813    Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-04-15 23:27:19.813    Update progress: [I19463] Product download size 162626989 bytes
2017-04-15 23:27:31.845    Option all = no
2017-04-15 23:27:31.845    Option recurse = yes
2017-04-15 23:27:31.845    Option archive = no
2017-04-15 23:27:31.845    Option service = yes
2017-04-15 23:27:31.845    Option confirm = yes
2017-04-15 23:27:31.845    Option sxl = yes
2017-04-15 23:27:31.847    Option max-data-age = 35
2017-04-15 23:27:31.848    Option vdl-logging = yes
2017-04-15 23:27:31.868    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-04-15 23:27:31.868    Machine ID:    84d7ee34bb3c465b9018129401a9b264
2017-04-15 23:27:31.875    Component SVRTcli.exe version 2.5.6
2017-04-15 23:27:31.875    Component control.dll version 2.5.6
2017-04-15 23:27:31.875    Component SVRTservice.exe version 2.5.6
2017-04-15 23:27:31.876    Component engine\osdp.dll version 1.44.1.2281
2017-04-15 23:27:31.876    Component engine\veex.dll version 3.68.1.2281
2017-04-15 23:27:31.876    Component engine\savi.dll version 9.0.7.2281
2017-04-15 23:27:31.877    Component rkdisk.dll version 1.5.31.1
2017-04-15 23:27:31.877    Version info:    Product version    2.5.6
2017-04-15 23:27:31.878    Version info:    Detection engine    3.68.1
2017-04-15 23:27:31.878    Version info:    Detection data    5.38
2017-04-15 23:27:31.878    Version info:    Build date    04/04/2017
2017-04-15 23:27:31.878    Version info:    Data files added    205
2017-04-15 23:27:31.878    Version info:    Last successful update    (not yet updated)
2017-04-15 23:27:47.247    Update progress: [I19463] Syncing product IDE539 LATEST path=
2017-04-15 23:27:47.247    Update progress: [I19463] Product download size 2453408 bytes
2017-04-15 23:28:03.766    Update progress: [I19463] Syncing product IDE540 LATEST path=
2017-04-15 23:28:03.767    Update progress: [I19463] Product download size 771415 bytes
2017-04-15 23:28:09.728    Update progress: [I19463] Syncing product IDE541 LATEST path=
2017-04-15 23:28:09.909    Installing updates...
2017-04-15 23:28:10.714    Error level 1
2017-04-15 23:28:38.658    Update successful
2017-04-15 23:28:49.709    Option all = no
2017-04-15 23:28:49.709    Option recurse = yes
2017-04-15 23:28:49.709    Option archive = no
2017-04-15 23:28:49.709    Option service = yes
2017-04-15 23:28:49.709    Option confirm = yes
2017-04-15 23:28:49.709    Option sxl = yes
2017-04-15 23:28:49.710    Option max-data-age = 35
2017-04-15 23:28:49.710    Option vdl-logging = yes
2017-04-15 23:28:49.723    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-04-15 23:28:49.723    Machine ID:    84d7ee34bb3c465b9018129401a9b264
2017-04-15 23:28:49.728    Component SVRTcli.exe version 2.5.6
2017-04-15 23:28:49.728    Component control.dll version 2.5.6
2017-04-15 23:28:49.728    Component SVRTservice.exe version 2.5.6
2017-04-15 23:28:49.728    Component engine\osdp.dll version 1.44.1.2281
2017-04-15 23:28:49.729    Component engine\veex.dll version 3.68.1.2281
2017-04-15 23:28:49.729    Component engine\savi.dll version 9.0.7.2281
2017-04-15 23:28:49.729    Component rkdisk.dll version 1.5.31.1
2017-04-15 23:28:49.729    Version info:    Product version    2.5.6
2017-04-15 23:28:49.730    Version info:    Detection engine    3.68.1
2017-04-15 23:28:49.730    Version info:    Detection data    5.38
2017-04-15 23:28:49.730    Version info:    Build date    04/04/2017
2017-04-15 23:28:49.730    Version info:    Data files added    205
2017-04-15 23:28:49.730    Version info:    Last successful update    16/04/2017 00:28:38

2017-04-15 23:29:53.654    Warning: rootkit scan failed to open volume "\\?\Volume{86b99bea-509b-11e2-aa8b-50465d530bb2}" (5)
2017-04-16 00:00:39.158    Could not open C:\hiberfil.sys
2017-04-16 00:00:45.683    Could not open C:\pagefile.sys
2017-04-16 00:06:02.150    Could not open C:\ProgramData\cm-lock
2017-04-16 00:10:23.126    Could not open C:\System Volume Information\{18b4dbae-21c1-11e7-b188-50465d530bb2}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-04-16 00:10:23.127    Could not open C:\System Volume Information\{20688f8c-1782-11e7-bead-50465d530bb2}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-04-16 00:10:23.128    Could not open C:\System Volume Information\{20ab64cd-222f-11e7-a372-50465d530bb2}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-04-16 00:10:23.129    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-04-16 00:10:23.129    Could not open C:\System Volume Information\{47e1cdcb-1d27-11e7-a8eb-50465d530bb2}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-04-16 00:10:23.130    Could not open C:\System Volume Information\{6c0b3772-2189-11e7-b27c-50465d530bb2}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-04-16 00:10:23.131    Could not open C:\System Volume Information\{8454433b-1549-11e7-a8d8-50465d530bb2}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-04-16 00:10:23.131    Could not open C:\System Volume Information\{a8db104f-205f-11e7-aec6-50465d530bb2}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-04-16 00:10:23.132    Could not open C:\System Volume Information\{f932608d-1eed-11e7-9313-50465d530bb2}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-04-16 00:10:23.133    Could not open C:\System Volume Information\{fe5c5e98-1a58-11e7-8970-50465d530bb2}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-04-16 00:23:04.567    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2017-04-16 00:23:04.568    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2017-04-16 00:23:16.867    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2017-04-16 00:23:16.875    Could not open C:\Windows\System32\config\RegBack\SAM
2017-04-16 00:23:16.883    Could not open C:\Windows\System32\config\RegBack\SECURITY
2017-04-16 00:23:16.885    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2017-04-16 00:23:16.887    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2017-04-16 00:53:28.055    Could not open LOGICAL:0003:00000000
2017-04-16 00:53:28.061    Could not open D:\
2017-04-16 00:53:28.061    Could not open LOGICAL:0010:00000000
2017-04-16 00:53:28.061    Could not open Q:\
2017-04-16 00:53:31.329    Error level 0

2017-04-16 01:01:35.431    Scan completed.
2017-04-16 01:01:35.431    

------------------------------------------------------------

2017-04-16 01:01:53.917    Sophos Virus Removal Tool version 2.5.6
2017-04-16 01:01:53.917    Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

2017-04-16 01:01:53.917    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-04-16 01:01:53.917    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2017-04-16 01:01:53.921    Checking for updates...
2017-04-16 01:01:54.050    Update progress: proxy server not available
2017-04-16 01:03:07.149    Downloading updates...
2017-04-16 01:03:07.152    Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-04-16 01:03:07.152    Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-04-16 01:03:07.152    Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-04-16 01:03:07.152    Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-04-16 01:03:07.152    Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-04-16 01:03:07.152    Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-04-16 01:03:07.152    Update progress: [I49502] sdds.data0910.xml: found supplement IDE539 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-04-16 01:03:07.152    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE539 LATEST path=
2017-04-16 01:03:07.152    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE539 LATEST path=
2017-04-16 01:03:07.152    Update progress: [I49502] sdds.data0910.xml: found supplement IDE540 LATEST path= baseVersion= [included from product IDE539 LATEST path=]
2017-04-16 01:03:07.152    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE540 LATEST path=
2017-04-16 01:03:07.152    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE540 LATEST path=
2017-04-16 01:03:07.152    Update progress: [I49502] sdds.data0910.xml: found supplement IDE541 LATEST path= baseVersion= [included from product IDE540 LATEST path=]
2017-04-16 01:03:07.152    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE541 LATEST path=
2017-04-16 01:03:07.152    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE541 LATEST path=
2017-04-16 01:03:07.152    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-04-16 01:03:08.132    Option all = no
2017-04-16 01:03:08.132    Option recurse = yes
2017-04-16 01:03:08.132    Option archive = no
2017-04-16 01:03:08.132    Option service = yes
2017-04-16 01:03:08.132    Option confirm = yes
2017-04-16 01:03:08.132    Option sxl = yes
2017-04-16 01:03:08.134    Option max-data-age = 35
2017-04-16 01:03:08.134    Option vdl-logging = yes
2017-04-16 01:03:08.228    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-04-16 01:03:08.228    Machine ID:    84d7ee34bb3c465b9018129401a9b264
2017-04-16 01:03:08.486    Component SVRTcli.exe version 2.5.6
2017-04-16 01:03:08.487    Component control.dll version 2.5.6
2017-04-16 01:03:08.487    Component SVRTservice.exe version 2.5.6
2017-04-16 01:03:08.487    Component engine\osdp.dll version 1.44.1.2281
2017-04-16 01:03:08.488    Component engine\veex.dll version 3.68.1.2281
2017-04-16 01:03:08.488    Component engine\savi.dll version 9.0.7.2281
2017-04-16 01:03:08.625    Component rkdisk.dll version 1.5.31.1
2017-04-16 01:03:08.625    Version info:    Product version    2.5.6
2017-04-16 01:03:08.626    Version info:    Detection engine    3.68.1
2017-04-16 01:03:08.626    Version info:    Detection data    5.38
2017-04-16 01:03:08.626    Version info:    Build date    04/04/2017
2017-04-16 01:03:08.626    Version info:    Data files added    205
2017-04-16 01:03:08.626    Version info:    Last successful update    16/04/2017 00:28:38
2017-04-16 01:03:23.832    Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-04-16 01:03:26.732    Update progress: [I19463] Syncing product IDE539 LATEST path=
2017-04-16 01:03:27.758    Update progress: [I19463] Syncing product IDE540 LATEST path=
2017-04-16 01:03:27.765    Update progress: [I19463] Syncing product IDE541 LATEST path=
2017-04-16 01:03:27.862    Installing updates...
2017-04-16 01:03:28.666    Error level 1
2017-04-16 01:03:29.431    Update successful
2017-04-16 01:03:51.476    Option all = no
2017-04-16 01:03:51.476    Option recurse = yes
2017-04-16 01:03:51.476    Option archive = no
2017-04-16 01:03:51.476    Option service = yes
2017-04-16 01:03:51.476    Option confirm = yes
2017-04-16 01:03:51.476    Option sxl = yes
2017-04-16 01:03:51.478    Option max-data-age = 35
2017-04-16 01:03:51.478    Option vdl-logging = yes
2017-04-16 01:03:51.496    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-04-16 01:03:51.497    Machine ID:    84d7ee34bb3c465b9018129401a9b264
2017-04-16 01:03:51.502    Component SVRTcli.exe version 2.5.6
2017-04-16 01:03:51.502    Component control.dll version 2.5.6
2017-04-16 01:03:51.503    Component SVRTservice.exe version 2.5.6
2017-04-16 01:03:51.503    Component engine\osdp.dll version 1.44.1.2281
2017-04-16 01:03:51.503    Component engine\veex.dll version 3.68.1.2281
2017-04-16 01:03:51.504    Component engine\savi.dll version 9.0.7.2281
2017-04-16 01:03:51.504    Component rkdisk.dll version 1.5.31.1
2017-04-16 01:03:51.504    Version info:    Product version    2.5.6
2017-04-16 01:03:51.505    Version info:    Detection engine    3.68.1
2017-04-16 01:03:51.505    Version info:    Detection data    5.38
2017-04-16 01:03:51.505    Version info:    Build date    04/04/2017
2017-04-16 01:03:51.505    Version info:    Data files added    205
2017-04-16 01:03:51.505    Version info:    Last successful update    16/04/2017 02:03:29

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.