Solved Giving my desktop a once over

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

Fla_Panther

PCHF Member
PCHF Member
Sep 19, 2016
38
4
44
I don't remember what made me initially think I might have something on my PC as it was probably six months ago. I'd posted a thread on PCHF.com that never got responded to. I PM'd someone who took an initial look but then never responded again. Last week I thought I would come find out what was going on with the site and found PCHF.net, so let's start over again.

Below are the logs from prework. Looking through them I'm reminded I can now delete Dropbox and the Blackberry programs, and that I wanted to ask if anyone has any experience with Buffalo NAS boxes being hacked? I have two of them on my network and being that they run proprietary software that's locked down it could be hard for me to ensure their security.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-09-2016 02
Ran by ******** (administrator) on ********-PC (24-09-2016 11:34:50)
Running from C:\Users\********\Desktop\Virus Stuff
Loaded Profiles: ******** (Available Profiles: ********)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Foxit Corporation) C:\Users\********\AppData\Roaming\Foxit Software\Addon\Foxit Reader\FoxitReaderUpdater.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6963272 2013-01-15] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1283136 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe [9571552 2016-07-18] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [107616 2016-02-14] (Panda Security, S.L.)
HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-03-14] (Acresso Corporation)
HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\...\Run: [Dropbox Update] => C:\Users\********\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk [2014-09-22]
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (Buffalo Inc.)
Startup: C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk [2014-04-09]
ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe ()
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{71B88154-5A6B-457A-ADCF-3F33C69C7093}: [NameServer] 75.114.81.1,75.114.81.2

Internet Explorer:
==================
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-22] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-22] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "192.168.0.202"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "192.168.0.202"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.0.202"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "192.168.0.202"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-11-28] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3113485377-2953679804-1031508582-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\********\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]

Chrome:
=======
CHR Profile: C:\Users\********\AppData\Local\Google\Chrome\User Data\Default [2016-09-24]
CHR Extension: (Google Slides) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-05]
CHR Extension: (Google Docs) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-05]
CHR Extension: (Google Drive) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-05]
CHR Extension: (YouTube) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-05]
CHR Extension: (Google Search) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-05]
CHR Extension: (Google Sheets) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-01]
CHR Extension: (VNC® Viewer for Google Chrome™) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabmpiboiopbgfabjmgeedhcmjenhbla [2016-04-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-25]
CHR Extension: (Gmail) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-05]
CHR Extension: (Chrome Media Router) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe [732056 2016-07-18] ()
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [150624 2016-02-11] (Panda Security, S.L.)
R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [245760 2013-11-21] (BUFFALO INC.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [45472 2016-02-15] (Panda Security, S.L.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [120256 2009-01-29] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [120256 2009-01-29] (SlySoft, Inc.)
S3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (BEHRINGER)
S3 BUSB_AUDIO_WDM; C:\Windows\System32\drivers\busbwdm.sys [49728 2009-10-30] (BEHRINGER)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201464 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48912 2015-04-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-12-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [73464 2015-12-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-12-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [177424 2016-02-17] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-12-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [264976 2016-02-17] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-12-04] (Panda Security, S.L.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [171792 2016-02-16] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [127248 2016-02-16] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [205072 2016-02-16] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [131344 2016-02-16] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [144656 2016-02-23] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [114960 2016-02-16] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-05-06] (BlackBerry Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-05-07] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 trufos; C:\Windows\System32\drivers\trufos.sys [485512 2016-04-28] (BitDefender S.R.L.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-23 22:15 - 2016-09-23 22:15 - 00000857 _____ C:\Users\********\Desktop\Chili Lime Popcorn Chicken.txt
2016-09-20 07:04 - 2016-09-20 07:04 - 00000000 ____D C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-09-18 14:38 - 2016-09-18 14:38 - 00007819 _____ C:\Users\********\Desktop\Mea.txt
2016-09-16 07:24 - 2016-09-16 07:24 - 00000000 ____D C:\Users\********\AppData\Roaming\Lavasoft
2016-09-16 06:43 - 2016-09-16 06:43 - 00000000 ____D C:\Users\********\AppData\Roaming\LavasoftStatistics
2016-09-16 06:43 - 2016-09-16 06:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-09-16 06:43 - 2016-09-16 06:43 - 00000000 ____D C:\Program Files\Lavasoft
2016-09-16 06:42 - 2016-09-16 06:42 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2016-09-16 06:41 - 2016-09-16 06:41 - 00000000 ____D C:\ProgramData\Lavasoft
2016-09-12 18:18 - 2016-09-12 18:36 - 00000000 ____D C:\Users\********\Desktop\VW Stuff
2016-09-02 22:43 - 2016-09-02 22:43 - 05274517 _____ C:\Users\********\Desktop\resutoran.mp4
2016-08-28 19:49 - 2016-08-28 19:49 - 00000000 ____D C:\Users\********\AppData\Roaming\TightVNC
2016-08-28 19:47 - 2016-08-28 19:47 - 00000000 ____D C:\ProgramData\TightVNC
2016-08-28 19:47 - 2016-08-28 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2016-08-28 19:47 - 2016-08-28 19:47 - 00000000 ____D C:\Program Files\TightVNC
2016-08-28 19:44 - 2016-08-28 19:44 - 02367488 _____ C:\Users\********\Desktop\tightvnc-2.7.10-setup-64bit.msi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-24 11:34 - 2016-03-08 09:32 - 00000000 ____D C:\FRST
2016-09-24 11:34 - 2016-03-08 09:17 - 00000000 ____D C:\Users\********\Desktop\Virus Stuff
2016-09-24 11:17 - 2015-10-03 18:11 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3113485377-2953679804-1031508582-1000UA.job
2016-09-24 11:11 - 2015-08-15 11:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-24 11:09 - 2016-02-05 01:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-24 08:32 - 2009-07-14 00:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-24 08:32 - 2009-07-14 00:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-23 22:09 - 2016-02-05 01:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-23 20:33 - 2015-10-03 18:11 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3113485377-2953679804-1031508582-1000Core.job
2016-09-20 07:04 - 2015-04-08 10:07 - 00000000 ____D C:\Users\********\AppData\Roaming\Dropbox
2016-09-16 18:11 - 2016-02-05 01:26 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-16 07:12 - 2015-03-09 18:39 - 00000000 ____D C:\Users\********\AppData\Roaming\Audacity
2016-09-14 19:11 - 2015-08-15 11:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-14 19:11 - 2013-07-17 18:30 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-14 19:11 - 2013-07-17 18:30 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-14 19:11 - 2013-07-17 18:30 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-14 19:11 - 2013-07-17 18:30 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-13 23:55 - 2015-08-16 12:25 - 00000600 _____ C:\Users\********\AppData\Local\PUTTY.RND
2016-09-12 18:31 - 2013-10-08 18:48 - 00000000 ____D C:\Users\********\Desktop\Pics
2016-09-12 18:26 - 2013-08-14 10:03 - 00000000 ____D C:\Users\********\AppData\Roaming\Foxit Software
2016-09-02 22:39 - 2009-07-14 01:13 - 00799970 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-02 22:39 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-09-02 20:39 - 2016-07-30 19:35 - 00001509 _____ C:\Users\********\Desktop\September Trip Plans.txt

==================== Files in the root of some directories =======

2016-03-09 15:43 - 2016-08-20 09:43 - 0004410 _____ () C:\Users\********\AppData\Roaming\gns3.ini
2014-05-25 23:28 - 2014-05-25 23:28 - 0004608 _____ () C:\Users\********\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-16 19:24 - 2013-07-16 19:24 - 0000093 _____ () C:\Users\********\AppData\Local\fusioncache.dat
2015-08-16 12:25 - 2016-09-13 23:55 - 0000600 _____ () C:\Users\********\AppData\Local\PUTTY.RND
2014-06-22 17:16 - 2014-06-22 17:16 - 0009133 _____ () C:\Users\********\AppData\Local\recently-used.xbel
2014-02-14 17:12 - 2014-02-14 17:12 - 0000040 ___SH () C:\ProgramData\.zreglib
2014-04-21 21:05 - 2014-04-21 21:05 - 0001534 _____ () C:\ProgramData\ss.ini

Some files in TEMP:
====================
C:\Users\********\AppData\Local\Temp\avcuf32.dll
C:\Users\********\AppData\Local\Temp\avcuf64.dll
C:\Users\********\AppData\Local\Temp\avxdisk.dll
C:\Users\********\AppData\Local\Temp\bdc.exe
C:\Users\********\AppData\Local\Temp\bdcore.dll
C:\Users\********\AppData\Local\Temp\bdfltlib2k.dll
C:\Users\********\AppData\Local\Temp\bdnimbus32.dll
C:\Users\********\AppData\Local\Temp\bdnimbus64.dll
C:\Users\********\AppData\Local\Temp\bdupdateservice.dll
C:\Users\********\AppData\Local\Temp\DEVCON.EXE
C:\Users\********\AppData\Local\Temp\eEmpty.exe
C:\Users\********\AppData\Local\Temp\encdec.dll
C:\Users\********\AppData\Local\Temp\esupdate.exe
C:\Users\********\AppData\Local\Temp\FSSync.dll
C:\Users\********\AppData\Local\Temp\Getvlist.exe
C:\Users\********\AppData\Local\Temp\ikave.dll
C:\Users\********\AppData\Local\Temp\ipc.dll
C:\Users\********\AppData\Local\Temp\kave.dll
C:\Users\********\AppData\Local\Temp\kavvlg.dll
C:\Users\********\AppData\Local\Temp\msvclnt.dll
C:\Users\********\AppData\Local\Temp\msvcp80.dll
C:\Users\********\AppData\Local\Temp\msvcp90.dll
C:\Users\********\AppData\Local\Temp\msvcr80.dll
C:\Users\********\AppData\Local\Temp\msvcr90.dll
C:\Users\********\AppData\Local\Temp\msvl64.dll
C:\Users\********\AppData\Local\Temp\msvlclnt.dll
C:\Users\********\AppData\Local\Temp\mwavdwnl.exe
C:\Users\********\AppData\Local\Temp\MWAVL.exe
C:\Users\********\AppData\Local\Temp\mwavscan.exe
C:\Users\********\AppData\Local\Temp\mwunzip.dll
C:\Users\********\AppData\Local\Temp\prLoader.dll
C:\Users\********\AppData\Local\Temp\red32.dll
C:\Users\********\AppData\Local\Temp\Reload.exe
C:\Users\********\AppData\Local\Temp\scan.dll
C:\Users\********\AppData\Local\Temp\ScanningProcess.exe
C:\Users\********\AppData\Local\Temp\setpriv.exe
C:\Users\********\AppData\Local\Temp\sqlite3.dll
C:\Users\********\AppData\Local\Temp\test2.exe
C:\Users\********\AppData\Local\Temp\trufos.dll
C:\Users\********\AppData\Local\Temp\unregx.exe
C:\Users\********\AppData\Local\Temp\UPDLL10.DLL
C:\Users\********\AppData\Local\Temp\viewtcp.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-24 11:17

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2016 02
Ran by ******** (24-09-2016 11:35:27)
Running from C:\Users\********\Desktop\Virus Stuff
Windows 7 Home Premium Service Pack 1 (X64) (2013-07-17 03:55:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3113485377-2953679804-1031508582-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3113485377-2953679804-1031508582-1004 - Limited - Enabled)
Guest (S-1-5-21-3113485377-2953679804-1031508582-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3113485377-2953679804-1031508582-1002 - Limited - Enabled)
******** (S-1-5-21-3113485377-2953679804-1031508582-1000 - Administrator - Enabled) => C:\Users\********

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{36036827-FA38-4A74-8333-26BC4EEC9308}_AdAwareUpdater) (Version: 11.12.945.9202 - Lavasoft)
AdAwareInstaller (Version: 11.12.945.9202 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.12.945.9202 - Lavasoft) Hidden
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
ALLDATA Repair (HKLM-x32\...\{73090A5A-E0C0-4E0B-A320-E183877061A5}) (Version: 10.51.1000.101 - ALLDATA Corporation)
AntimalwareEngine (Version: 3.0.129.0 - Lavasoft) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: - SlySoft)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio FREE v.1.12.0 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.12.0 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Authorizer 2.9.0d5 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.9.0d5 - Propellerhead Software AB)
Auto Clicker Typer 1.0 (HKLM-x32\...\Auto Clicker Typer_is1) (Version: - A Software Plus)
BEHRINGER USB AUDIO DRIVER (HKLM\...\USB_AUDIO_DEusb-audio.deBehringer2902) (Version: - )
BitTorrent (HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\...\BitTorrent) (Version: 7.9.6.42095 - BitTorrent Inc.)
BlackBerry Desktop Software 6.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.1.0.35 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.1 (x32 Version: 6.1.0.35 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BUFFALO NAS Navigator2 (HKLM-x32\...\UN060501) (Version: 2.76 - Buffalo Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Dropbox (HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\...\Dropbox) (Version: 10.4.26 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
File Writer output plugin for WinAMP 2 v1.17(c) (remove only) (HKLM-x32\...\File Writer output plugin) (Version: - )
FNC 11 Installer (x32 Version: 11.06.0000 - Acresso Software) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.8.1124 - Foxit Software Inc.)
GEAR driver installer for AMD64 and Intel EM64T (HKLM\...\{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}) (Version: 2.003.1 - GEAR Software, Inc.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GNS3 0.8.7 (HKLM-x32\...\GNS3) (Version: 0.8.7 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.1.879 - Paramount Software (UK) Ltd.) Hidden
Media Player Classic - Home Cinema 1.6.1.4235 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.1.4235 - MPC-HC Team)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft GIF Animator (HKLM-x32\...\GIF Animator) (Version: - )
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.6.8 - )
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
PACE License Support Win64 (Version: 2.4.7.0852 - PACE Anti-Piracy, Inc.) Hidden
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.96 - Panda Security)
Panda Devices Agent (x32 Version: 1.03.07 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.01.01.0000 - Panda Security)
Panda Free Antivirus (Version: 8.20.00.0000 - Panda Security) Hidden
Password Safe (HKLM-x32\...\Password Safe) (Version: - )
Python 2.7.10 (64-bit) (HKLM\...\{E2B51919-207A-43EB-AE78-733F9C6797C3}) (Version: 2.7.10150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6823 - Realtek Semiconductor Corp.)
Reason 5.0 (HKLM-x32\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
Reason 8 8.3.2d7 (HKLM\...\Reason8.0Stable_64_is1) (Version: 8.3.2d7 - Propellerhead Software AB)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Tag&Rename 3.7 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.7 - Softpointer Inc)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
VcXsrv (HKLM\...\VcXsrv) (Version: 1.15.2.0 - [email protected])
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Winamp (remove only) (HKLM-x32\...\Winamp) (Version: - )
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.43.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.43.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.43.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.43.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.43.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.43.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.43.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.43.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.43.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.43.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.43.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.43.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0130F891-3294-4032-A95E-2551D0785764} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-05] (Google Inc.)
Task: {10F79057-2BA5-4EF2-9C33-C6803BF2343F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-05] (Google Inc.)
Task: {17A3A26B-8904-4FC0-8EA4-1FA5F34B0499} - System32\Tasks\{ED9CE805-6CA7-49AD-96BA-8214E14EB2A8} => pcalua.exe -a C:\Users\********\Desktop\WinAmp\Nulsoft_WMA_Input_Plugin.exe -d C:\Users\********\Desktop\WinAmp
Task: {3784AB7D-40D0-4341-B33A-8913234E3211} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3113485377-2953679804-1031508582-1000UA => C:\Users\********\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-10-03] (Dropbox, Inc.)
Task: {489C9830-2F80-48BE-BAEF-4BE398504127} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3113485377-2953679804-1031508582-1000Core => C:\Users\********\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-10-03] (Dropbox, Inc.)
Task: {48E8C69E-3232-4C58-8D50-89E05A199CA5} - System32\Tasks\{10E18378-6BD7-4004-8E1E-01EFE3AF895E} => pcalua.exe -a C:\Users\********\Desktop\WinAmp\Monkey_Audio_Winamp_Plugin.exe -d C:\Users\********\Desktop\WinAmp
Task: {7768EB24-B97D-494E-AEA2-7BC990DE5602} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-14] (Adobe Systems Incorporated)
Task: {A0D703AA-157D-4B49-87F0-1F44E9BCB6BC} - System32\Tasks\{6096C1D6-5EF7-43E1-96F5-CA2E7F43B324} => pcalua.exe -a "C:\Users\********\Desktop\New folder\irfanview_plugins_430_setup.exe" -d "C:\Users\********\Desktop\New folder"
Task: {D25D2FF5-6CAA-49BA-B31C-5F14CE31FC4C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {D2D672C5-BE14-408F-84C4-0FCA6CF64C9B} - System32\Tasks\{4AE2B404-0A18-4C78-9A08-066ED4826374} => pcalua.exe -a "C:\Users\********\Desktop\WinAmp\WinAmp 2.91\Flac_Plugin_for_WA2.exe" -d "C:\Users\********\Desktop\WinAmp\WinAmp 2.91"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3113485377-2953679804-1031508582-1000Core.job => C:\Users\********\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3113485377-2953679804-1031508582-1000UA.job => C:\Users\********\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\VNC® Viewer for Google Chrome™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=iabmpiboiopbgfabjmgeedhcmjenhbla

==================== Loaded Modules (Whitelisted) ==============

2015-03-07 17:15 - 2015-02-03 22:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-07-17 10:39 - 2005-06-07 12:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 04123896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareShellExtension.dll
2009-11-24 19:36 - 2009-11-24 19:36 - 00125440 _____ () C:\Program Files (x86)\Notepad++\NppShell_01.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 09571552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe
2016-07-18 20:26 - 2016-07-18 20:26 - 03420880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\RCF.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00146184 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_filesystem-vc140-mt-1_61.dll
2016-07-18 20:27 - 2016-07-18 20:27 - 00030464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_system-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00068872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_date_time-vc140-mt-1_61.dll
2016-07-18 20:27 - 2016-07-18 20:27 - 00124672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_thread-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00040192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_chrono-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00539392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_locale-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 02485992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\HtmlFramework.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00871672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTrayDefaultSkin.dll
2016-07-18 20:22 - 2016-07-18 20:22 - 00732056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe
2016-07-18 20:26 - 2016-07-18 20:26 - 11625208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareServiceKernel.dll
2016-07-18 20:27 - 2016-07-18 20:27 - 01005824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_regex-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00986864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareActivation.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00623360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareApplicationUpdater.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00837872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareGamingMode.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00111336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareReset.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00134368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTime.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01049856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDefinitionsUpdater.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00901392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDefinitionsUpdaterScheduler.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01104624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareIgnoreList.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00268016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareQuarantine.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01630464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiMalwareEngine.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00226048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiRootkitEngine.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01179384 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareScannerHistory.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01377512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareScanner.dll
2016-07-18 20:27 - 2016-07-18 20:27 - 00039680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_timer-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01025784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareScannerScheduler.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01205504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareRealTimeProtection.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 02663672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareIncompatibles.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01520872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiSpam.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01457904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiPhishing.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 03464440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareParentalControl.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 03124472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareWebProtection.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01327864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareEmailProtection.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00073480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_iostreams-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01905408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareNetworkProtection.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01031912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwarePromo.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00467688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareFeedback.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 03159808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareThreatWorkAlliance.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01313512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwarePinCode.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01033960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareNotice.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01597680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAvcEngine.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01170704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareRealTimeProtectionHistory.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00535280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareStatistics.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-15 13:17 - 2015-12-15 13:17 - 00618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2016-09-16 18:11 - 2016-09-13 20:38 - 01806152 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll
2016-09-16 18:11 - 2016-09-13 20:38 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll
2016-09-17 12:07 - 2016-09-12 17:48 - 17754304 _____ () C:\Users\********\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.166\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:73C67ABEEE751B55 [50]
AlternateDataStreams: C:\ProgramData\PACE:BAE58937CBFFCB07 [217]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LavasoftAdAwareService11 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-07-24 10:57 - 2016-03-08 09:37 - 00000841 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\Control Panel\Desktop\\Wallpaper -> Ïöu
DNS Servers: 75.114.81.1 - 75.114.81.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{AD67C483-AC60-41BB-AA6A-6F29AFB8D06A}D:\lotro 1\lotroclient.exe] => (Allow) D:\lotro 1\lotroclient.exe
FirewallRules: [UDP Query User{C02AF7DB-64DC-464A-A265-114A4DE86935}D:\lotro 1\lotroclient.exe] => (Allow) D:\lotro 1\lotroclient.exe
FirewallRules: [{1F3499E8-655E-432D-8E46-DB2E4C4AF239}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{E20751D3-ACF2-479E-92E5-F3A406C8CF05}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{1EC0EB4B-4D08-4925-8D6F-EFEF41310536}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{9CD06F24-04E1-472B-ACDA-0C09F54A0522}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{15CD3CE9-7F17-4BC3-8ED9-1B0225B4C65C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6AD4480E-521E-4E89-B5CE-9AD3DE4D8B93}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F43A05E1-63E1-4A1A-910C-182232020BDE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{34CE8CF7-68C3-49BC-ACD3-EE8F8ECAE765}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{A1EA805D-A3B5-4079-B33A-FD26FEBAB8D4}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{37F3B9E2-EB1E-4AE1-BE6B-CEF37EC496E7}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{2EE99B42-3919-4534-B710-EB69610D46AB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{032587B6-A885-462D-B804-927DA9D1AD55}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{077FACB6-55AC-4832-9097-C85A5D7D026C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{4F5B9F22-C33A-4D83-9053-5482949DD1E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{51B26A99-E019-494B-95B0-1500FED4E4EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A7408BE0-4307-42A0-8356-93EAE9B2CCBE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{44466AEE-8566-4572-BDEF-DE303D8AE807}D:\lotro 1\lotroclient.exe] => (Allow) D:\lotro 1\lotroclient.exe
FirewallRules: [UDP Query User{DCD31EE1-4676-4A86-8ABB-39D2EDB735E1}D:\lotro 1\lotroclient.exe] => (Allow) D:\lotro 1\lotroclient.exe
FirewallRules: [{5EEA023A-9BE5-4F20-8F82-1C84957A35CD}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{C1FD7BCC-EF62-4C6E-8575-C1D23FF4D4A4}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{9F91A9E6-3DB5-4FAC-BB5E-51FB2464304D}] => (Allow) LPort=4481
FirewallRules: [{249EA107-1432-4E4D-8DD2-6774E184B063}] => (Allow) LPort=4481
FirewallRules: [{F23AFB0B-97C8-4ECF-9160-3952D499EA13}] => (Allow) LPort=4482
FirewallRules: [{30ACB028-C525-43C0-BE5E-CAEA837B8D18}] => (Allow) LPort=4482
FirewallRules: [TCP Query User{113F6EB5-3276-4474-861E-6E442A9A1347}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{EFA9DFE5-0481-4F1F-9A7D-A49258143EA7}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [{2E973914-B053-4AE4-9C96-6F5982475618}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{7E4431AB-1944-4EF8-B85A-D6A0946732F9}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{9DD1246B-EB22-44D9-9D35-898337EC5652}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{0BA1CC7C-C7AF-446B-9F55-422DBFBBA7CD}] => (Allow) C:\Users\********\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A7895A56-09CD-459C-8A11-0CF1BFAAAC94}] => (Allow) C:\Users\********\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{A5268866-D16A-4EC6-9440-D886DD5182E8}C:\program files\gns3\dynamips.exe] => (Allow) C:\program files\gns3\dynamips.exe
FirewallRules: [UDP Query User{18A19F28-115E-47B2-A1C9-28C16A276AEA}C:\program files\gns3\dynamips.exe] => (Allow) C:\program files\gns3\dynamips.exe
FirewallRules: [{83C19C54-7633-4BDB-99BC-BF5545CD7B49}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DF1B2D19-10C9-40B6-97A7-3941A6B4E33C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{727293E8-9A91-430D-9B63-0C7694E3A574}C:\users\********\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\********\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{BDC9B9EC-9AF8-4D7C-BC09-6FB0DE250B8A}C:\users\********\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\********\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{AA1814B4-675B-4A51-B85A-3409C5F0E60F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{95C89ED3-AB41-4B3B-BA3B-FDDFEB705E13}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{AA1DB257-7E9F-4A58-AD69-209215D58549}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C5F10DC2-9F98-46D6-A563-6D42DAEF55D8}] => (Allow) C:\Users\********\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A9865716-694C-47E7-86B7-968EF1D18272}] => (Allow) C:\Users\********\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{0D67FFD7-3D61-44F6-959C-509032510F84}C:\users\********\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\********\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{6DD541A2-9D8B-4BEF-AA2F-0E6A04ABCAEB}C:\users\********\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\********\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{9B31576A-7BA9-4D21-8C8B-A918D2D4ED89}] => (Allow) C:\Users\********\AppData\Local\Temp\nsqD186.tmp\Installer-10073508.exe
FirewallRules: [{3A9ABF24-BBD8-4AB9-8A3D-089C70A25339}] => (Allow) C:\Users\********\AppData\Local\Temp\nsqD186.tmp\Installer-10073508.exe
FirewallRules: [{D8DCC415-C8FF-41AA-A3E9-82A20430A24E}] => (Allow) C:\Users\********\AppData\Local\Temp\nsv4DA7.tmp\Installer-10231814.exe
FirewallRules: [{C5DE7962-FE3D-4879-8AAD-3D6B2B74E080}] => (Allow) C:\Users\********\AppData\Local\Temp\nsv4DA7.tmp\Installer-10231814.exe
FirewallRules: [{70B7B4D9-1F62-4550-B771-B1C8D0150210}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A2830A0B-6DF1-48E6-A6ED-26392C03B918}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E556F029-9770-41D9-B6F6-C7B21052585D}C:\program files\vcxsrv\vcxsrv.exe] => (Allow) C:\program files\vcxsrv\vcxsrv.exe
FirewallRules: [UDP Query User{FA767801-A6B7-44E4-9AB9-95CB943C7BBC}C:\program files\vcxsrv\vcxsrv.exe] => (Allow) C:\program files\vcxsrv\vcxsrv.exe
FirewallRules: [{428A9E01-1F8A-41F9-838C-085E18304B56}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe
FirewallRules: [{BD29FCFC-559D-46E8-865E-99677278F812}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

03-09-2016 07:01:08 Windows Update
11-09-2016 08:30:22 Windows Update
15-09-2016 06:52:44 Windows Update
16-09-2016 06:41:34 AA11

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/22/2016 07:40:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028

Error: (09/22/2016 07:40:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2028

Error: (09/22/2016 07:40:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/22/2016 07:40:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998

Error: (09/22/2016 07:40:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998

Error: (09/22/2016 07:40:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/18/2016 08:55:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4228

Error: (09/18/2016 08:55:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4228

Error: (09/18/2016 08:55:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/18/2016 08:55:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3229


System errors:
=============
Error: (08/14/2016 01:32:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error:
Unspecified error

Error: (08/14/2016 01:26:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error:
Unspecified error

Error: (08/14/2016 07:30:37 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error:
Unspecified error

Error: (08/14/2016 07:30:20 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
The WMI request could not be completed and should be retried.

Error: (08/14/2016 07:21:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error:
Unspecified error

Error: (08/14/2016 07:20:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
The WMI request could not be completed and should be retried.

Error: (07/28/2016 08:47:53 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error:
Unspecified error

Error: (07/27/2016 09:25:55 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (07/27/2016 09:25:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error:
Unspecified error

Error: (07/11/2016 09:35:20 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 49%
Total physical RAM: 8122.92 MB
Available physical RAM: 4071.02 MB
Total Virtual: 16244.02 MB
Available Virtual: 11148.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:185.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5390540C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-09-24 11:38:25
-----------------------------
11:38:25.446 OS Version: Windows x64 6.1.7601 Service Pack 1
11:38:25.446 Number of processors: 4 586 0x3A09
11:38:25.447 ComputerName: ********-PC UserName: ********
11:38:26.951 Initialize success
11:38:27.051 VM: initialized successfully
11:38:27.051 VM: Intel CPU supported
11:38:33.624 VM: supported disk I/O ataport.SYS
11:39:42.696 AVAST engine defs: 16092400
11:39:50.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
11:39:50.203 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5CA Size: 476940MB BusType: 11
11:39:50.323 VM: Disk 0 MBR read successfully
11:39:50.333 Disk 0 MBR scan
11:39:50.333 Disk 0 Windows 7 default MBR code
11:39:50.333 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:39:50.343 Disk 0 default boot code
11:39:50.343 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
11:39:50.373 Disk 0 scanning C:\Windows\system32\drivers
11:40:01.130 Service scanning
11:40:24.700 Modules scanning
11:40:24.700 Disk 0 trace - called modules:
11:40:24.710 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
11:40:24.720 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077f3060]
11:40:24.720 3 CLASSPNP.SYS[fffff880018e543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80071f0680]
11:40:25.914 AVAST engine scan C:\Windows
11:40:28.102 AVAST engine scan C:\Windows\system32
11:43:21.684 AVAST engine scan C:\Windows\system32\drivers
11:43:34.866 AVAST engine scan C:\Users\********
12:39:36.644 AVAST engine scan C:\ProgramData
12:43:29.669 Disk 0 statistics 5653701/0/18 @ 0.82 MB/s
12:43:29.673 Scan finished successfully
13:01:53.744 Disk 0 MBR has been saved successfully to "C:\Users\********\Desktop\Virus Stuff\MBR.dat"
13:01:53.747 The log file has been saved successfully to "C:\Users\********\Desktop\Virus Stuff\aswMBR.txt"
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,149
498
PCHF Bunker
pchelpforum.net
Hi there Fla_Panther :)

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (XP Users double click)
Copy and paste the items in red below and paste them into Zoek.

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
autoclean;


Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.

Zemana Scan


Run a full scan with Zemana AntiMalware.
Install and select deep scan.


Remove any infections found.
Then click on the icon in the pic below.

Double click on the scan log, copy and paste here in your reply

Are you experiencing any issues that might be a factor of malware?
 

Fla_Panther

PCHF Member
PCHF Member
Sep 19, 2016
38
4
44
Well, I may have messed something up. I started running Zeok and since it said not to open any browwer windows I closed the one I had open and instead opened a text file and started working on it. I noticed my cursor kept being pushed to the last line of the file - I think by Zoek - so I stopped working on my desktop altogether and moved to my laptop. I waited about 30 minutes and saw Zoek was still where it was when I stopped using my desktop, on a line mentioning Firefox Extensions. I copied the log saved it, then tried to close the program. When I clicked the X it reopened itself and reiterated that when it's done it'll close on its own. So I left it but it's still sitting there and hasn't moved. Should I close it with task manager and restart it?
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,149
498
PCHF Bunker
pchelpforum.net
I personally ran Zoek on my machine a few minutes ago, and it does take a while for it to scan Firefox Extensions. Just let it do its thing :)
 

Fla_Panther

PCHF Member
PCHF Member
Sep 19, 2016
38
4
44
Yeah, after posting I noticed it had been stuck on that line for over two hours. I rebooted, uninstalled Avast and Panda (and a few other things while I was at it), then re-ran zoek and let it run while i went to bed. This morning I ran zemana and the only things it found were zoek.scr and zoek.com (I'd downloaded the zoek.zip file not just the exe and those were in the zip file with it).

By the way, none of the gifs on this page are loading for me, so where you say, "Then click on the icon in the pic below." ... I can't tell what you're wanting there. I was able to piece it together rom your next sentence though. Included below are the partial zoek log from the first time I ran it and stopped it, then the second zoek log and the zemana log.

Also: I noticed zoek printed Firefox's proxy config. That reminds me of one of the reasons I thought I might have a something on this PC (or one of my NAS boxes). I had a CentOS box I was playing with having as a proxy server. I saw something odd on that box that I couldn't explain, posted about here and here:

https://www.centos.org/forums/viewtopic.php?t=57277

https://groups.google.com/forum/#!topic/tigervnc-users/vBekE2YijXg

I've since wiped the box. I reinstalled CentOS but haven't had time to do anything else with it yet. It's been powered off.

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by ******** on Sat 09/24/2016 at 21:02:16.97.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\********\Desktop\Virus Stuff\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 21:02:31.61 =====

--- Create Environment Variables 21:02:32.53
--- Create System Restore Point 21:02:38.24
--- Checking Input 21:03:01.41
--- AU AppData Check 21:03:37.83
--- Remove From Windows Installer 21:03:40.07
--- Empty Folders Check 21:04:41.63
--- Registry HKLM Software Check 21:04:41.63
--- Quick Launch Shortcut Check 21:04:54.97
--- IE Startpage Check 21:05:01.85
--- Program Files DB Check 21:05:13.93
--- C:\Users\Default\AppData\Roaming DB Check 21:05:54.53
--- C:\Users\Default User\AppData\Roaming DB Check 21:05:54.53
--- C:\Users\********\AppData\Roaming DB Check 21:05:54.53
--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 21:05:54.53
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 21:05:54.53
--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 21:05:54.53
--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 21:05:54.53
--- C:\Users\******** DB Check 21:07:56.50
--- C:\PROGRA~3 DB Check 21:08:13.81
--- C:\Users\Default\AppData\Local DB Check 21:08:26.36
--- C:\Users\Default User\AppData\Local DB Check 21:08:26.36
--- C:\Users\********\AppData\Local DB Check 21:08:26.36
--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 21:08:26.36
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 21:08:26.36
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 21:08:26.36
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 21:08:26.36
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 21:09:49.96
--- C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 21:09:59.14
--- Tasks DB Check 21:10:04.91
--- Downloads DB Check 21:10:08.70
--- C:\Users\********\AppData\LocalLow DB Check 21:10:12.35
--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 21:10:12.35
--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 21:10:12.35
--- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 21:10:12.35
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 21:10:12.35
--- Tasks2 DB Check 21:10:53.76
--- Documents DB Check 21:11:22.56
--- C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 DB Check 21:11:29.37
--- C:\Users\Public\Desktop DB Check 21:11:31.57
--- C:\Users\********\Desktop DB Check 21:11:36.36
--- Services DB Check 21:11:46.10
--- FF prefs.js DB Check 21:12:06.35
--- Emptyclsid 21:12:41.43
--- Del by CLSID 21:12:42.87
--- Delete Services 21:13:13.82
--- Firefox Fix 21:13:17.13
--- Batch Commands 21:13:18.43
--- Delete files\folders 21:13:18.74
--- Create Backups 21:13:18.83
--- Firefox Extensions 21:13:22.42

(rebooted here)



Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by ******** on Sat 09/24/2016 at 23:47:22.64.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\********\Desktop\Virus Stuff\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2016-03-08-135141.log 8878 bytes
C:\zoek-results2016-09-25-011322.log 2915 bytes

==== System Restore Info ======================

9/24/2016 11:49:24 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Users\********\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\********\AppData\Roaming\Panda Security deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\Users\********\AppData\Roaming\Rim.Desktop.HttpServerSetup.log deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863
user_pref("browser.startup.homepage", "http://www.google.com/");
user_pref("browser.search.defaultenginename.US", "Google");

==== Firefox Proxy Settings ======================

ProfilePath: C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863
user_pref("network.proxy.backup.ftp", "");
user_pref("network.proxy.backup.ftp_port", 0);
user_pref("network.proxy.backup.socks", "");
user_pref("network.proxy.backup.socks_port", 0);
user_pref("network.proxy.backup.ssl", "");
user_pref("network.proxy.backup.ssl_port", 0);
user_pref("network.proxy.ftp", "192.168.0.202");
user_pref("network.proxy.ftp_port", 3128);
user_pref("network.proxy.http", "192.168.0.202");
user_pref("network.proxy.http_port", 3128);
user_pref("network.proxy.share_proxy_settings", true);
user_pref("network.proxy.socks", "192.168.0.202");
user_pref("network.proxy.socks_port", 3128);
user_pref("network.proxy.ssl", "192.168.0.202");
user_pref("network.proxy.ssl_port", 3128);
user_pref("network.proxy.type", 1);

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863
7FB1DC8C464CAFC230E7AD6392AE859B - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll - Shockwave Flash


==== Chromium Look ======================


VNC® Viewer for Google Chrome™ - ********\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabmpiboiopbgfabjmgeedhcmjenhbla
Chrome Media Router - ********\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lyricstranslate.com_0.localstorage deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lyricstranslate.com_0.localstorage-journal deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyrics.net_0.localstorage deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyrics.net_0.localstorage-journal deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_uhytajrtpo-a.akamaihd.net_0.localstorage deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_uhytajrtpo-a.akamaihd.net_0.localstorage-journal deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.doubleclick.net_0.localstorage deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.doubleclick.net_0.localstorage-journal deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.bh-cdn.com_0.localstorage deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.bh-cdn.com_0.localstorage-journal deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_myservices.brighthouse.com_0.localstorage deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_myservices.brighthouse.com_0.localstorage-journal deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_media.mtvnservices.com_0.localstorage deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_media.mtvnservices.com_0.localstorage-journal deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.govdeals.com_0.localstorage deleted successfully
C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.govdeals.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"=""
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\********\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\********\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\********\AppData\Local\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863\cache2 emptied successfully
C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863\storage\default\https+++medium.com\cache emptied successfully
C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863\storage\default\https+++mobile.twitter.com\cache emptied successfully
C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863\storage\default\https+++twitter.com\cache emptied successfully
C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863\storage\default\https+++www.pinterest.com\cache emptied successfully
C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863\storage\default\https+++www.theguardian.com\cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=246 folders=81 1022852096 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\********\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\********\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sun 09/25/2016 at 7:50:08.16 ======================


Zemana AntiMalware 2.50.2.67 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/9/25
Operating System : Windows 7 64-bit
Processor : 4X Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
BIOS Mode : Legacy
CUID : 1273F17A3C8C26D2AE6262
Scan Type : Scheduled Scan
Duration : 34m 51s
Scanned Objects : 97576
Detected Objects : 2
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

zoek.scr
Status : Scanned
Object : %userprofile%\desktop\virus stuff\zoek.scr
MD5 : 36D327EB4A26B4E9242E511913E91084
Publisher : -
Size : 1448141
Version : -
Detection : Malware:Win32/Tamaca!Keee
Cleaning Action : Quarantine
Related Objects :
File - %userprofile%\desktop\virus stuff\zoek.scr

zoek.com
Status : Scanned
Object : %userprofile%\desktop\virus stuff\zoek.com
MD5 : 36D327EB4A26B4E9242E511913E91084
Publisher : -
Size : 1448141
Version : -
Detection : Malware:Win32/Tamaca!Keee
Cleaning Action : Quarantine
Related Objects :
File - %userprofile%\desktop\virus stuff\zoek.com


Cleaning Result
-------------------------------------------------------
Cleaned : 2
Reported as safe : 0
Failed : 0
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,389
551
Adware Cleaner Scan.



Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.



  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
Adware Removal Tool Scan.



Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.









Hit Ok.







Hit next make sure to leave all items checked, for removal.









The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.



ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.






2. Once you have started the program, you will need to click the scanner button.



The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.



At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.
 

Fla_Panther

PCHF Member
PCHF Member
Sep 19, 2016
38
4
44
FYI, your link for Adware cleaner didn't work so I found it via Google. The pic links are working now though.

# AdwCleaner v6.020 - Logfile created 29/09/2016 at 23:18:52
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-28.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : ******** - ********-PC
# Running from : C:\Users\********\Desktop\Virus Stuff\adwcleaner_6.020.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\Software\AppDataLow\Software\adawarebp
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\adawarebp
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\adawarebp


***** [ Web browsers ] *****

[-] [C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1247 Bytes] - [29/09/2016 23:18:52]
C:\AdwCleaner\AdwCleaner[R0].txt - [1193 Bytes] - [17/02/2014 11:30:01]
C:\AdwCleaner\AdwCleaner[R1].txt - [1253 Bytes] - [17/02/2014 23:00:21]
C:\AdwCleaner\AdwCleaner[S0].txt - [1285 Bytes] - [17/02/2014 23:00:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [1721 Bytes] - [29/09/2016 23:17:38]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1612 Bytes] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.8 (09.20.2016)
Operating System: Windows 7 Home Premium x64
Ran by ******** (Administrator) on Thu 09/29/2016 at 23:22:56.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8

Successfully deleted: C:\Users\********\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\97QNS4HT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\********\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZ4SBQ6Z (Temporary Internet Files Folder)
Successfully deleted: C:\Users\********\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QO8XJIKU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\********\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W57VEJPH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\97QNS4HT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZ4SBQ6Z (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QO8XJIKU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W57VEJPH (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/29/2016 at 23:26:32.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v4.1
Time: 2016_03_08_10_25_18
OS: Windows 7 Home Premium - x64 Bit
Account Name: ********
Adware Definition: 02112016
Repair Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\undefined

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool 5.1
Time: 2016_09_30_06_22_39
OS: Windows 7 Home Premium - x64 Bit
Account Name: ********
Adware Definition: 09282016
Elapsed time: 06:04
Repair Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

[-] Deleted ->> Folder ->> C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\http_d3l3lkinz3f56t.cloudfront.net_0.indexeddb.leveldb

[-] Deleted ->> Folder ->> C:\Users\********\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\http_d3l3lkinz3f56t.cloudfront.net_0.indexeddb.leveldb

[-] Repaired ->> File ->> C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Web Data

[-] Repaired ->> File ->> C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Preferences

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v4.1
Time: 2016_03_08_10_25_18
OS: Windows 7 Home Premium - x64 Bit
Account Name: ********
Adware Definition: 02112016
Scan Status:- Automatic Done

\\\\\\\\\\\\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\\\\\\\\\\\\

undefined ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\

undefined ->> Registry Key ->> HKEY_USERS\\S-1-5-21-3113485377-2953679804-1031508582-1000\Software\


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool 5.1
Time: 2016_09_30_06_22_39
OS: Windows 7 Home Premium - x64 Bit
Account Name: ********
Adware Definition: 09282016
Elapsed time: 06:04
Scan Status:- Automatic Done

\\\\\\\\\\\\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\\\\\\\\\\\\

Folder Found : Adware.Trotux.com : C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\http_d3l3lkinz3f56t.cloudfront.net_0.indexeddb.leveldb
Folder Found : Adware.Trotux.com : C:\Users\********\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\http_d3l3lkinz3f56t.cloudfront.net_0.indexeddb.leveldb
Browser: Chrome Found : Adware.Trotux.com : C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Web Data
Browser: Chrome Found : Adware.Trotux.com : C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Preferences



~ ZHPCleaner v2016.9.29.152 by Nicolas Coolman (2016/09/29)
~ Run by ******** (Administrator) (30/09/2016 06:34:27)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\********\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\********\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)


---\\ Services (0)
~ No malicious or unnecessary items found.


---\\ Browser internet (7)
FOUND file: C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863\storage\temporary\http+++game258437.konggames.com\.metadata =>PUP.Optional.KongGames
FOUND file: C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863\storage\temporary\http+++game258437.konggames.com\asmjs\metadata =>PUP.Optional.KongGames
FOUND file: C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863\storage\temporary\http+++game258437.konggames.com\asmjs\module15 =>PUP.Optional.KongGames
FOUND file: C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863\storage\default\http+++gameofthrones.wikia.com\.metadata =>.Superfluous.IronSourceLtd
FOUND file: C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863\storage\default\http+++gameofthrones.wikia.com\idb\1560848701eBcD_dIenxde.sqlite =>.Superfluous.IronSourceLtd
FOUND file: C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863\storage\default\http+++game258437.konggames.com\.metadata =>PUP.Optional.KongGames
FOUND file: C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863\storage\default\http+++game258437.konggames.com\idb\2083995541%s2fFbid.sqlite =>PUP.Optional.KongGames


---\\ Hosts file (2)
FOUND:
Number of found redirections 1/22


---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\ Explorer ( File, Folder) (3)
FOUND file: C:\Windows\Installer\wix{2F72F540-1F60-4266-9506-952B21D6640D}.SchedServiceConfig.rmi =>.Superfluous.Empty
FOUND file: C:\Windows\Installer\wix{963BFE7E-C350-4346-B43C-B02358306A45}.SchedServiceConfig.rmi =>.Superfluous.Empty
FOUND folder: C:\Program Files (x86)\QuickTime =>Riskware.QuickTime


---\\ Registry ( Key, Value, Data) (3)
FOUND key: HKEY_USERS\S-1-5-21-3113485377-2953679804-1031508582-1000\SOFTWARE\GreenTree Applications [] =>.Superfluous.GreenTreeApp
FOUND key: HKCU\Software\GreenTree Applications [] =>.Superfluous.GreenTreeApp
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\GreenTree Applications [] =>.Superfluous.GreenTreeApp


---\\ Summary of the elements found (5)
https://www.nicolascoolman.com/fr/repaquetage-et_infections/ =>PUP.Optional.KongGames
https://www.anti-malware.top/2016/05/02/superfluous-ironsourceltd/ =>.Superfluous.IronSourceLtd
https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.Empty
https://www.anti-malware.top/2016/04/21/riskware-quicktime/ =>Riskware.QuickTime
https://www.anti-malware.top/2016/09/10/superfluous-greentreeapp/ =>.Superfluous.GreenTreeApp


---\\ Result of repair
~ Any repair made
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 63131
~ Items found : 14
~ Items cancelled : 0
~ Items repaired : 0


~ End of search in 00h04mn51s
~====================
ZHPCleaner--30092016-06_39_18.txt
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,389
551
9-Lab Scan.


  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.


Security Check Scan.

  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.
Please Copy & Paste them into your next reply
 

Fla_Panther

PCHF Member
PCHF Member
Sep 19, 2016
38
4
44
Did winscp (or that version of it) actually have malware in it or might that be a false positive? If the former that's really annoying. It seems to getting harder and harder to find good freeware you can trust anymore. It's a d*** shame. At least I never ran it on my PC. It was in a folder of work files I'd backed up for emergency access in case my work laptop ever died.

I do have a Windows updates indicator that I've been postponing for about a week, been too busy to read up on what they're installing (since they no longer share what each update does through the Windows Update tool), I'll need to do that this weekend. And a reminder that my iTunes-related programs have updates ... I've been avoiding that. Last time I updated iTunes they wiped out ratings on all my songs which have taken me many hundreds of man-hours to set up. I was so pissed last time. I need to find a way to back up that data, then upgrade that stuff.


9-lab Removal Tool 1.0.0.39 BETA
9-lab.com

Database version: 142.43560

Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.11.9600.18282
******** :: ********-PC

9/30/2016 9:47:29 PM
9lab-log-2016-09-30 (21-47-29).txt

Scan type: Full
Objects scanned: 48011
Time Elapsed: 19 m 36 s

Registry Keys detected: 1
Adware.RPL.Shopper.dd [HKEY_CURRENT_USER\Software\GreenTree Applications]


Files detected: 24
[138AA29868C16ED60D4890BF4197A709] Trojan.FPL.Rotbrow.vl [c:\users\********\appdata\roaming\ZHP\Quarantine\hosts]
[50C3FDD98323557189AC4FC5B1D9DEE9] Trojan.FPL.Rotbrow.vl [c:\users\********\appdata\roaming\ZHP\Tempo.txt]
[B61C0B2D876914591BBA8B8C5CC16534] Trojan.FPL.Rotbrow.vl [c:\users\********\appdata\roaming\ZHP\Trace.txt]
[0588458A33C5066307042054DDD73B02] Trojan.FPL.Rotbrow.vl [c:\users\********\appdata\roaming\ZHP\ZHPCleaner-S-30092016-

(NOTE: the line above actually had brackets around the S in "ZHPCleaner-S-30092016-" but that was causing the BB code to think everything after that was strikethrough text so I removed the brackets.)

06_39_18.txt]
[78CB90FBBEB71A59EC70F162E2750CC2] Trojan.FPL.Rotbrow.vl [c:\users\********\appdata\roaming\ZHP\ZHPCleaner.txt]
[7B5E1D30E89E0EF1C86FECB977131673] Trojan.FPL.Rotbrow.vl [c:\users\********\appdata\roaming\ZHP\ZHPCleaner_Quarantine.txt]
[85E85B5BC75B0D712FEDB5633E1D2AFB] Adware.FMPL.Gen.se [C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\GEARDIFx.exe]
[1A2E5109C2BB5C68D499E17B83ACB73A] Adware.FMPL.Gen.se [C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxAPI.dll]
[F6E8C0D5EC7A8D223F3BA3436701DCBD] Adware.FMPL.Gen.se [C:\ProgramData\34BE82C4-E596-4e99-A191-

52C6199EBF69\x64\DifXInst64.exe]
[50F23B45CFA102F7B0BB1442B5382990] Adware.FMPL.Gen.se [C:\ProgramData\34BE82C4-E596-4e99-A191-

52C6199EBF69\x64\DIFxInstallLog.txt]
[498BD12B38B549887D9E856EB734354E] Adware.FMPL.Gen.se [C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi.dll]
[5C7B8533FEC9E65368D14965EC4C9D8A] Adware.FMPL.Gen.se [C:\ProgramData\34BE82C4-E596-4e99-A191-

52C6199EBF69\x64\GEARAspi64.dll]
[834C766FE011C0090FB4DAF6279A8DF4] Adware.FMPL.Gen.se [C:\ProgramData\34BE82C4-E596-4e99-A191-

52C6199EBF69\x64\GEARAspiWDM.inf]
[C7E5945B9C608A2A23E97425A5B91415] Adware.FMPL.Gen.se [C:\ProgramData\34BE82C4-E596-4e99-A191-

52C6199EBF69\x64\gearaspiwdmx64.cat]
[8E98D21EE06192492A5671A6144D092F] Adware.FMPL.Gen.se [C:\ProgramData\34BE82C4-E596-4e99-A191-

52C6199EBF69\x64\x64\GEARAspiWDM.sys]
[7B8C01ABF51EFFA251E702F4328AA696] Adware.MPL.Gen.se [c:\users\********\appdata\local\Google\Chrome\User Data\Default\local

storage\http_www.lyricsfreak.com_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Adware.MPL.Gen.se [c:\users\********\appdata\local\Google\Chrome\User Data\Default\local

storage\http_www.lyricsfreak.com_0.localstorage-journal]
[8752C3AB19C1145022F3FF45268EB45B] Malware.Win32.Gen.sm [C:\Users\********\Desktop\Brighthouse Docs\Programs

\winscp428setup.exe]
[8752C3AB19C1145022F3FF45268EB45B] Malware.Win32.Gen.sm [C:\Users\********\Desktop\Brighthouse Docs\zz - Emergency Docs

\Programs\winscp428setup.exe]
[7EA0260488F304D68067A50B33A23AC2] Malware.Win32.Gen.sm [C:\Users\********\Desktop\Virus Stuff\zoek.exe]
[879F717AAF16E2C5264B11B935A784B5] Malware.Win32.Gen.cld [C:\Users\********\AppData\Roaming\BitTorrent\updates

\7.9.2_34543.exe]
[9A3087AA7F3461A83F2FEB72330EAB0D] Malware.Win32.Gen.cs0 [C:\Users\********\AppData\Roaming\ZHP\ZHPCleaner.exe]
[9A3087AA7F3461A83F2FEB72330EAB0D] Malware.Win32.Gen.cs0 [C:\Users\********\Desktop\Virus Stuff\ZHPCleaner.exe]
[CC7AA7B42CF418FC3D926913490048F8] Malware.Win32.Gen.cld [C:\Windows\zoek-delete.exe]

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 01.10.2016 05:22:49
Path starting: C:\Users\********\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: ********
VersionXML: 3.39is-26.09.2016
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x64) HomePremium Lang: English(0409)
Installation date OS: 17.07.2013 03:55:10
LicenseStatus: Windows(R) 7, HomePremium edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [465.7 Gb] Used: [249.2 Gb] Free: [216.5 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18282 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
Notify before download
Date install updates: 2016-05-06 07:01:03
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2007 v.12.0.4518.1014
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
-------------------------- [ SecurityUtilities ] --------------------------
Zemana AntiMalware v.2.50.67
--------------------------- [ OtherUtilities ] ----------------------------
Foxit Reader v.7.2.8.1124 Warning! Download Update
WinRAR archiver
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.21 v.7.21.100 Warning! Download Update
^Optional update.^
--------------------------------- [ P2P ] ---------------------------------
BitTorrent v.7.9.6.42095 Warning! P2P-client.
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 31 v.8.0.310 Warning! Download Update
Uninstall old version and install new one (jre-8u102-windows-i586.exe).
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.0.0.10 Warning! Download Update
^Please use Apple Software Update tool.^
iTunes v.11.0.4.4 Warning! Download Update
^Please use Apple Software Update tool.^
QuickTime v.7.69.80.9 Warning! This software is no longer supported. Please uninstall it and use another software.
Bonjour Service (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 23 ActiveX v.23.0.0.162
Adobe Flash Player 23 NPAPI v.23.0.0.162
------------------------------- [ Browser ] -------------------------------
Google Chrome v.53.0.2785.116
Mozilla Firefox 47.0 (x86 en-US) v.47.0 Warning! Download Update
------------------ [ AntivirusFirewallProcessServices ] -------------------
Windows Defender (WinDefend) - The service is running
ZAM Controller Service (ZAMSvc) - The service has stopped
----------------------------- [ End of Log ] ------------------------------


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2016
Ran by ******** (administrator) on ********-PC (01-10-2016 05:30:04)
Running from C:\Users\********\Desktop\Virus Stuff
Loaded Profiles: ******** (Available Profiles: ********)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6963272 2013-01-15] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13733616 2016-09-23] (Zemana Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-03-14] (Acresso Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
Startup: C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk [2014-04-09]
ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe ()
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{71B88154-5A6B-457A-ADCF-3F33C69C7093}: [NameServer] 75.114.81.1,75.114.81.2

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-22] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-22] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "192.168.0.202"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "192.168.0.202"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.0.202"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "192.168.0.202"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-11-28] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3113485377-2953679804-1031508582-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\********\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]

Chrome:
=======
CHR Profile: C:\Users\********\AppData\Local\Google\Chrome\User Data\Default [2016-10-01]
CHR Extension: (Google Slides) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-05]
CHR Extension: (Google Docs) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-05]
CHR Extension: (Google Drive) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-05]
CHR Extension: (YouTube) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-05]
CHR Extension: (Google Search) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-05]
CHR Extension: (Google Sheets) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-01]
CHR Extension: (VNC® Viewer for Google Chrome™) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabmpiboiopbgfabjmgeedhcmjenhbla [2016-04-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-25]
CHR Extension: (Gmail) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-05]
CHR Extension: (Chrome Media Router) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-24]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [245760 2013-11-21] (BUFFALO INC.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13733616 2016-09-23] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [120256 2009-01-29] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [120256 2009-01-29] (SlySoft, Inc.)
S3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (BEHRINGER)
S3 BUSB_AUDIO_WDM; C:\Windows\System32\drivers\busbwdm.sys [49728 2009-10-30] (BEHRINGER)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-05-06] (BlackBerry Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-05-07] (Research in Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-09-25] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-09-25] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-01 05:22 - 2016-10-01 05:22 - 00000000 ____D C:\SecurityCheck
2016-09-30 21:46 - 2016-09-30 21:46 - 00000000 ____D C:\Users\********\AppData\Roaming\9-lab
2016-09-30 21:45 - 2016-09-30 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2016-09-30 21:45 - 2016-09-30 21:45 - 00000000 ____D C:\ProgramData\9-lab
2016-09-30 21:45 - 2016-09-30 21:45 - 00000000 ____D C:\Program Files\9-lab
2016-09-30 06:33 - 2016-09-30 06:34 - 00000830 _____ C:\Users\********\Desktop\ZHPCleaner.lnk
2016-09-29 23:11 - 2016-09-29 23:11 - 00001746 _____ C:\Users\********\Desktop\VPN Config.txt
2016-09-25 22:43 - 2016-09-28 00:05 - 42226084 _____ C:\Users\********\Desktop\Song Idea 38 (Alternate RG 2) (2016-09-25).wav
2016-09-25 07:53 - 2016-10-01 05:30 - 04290369 _____ C:\Windows\ZAM.krnl.trace
2016-09-25 07:53 - 2016-10-01 05:30 - 00645361 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-09-25 07:53 - 2016-09-25 07:53 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-09-25 07:52 - 2016-09-25 07:53 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-09-25 07:52 - 2016-09-25 07:52 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-09-25 07:52 - 2016-09-25 07:52 - 00001152 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-09-25 07:52 - 2016-09-25 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-09-24 23:46 - 2016-09-24 23:46 - 00000000 ____D C:\Users\********\AppData\Local\Zemana
2016-09-23 22:15 - 2016-09-23 22:15 - 00000857 _____ C:\Users\********\Desktop\Chili Lime Popcorn Chicken.txt
2016-09-12 18:18 - 2016-09-12 18:36 - 00000000 ____D C:\Users\********\Desktop\VW Stuff
2016-09-02 22:43 - 2016-09-02 22:43 - 05274517 _____ C:\Users\********\Desktop\resutoran.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-01 05:30 - 2016-03-08 09:32 - 00000000 ____D C:\FRST
2016-10-01 05:29 - 2016-03-08 09:17 - 00000000 ____D C:\Users\********\Desktop\Virus Stuff
2016-10-01 05:27 - 2009-07-14 00:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-01 05:27 - 2009-07-14 00:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-01 05:11 - 2015-08-15 11:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-01 05:09 - 2016-02-05 01:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-30 22:09 - 2016-02-05 01:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-30 06:22 - 2016-03-08 11:25 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-09-29 23:27 - 2009-07-14 01:13 - 00799970 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-29 23:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-09-29 23:21 - 2013-07-16 23:55 - 00000000 ____D C:\Users\********
2016-09-29 23:20 - 2015-09-12 00:53 - 00000000 ____D C:\ProgramData\PACE
2016-09-29 23:20 - 2013-07-16 20:31 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-29 23:20 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-29 23:18 - 2014-02-17 11:29 - 00000000 ____D C:\AdwCleaner
2016-09-28 00:17 - 2015-03-09 18:39 - 00000000 ____D C:\Users\********\AppData\Roaming\Audacity
2016-09-27 05:57 - 2016-05-11 19:38 - 00000000 ____D C:\Users\********\Desktop\Royalty Free Samples
2016-09-24 23:58 - 2016-03-08 09:35 - 00000000 ____D C:\zoek_backup
2016-09-24 23:42 - 2013-07-16 19:24 - 00109296 _____ C:\Users\********\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-24 23:29 - 2014-10-10 11:58 - 00000000 ____D C:\Users\********\AppData\Roaming\BitTorrent
2016-09-24 23:29 - 2014-08-15 02:21 - 00000000 ____D C:\Windows\Minidump
2016-09-24 23:25 - 2009-07-14 00:45 - 00413000 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-24 23:24 - 2014-02-15 01:36 - 00000000 ____D C:\Program Files (x86)\Panda Security
2016-09-24 23:22 - 2016-04-02 20:38 - 00000000 ____D C:\Program Files\VcXsrv
2016-09-24 23:19 - 2015-10-03 18:11 - 00000000 ____D C:\Users\********\AppData\Local\Dropbox
2016-09-24 23:19 - 2015-04-08 10:07 - 00000000 ____D C:\Users\********\AppData\Roaming\Dropbox
2016-09-24 23:15 - 2016-03-04 17:04 - 00000000 ____D C:\ProgramData\Panda Security
2016-09-24 21:08 - 2014-01-19 04:26 - 00001732 _____ C:\Users\********\Desktop\Fire Pic XIF data.txt
2016-09-16 18:11 - 2016-02-05 01:26 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-14 19:11 - 2015-08-15 11:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-14 19:11 - 2013-07-17 18:30 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-14 19:11 - 2013-07-17 18:30 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-14 19:11 - 2013-07-17 18:30 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-14 19:11 - 2013-07-17 18:30 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-13 23:55 - 2015-08-16 12:25 - 00000600 _____ C:\Users\********\AppData\Local\PUTTY.RND
2016-09-12 18:31 - 2013-10-08 18:48 - 00000000 ____D C:\Users\********\Desktop\Pics
2016-09-12 18:26 - 2013-08-14 10:03 - 00000000 ____D C:\Users\********\AppData\Roaming\Foxit Software

==================== Files in the root of some directories =======

2014-05-25 23:28 - 2014-05-25 23:28 - 0004608 _____ () C:\Users\********\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-16 19:24 - 2013-07-16 19:24 - 0000093 _____ () C:\Users\********\AppData\Local\fusioncache.dat
2015-08-16 12:25 - 2016-09-13 23:55 - 0000600 _____ () C:\Users\********\AppData\Local\PUTTY.RND
2014-06-22 17:16 - 2014-06-22 17:16 - 0009133 _____ () C:\Users\********\AppData\Local\recently-used.xbel
2014-02-14 17:12 - 2014-02-14 17:12 - 0000040 ___SH () C:\ProgramData\.zreglib
2014-04-21 21:05 - 2014-04-21 21:05 - 0001534 _____ () C:\ProgramData\ss.ini

Some files in TEMP:
====================
C:\Users\********\AppData\Local\Temp\libeay32.dll
C:\Users\********\AppData\Local\Temp\msvcr120.dll
C:\Users\********\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-30 00:16

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-09-2016
Ran by ******** (01-10-2016 05:30:30)
Running from C:\Users\********\Desktop\Virus Stuff
Windows 7 Home Premium Service Pack 1 (X64) (2013-07-17 03:55:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3113485377-2953679804-1031508582-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3113485377-2953679804-1031508582-1004 - Limited - Enabled)
Guest (S-1-5-21-3113485377-2953679804-1031508582-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3113485377-2953679804-1031508582-1002 - Limited - Enabled)
******** (S-1-5-21-3113485377-2953679804-1031508582-1000 - Administrator - Enabled) => C:\Users\********

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version: - )
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
ALLDATA Repair (HKLM-x32\...\{73090A5A-E0C0-4E0B-A320-E183877061A5}) (Version: 10.51.1000.101 - ALLDATA Corporation)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: - SlySoft)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio FREE v.1.12.0 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.12.0 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Authorizer 2.9.0d5 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.9.0d5 - Propellerhead Software AB)
Auto Clicker Typer 1.0 (HKLM-x32\...\Auto Clicker Typer_is1) (Version: - A Software Plus)
BEHRINGER USB AUDIO DRIVER (HKLM\...\USB_AUDIO_DEusb-audio.deBehringer2902) (Version: - )
BitTorrent (HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\...\BitTorrent) (Version: 7.9.6.42095 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BUFFALO NAS Navigator2 (HKLM-x32\...\UN060501) (Version: 2.76 - Buffalo Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
File Writer output plugin for WinAMP 2 v1.17(c) (remove only) (HKLM-x32\...\File Writer output plugin) (Version: - )
FNC 11 Installer (x32 Version: 11.06.0000 - Acresso Software) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.8.1124 - Foxit Software Inc.)
GEAR driver installer for AMD64 and Intel EM64T (HKLM\...\{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}) (Version: 2.003.1 - GEAR Software, Inc.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GNS3 0.8.7 (HKLM-x32\...\GNS3) (Version: 0.8.7 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.1.879 - Paramount Software (UK) Ltd.) Hidden
Media Player Classic - Home Cinema 1.6.1.4235 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.1.4235 - MPC-HC Team)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft GIF Animator (HKLM-x32\...\GIF Animator) (Version: - )
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.6.8 - )
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
PACE License Support Win64 (Version: 2.4.7.0852 - PACE Anti-Piracy, Inc.) Hidden
Password Safe (HKLM-x32\...\Password Safe) (Version: - )
Python 2.7.10 (64-bit) (HKLM\...\{E2B51919-207A-43EB-AE78-733F9C6797C3}) (Version: 2.7.10150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6823 - Realtek Semiconductor Corp.)
Reason 5.0 (HKLM-x32\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
Reason 8 8.3.2d7 (HKLM\...\Reason8.0Stable_64_is1) (Version: 8.3.2d7 - Propellerhead Software AB)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Tag&Rename 3.7 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.7 - Softpointer Inc)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Winamp (remove only) (HKLM-x32\...\Winamp) (Version: - )
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.50.67 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0130F891-3294-4032-A95E-2551D0785764} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-05] (Google Inc.)
Task: {10F79057-2BA5-4EF2-9C33-C6803BF2343F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-05] (Google Inc.)
Task: {17A3A26B-8904-4FC0-8EA4-1FA5F34B0499} - System32\Tasks\{ED9CE805-6CA7-49AD-96BA-8214E14EB2A8} => pcalua.exe -a C:\Users\********\Desktop\WinAmp\Nulsoft_WMA_Input_Plugin.exe -d C:\Users\********\Desktop\WinAmp
Task: {48E8C69E-3232-4C58-8D50-89E05A199CA5} - System32\Tasks\{10E18378-6BD7-4004-8E1E-01EFE3AF895E} => pcalua.exe -a C:\Users\********\Desktop\WinAmp\Monkey_Audio_Winamp_Plugin.exe -d C:\Users\********\Desktop\WinAmp
Task: {7768EB24-B97D-494E-AEA2-7BC990DE5602} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-14] (Adobe Systems Incorporated)
Task: {A0D703AA-157D-4B49-87F0-1F44E9BCB6BC} - System32\Tasks\{6096C1D6-5EF7-43E1-96F5-CA2E7F43B324} => pcalua.exe -a "C:\Users\********\Desktop\New folder\irfanview_plugins_430_setup.exe" -d "C:\Users\********\Desktop\New folder"
Task: {D25D2FF5-6CAA-49BA-B31C-5F14CE31FC4C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {D2D672C5-BE14-408F-84C4-0FCA6CF64C9B} - System32\Tasks\{4AE2B404-0A18-4C78-9A08-066ED4826374} => pcalua.exe -a "C:\Users\********\Desktop\WinAmp\WinAmp 2.91\Flac_Plugin_for_WA2.exe" -d "C:\Users\********\Desktop\WinAmp\WinAmp 2.91"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\VNC® Viewer for Google Chrome™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=iabmpiboiopbgfabjmgeedhcmjenhbla

==================== Loaded Modules (Whitelisted) ==============

2013-07-17 10:39 - 2005-06-07 12:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2009-11-24 19:36 - 2009-11-24 19:36 - 00125440 _____ () C:\Program Files (x86)\Notepad++\NppShell_01.dll
2016-09-25 07:53 - 2016-09-25 07:53 - 00123760 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:73C67ABEEE751B55 [50]
AlternateDataStreams: C:\ProgramData\PACE:BAE58937CBFFCB07 [217]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-07-24 10:57 - 2016-03-08 09:37 - 00000841 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\Control Panel\Desktop\\Wallpaper -> Ïöu
DNS Servers: 75.114.81.1 - 75.114.81.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{AD67C483-AC60-41BB-AA6A-6F29AFB8D06A}D:\lotro 1\lotroclient.exe] => (Allow) D:\lotro 1\lotroclient.exe
FirewallRules: [UDP Query User{C02AF7DB-64DC-464A-A265-114A4DE86935}D:\lotro 1\lotroclient.exe] => (Allow) D:\lotro 1\lotroclient.exe
FirewallRules: [{1F3499E8-655E-432D-8E46-DB2E4C4AF239}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{E20751D3-ACF2-479E-92E5-F3A406C8CF05}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{1EC0EB4B-4D08-4925-8D6F-EFEF41310536}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{9CD06F24-04E1-472B-ACDA-0C09F54A0522}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{15CD3CE9-7F17-4BC3-8ED9-1B0225B4C65C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6AD4480E-521E-4E89-B5CE-9AD3DE4D8B93}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F43A05E1-63E1-4A1A-910C-182232020BDE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{34CE8CF7-68C3-49BC-ACD3-EE8F8ECAE765}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{A1EA805D-A3B5-4079-B33A-FD26FEBAB8D4}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{37F3B9E2-EB1E-4AE1-BE6B-CEF37EC496E7}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{2EE99B42-3919-4534-B710-EB69610D46AB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{032587B6-A885-462D-B804-927DA9D1AD55}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{077FACB6-55AC-4832-9097-C85A5D7D026C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{4F5B9F22-C33A-4D83-9053-5482949DD1E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{51B26A99-E019-494B-95B0-1500FED4E4EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A7408BE0-4307-42A0-8356-93EAE9B2CCBE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{44466AEE-8566-4572-BDEF-DE303D8AE807}D:\lotro 1\lotroclient.exe] => (Allow) D:\lotro 1\lotroclient.exe
FirewallRules: [UDP Query User{DCD31EE1-4676-4A86-8ABB-39D2EDB735E1}D:\lotro 1\lotroclient.exe] => (Allow) D:\lotro 1\lotroclient.exe
FirewallRules: [TCP Query User{113F6EB5-3276-4474-861E-6E442A9A1347}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{EFA9DFE5-0481-4F1F-9A7D-A49258143EA7}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [{2E973914-B053-4AE4-9C96-6F5982475618}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{7E4431AB-1944-4EF8-B85A-D6A0946732F9}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{9DD1246B-EB22-44D9-9D35-898337EC5652}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{0BA1CC7C-C7AF-446B-9F55-422DBFBBA7CD}] => (Allow) C:\Users\********\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A7895A56-09CD-459C-8A11-0CF1BFAAAC94}] => (Allow) C:\Users\********\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{A5268866-D16A-4EC6-9440-D886DD5182E8}C:\program files\gns3\dynamips.exe] => (Allow) C:\program files\gns3\dynamips.exe
FirewallRules: [UDP Query User{18A19F28-115E-47B2-A1C9-28C16A276AEA}C:\program files\gns3\dynamips.exe] => (Allow) C:\program files\gns3\dynamips.exe
FirewallRules: [{83C19C54-7633-4BDB-99BC-BF5545CD7B49}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DF1B2D19-10C9-40B6-97A7-3941A6B4E33C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{AA1814B4-675B-4A51-B85A-3409C5F0E60F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{95C89ED3-AB41-4B3B-BA3B-FDDFEB705E13}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{AA1DB257-7E9F-4A58-AD69-209215D58549}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{70B7B4D9-1F62-4550-B771-B1C8D0150210}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A2830A0B-6DF1-48E6-A6ED-26392C03B918}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BD29FCFC-559D-46E8-865E-99677278F812}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

29-09-2016 12:05:17 Windows Update
29-09-2016 23:23:03 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/29/2016 11:21:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/29/2016 11:20:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3958, time stamp: 0x54256c7d
Faulting module name: igfxCUIService.exe, version: 6.15.10.3958, time stamp: 0x54256c7d
Exception code: 0xc0000005
Fault offset: 0x000000000000ee28
Faulting process id: 0x43c
Faulting application start time: 0x01d21ac98825c9f4
Faulting application path: C:\Windows\system32\igfxCUIService.exe
Faulting module path: C:\Windows\system32\igfxCUIService.exe
Report Id: d0ae8c64-86bc-11e6-a20d-d43d7eb196c8

Error: (09/25/2016 07:51:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/25/2016 07:50:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3958, time stamp: 0x54256c7d
Faulting module name: igfxCUIService.exe, version: 6.15.10.3958, time stamp: 0x54256c7d
Exception code: 0xc0000005
Fault offset: 0x000000000001133c
Faulting process id: 0x474
Faulting application start time: 0x01d21722e6043637
Faulting application path: C:\Windows\system32\igfxCUIService.exe
Faulting module path: C:\Windows\system32\igfxCUIService.exe
Report Id: 376ea062-8316-11e6-9246-d43d7eb196c8

Error: (09/24/2016 11:26:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/24/2016 11:25:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3958, time stamp: 0x54256c7d
Faulting module name: igfxCUIService.exe, version: 6.15.10.3958, time stamp: 0x54256c7d
Exception code: 0xc0000005
Fault offset: 0x000000000001133c
Faulting process id: 0x450
Faulting application start time: 0x01d216dc6eeaf035
Faulting application path: C:\Windows\system32\igfxCUIService.exe
Faulting module path: C:\Windows\system32\igfxCUIService.exe
Report Id: c005a419-82cf-11e6-a4d5-d43d7eb196c8

Error: (09/24/2016 11:21:44 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: ********-PC)
Description: Application or service 'TightVNC Server' could not be shut down.

Error: (09/24/2016 11:10:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3958, time stamp: 0x54256c7d
Faulting module name: igfxCUIService.exe, version: 6.15.10.3958, time stamp: 0x54256c7d
Exception code: 0xc0000005
Fault offset: 0x000000000001133c
Faulting process id: 0x5c0
Faulting application start time: 0x01d216da10af12d2
Faulting application path: C:\Windows\system32\igfxCUIService.exe
Faulting module path: C:\Windows\system32\igfxCUIService.exe
Report Id: a2b9766d-82cd-11e6-b007-d43d7eb196c8

Error: (09/24/2016 11:09:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/22/2016 07:40:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028


System errors:
=============
Error: (09/29/2016 11:25:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (09/29/2016 11:24:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAM Controller Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/29/2016 11:24:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/29/2016 11:24:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/29/2016 11:20:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error:
Unspecified error

Error: (09/29/2016 11:19:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (09/29/2016 11:19:19 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (09/29/2016 11:19:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (09/29/2016 11:19:18 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (09/29/2016 11:18:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 30%
Total physical RAM: 8122.92 MB
Available physical RAM: 5672.44 MB
Total Virtual: 16244.02 MB
Available Virtual: 14141.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:216.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5390540C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,149
498
PCHF Bunker
pchelpforum.net
Hi,

I see that you have BitTorrent installed. It is against PCHF Rules, and your malware treatment has been halted until this is removed. This is for your safety, as P2P programs can bring malware to your PC and if it's not fully clean, that will cause problems. Please remove it, then post a fresh FRST log to verify it. :)

Thank you.
 

Fla_Panther

PCHF Member
PCHF Member
Sep 19, 2016
38
4
44
Here you go:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2016
Ran by ******** (administrator) on ********-PC (03-10-2016 12:27:02)
Running from C:\Users\********\Desktop\Virus Stuff
Loaded Profiles: ******** (Available Profiles: ********)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6963272 2013-01-15] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13733616 2016-09-23] (Zemana Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-03-14] (Acresso Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
Startup: C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk [2014-04-09]
ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe ()
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{71B88154-5A6B-457A-ADCF-3F33C69C7093}: [NameServer] 75.114.81.1,75.114.81.2

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-07-22] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 [2016-10-01]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> Google
FF Homepage: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> hxxp://www.google.com/
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.ftp", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.ftp_port", 0
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.socks", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.socks_port", 0
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.ssl", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.ssl_port", 0
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> ftp", "192.168.0.202"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> http", "192.168.0.202"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> http_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> socks", "192.168.0.202"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> ssl", "192.168.0.202"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-11-28] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3113485377-2953679804-1031508582-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\********\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]

Chrome:
=======
CHR Profile: C:\Users\********\AppData\Local\Google\Chrome\User Data\Default [2016-10-03]
CHR Extension: (Google Slides) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-05]
CHR Extension: (Google Docs) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-05]
CHR Extension: (Google Drive) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-05]
CHR Extension: (YouTube) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-05]
CHR Extension: (Google Search) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-05]
CHR Extension: (Google Sheets) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-01]
CHR Extension: (VNC® Viewer for Google Chrome™) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabmpiboiopbgfabjmgeedhcmjenhbla [2016-04-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-25]
CHR Extension: (Gmail) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-05]
CHR Extension: (Chrome Media Router) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-24]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [245760 2013-11-21] (BUFFALO INC.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13733616 2016-09-23] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [120256 2009-01-29] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [120256 2009-01-29] (SlySoft, Inc.)
S3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (BEHRINGER)
S3 BUSB_AUDIO_WDM; C:\Windows\System32\drivers\busbwdm.sys [49728 2009-10-30] (BEHRINGER)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-05-06] (BlackBerry Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-05-07] (Research in Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-09-25] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-09-25] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-02 23:04 - 2016-10-02 23:37 - 00000000 ____D C:\Users\********\Desktop\PC Recovery tools
2016-10-02 16:49 - 2016-10-02 16:49 - 00001886 _____ C:\Users\********\Desktop\Data Recovery notes.txt
2016-10-01 23:39 - 2016-09-01 15:26 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-01 23:39 - 2016-09-01 14:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-01 23:39 - 2016-08-31 23:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-01 23:39 - 2016-08-31 23:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-01 23:39 - 2016-08-31 22:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-01 23:39 - 2016-08-31 22:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-01 23:39 - 2016-08-31 22:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-01 23:39 - 2016-08-31 22:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-01 23:39 - 2016-08-31 22:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-01 23:39 - 2016-08-31 22:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-01 23:39 - 2016-08-31 22:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-01 23:39 - 2016-08-31 22:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-01 23:39 - 2016-08-31 22:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-01 23:39 - 2016-08-31 22:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-01 23:39 - 2016-08-31 22:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-01 23:39 - 2016-08-31 22:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-01 23:39 - 2016-08-31 22:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-01 23:39 - 2016-08-31 21:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-01 23:39 - 2016-08-31 21:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-01 23:39 - 2016-08-31 21:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-01 23:39 - 2016-08-31 21:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-01 23:39 - 2016-08-31 21:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-01 23:39 - 2016-08-31 21:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-01 23:39 - 2016-08-31 21:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-01 23:39 - 2016-08-31 21:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-01 23:39 - 2016-08-31 21:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-01 23:39 - 2016-08-31 21:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-01 23:39 - 2016-08-31 21:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-01 23:39 - 2016-08-31 21:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-01 23:39 - 2016-08-31 20:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-01 23:39 - 2016-08-31 20:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-01 23:39 - 2016-08-31 20:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-01 23:39 - 2016-08-31 20:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-01 23:39 - 2016-08-31 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-01 23:39 - 2016-08-31 20:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-01 23:39 - 2016-08-31 20:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-01 23:39 - 2016-08-31 20:24 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-01 23:39 - 2016-08-31 20:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-01 23:39 - 2016-08-31 20:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-01 23:39 - 2016-08-31 20:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-01 23:39 - 2016-08-31 20:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-01 23:39 - 2016-08-31 20:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-01 23:39 - 2016-08-31 20:15 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-01 23:39 - 2016-08-31 20:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-01 23:39 - 2016-08-31 20:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-01 23:39 - 2016-08-31 20:11 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-01 23:39 - 2016-08-31 20:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-01 23:39 - 2016-08-31 20:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-01 23:39 - 2016-08-31 20:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-01 23:39 - 2016-08-31 20:03 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-01 23:39 - 2016-08-31 19:59 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-01 23:39 - 2016-08-31 19:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-01 23:39 - 2016-08-31 19:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-01 23:39 - 2016-08-31 19:47 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-01 23:39 - 2016-08-31 19:46 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-01 23:39 - 2016-08-31 19:44 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-01 23:39 - 2016-08-31 19:42 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-01 23:39 - 2016-08-31 19:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-01 23:39 - 2016-08-31 19:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-01 23:39 - 2016-08-31 19:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-01 23:39 - 2016-08-31 19:27 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-01 23:39 - 2016-08-31 19:26 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-01 23:39 - 2016-08-31 19:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-01 23:39 - 2016-08-31 19:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-01 23:39 - 2016-08-31 18:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-01 23:39 - 2016-08-31 18:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-01 23:39 - 2016-08-29 11:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-01 23:39 - 2016-08-29 11:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-01 23:39 - 2016-08-29 11:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-10-01 23:39 - 2016-08-29 11:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-10-01 23:39 - 2016-08-29 11:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-10-01 23:39 - 2016-08-29 11:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-10-01 23:39 - 2016-08-29 11:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-01 23:39 - 2016-08-29 10:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-10-01 23:39 - 2016-08-16 16:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-10-01 23:39 - 2016-08-16 16:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-10-01 23:39 - 2016-08-16 16:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-10-01 23:39 - 2016-08-16 16:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-10-01 23:39 - 2016-08-16 16:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-10-01 23:39 - 2016-08-16 16:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-10-01 23:39 - 2016-08-16 16:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-10-01 23:39 - 2016-08-16 13:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-10-01 23:39 - 2016-08-15 22:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-10-01 23:39 - 2016-08-15 22:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-01 23:39 - 2016-08-12 12:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-10-01 23:39 - 2016-08-12 12:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-10-01 23:39 - 2016-08-12 12:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-10-01 23:39 - 2016-08-06 11:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-10-01 23:39 - 2016-08-06 11:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-10-01 23:39 - 2016-06-25 20:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-10-01 23:39 - 2016-06-25 20:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-10-01 23:39 - 2016-06-25 20:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-10-01 23:39 - 2016-06-25 20:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-10-01 23:39 - 2016-06-25 20:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-10-01 23:39 - 2016-06-25 15:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-10-01 23:39 - 2016-06-25 15:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-10-01 23:39 - 2016-06-25 15:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-10-01 23:39 - 2016-06-25 15:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-10-01 23:39 - 2016-06-25 15:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-10-01 23:39 - 2016-05-18 12:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-10-01 23:39 - 2016-05-18 12:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-10-01 23:39 - 2016-05-13 18:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-10-01 23:39 - 2016-05-13 18:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-10-01 23:39 - 2016-05-13 18:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-10-01 23:39 - 2016-05-13 18:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-10-01 23:39 - 2016-05-13 18:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-10-01 23:39 - 2016-05-13 17:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-10-01 23:39 - 2016-05-13 17:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-10-01 23:39 - 2016-05-13 17:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-10-01 23:39 - 2016-05-13 17:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-10-01 23:39 - 2016-05-13 17:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-10-01 23:39 - 2016-05-12 13:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-10-01 23:39 - 2016-05-12 13:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-10-01 23:39 - 2016-05-12 13:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-10-01 23:39 - 2016-05-12 13:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-10-01 23:39 - 2016-05-12 13:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-10-01 23:39 - 2016-05-12 13:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-10-01 23:39 - 2016-05-12 11:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-10-01 23:39 - 2016-05-12 11:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-10-01 23:39 - 2016-05-12 11:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-10-01 23:39 - 2016-05-12 11:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-10-01 23:39 - 2016-05-11 13:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-10-01 23:39 - 2016-05-11 13:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-10-01 23:39 - 2016-05-11 13:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-10-01 23:39 - 2016-05-11 13:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-10-01 23:39 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-10-01 23:39 - 2016-05-11 11:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-10-01 23:39 - 2016-05-11 11:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-10-01 23:39 - 2016-05-11 11:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-10-01 23:39 - 2016-05-11 11:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-10-01 23:39 - 2016-05-11 11:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-10-01 23:39 - 2016-05-11 10:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-10-01 23:39 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-10-01 23:39 - 2016-04-14 09:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-10-01 23:39 - 2016-04-09 03:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-10-01 23:39 - 2016-04-09 03:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-10-01 23:39 - 2016-04-09 02:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-10-01 23:39 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-10-01 23:39 - 2016-04-08 23:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-10-01 23:39 - 2016-04-06 11:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-10-01 23:39 - 2015-12-16 14:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-10-01 23:39 - 2015-12-16 14:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-10-01 23:39 - 2015-12-16 14:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-10-01 23:39 - 2015-12-16 14:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-10-01 23:39 - 2015-12-16 14:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-10-01 23:39 - 2015-12-16 14:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-10-01 23:39 - 2015-12-16 14:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-10-01 23:39 - 2015-12-16 14:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-10-01 23:39 - 2015-08-05 13:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2016-10-01 23:39 - 2015-08-05 13:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2016-10-01 23:36 - 2016-09-02 11:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-01 23:36 - 2016-08-12 13:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-01 23:36 - 2016-06-14 13:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-01 23:35 - 2016-09-02 11:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-01 23:35 - 2016-09-02 11:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-01 23:35 - 2016-09-02 11:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-01 23:35 - 2016-09-02 11:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-01 23:35 - 2016-09-02 11:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-01 23:35 - 2016-09-02 11:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-01 23:35 - 2016-09-02 11:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-01 23:35 - 2016-09-02 11:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-01 23:35 - 2016-09-02 11:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-01 23:35 - 2016-09-02 11:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-01 23:35 - 2016-09-02 11:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-01 23:35 - 2016-09-02 11:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-01 23:35 - 2016-09-02 11:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-01 23:35 - 2016-09-02 11:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-01 23:35 - 2016-09-02 11:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-01 23:35 - 2016-09-02 11:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-01 23:35 - 2016-09-02 11:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 11:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-01 23:35 - 2016-09-02 11:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-01 23:35 - 2016-09-02 11:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-01 23:35 - 2016-09-02 11:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-01 23:35 - 2016-09-02 10:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-01 23:35 - 2016-09-02 10:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-01 23:35 - 2016-09-02 10:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-01 23:35 - 2016-09-02 10:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-01 23:35 - 2016-09-02 10:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-01 23:35 - 2016-09-02 10:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-01 23:35 - 2016-09-02 10:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-01 23:35 - 2016-09-02 10:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-01 23:35 - 2016-09-02 10:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-01 23:35 - 2016-09-02 10:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-01 23:35 - 2016-09-02 10:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-01 23:35 - 2016-09-02 10:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-01 23:35 - 2016-09-02 10:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-01 23:35 - 2016-09-02 10:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 10:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 10:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-01 23:35 - 2016-09-02 10:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-01 23:35 - 2016-08-12 13:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-01 23:35 - 2016-08-12 13:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-01 23:35 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-01 23:35 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-01 23:35 - 2016-08-12 12:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-01 23:35 - 2016-08-12 12:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-01 23:35 - 2016-08-12 12:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-01 23:35 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-01 23:35 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-01 23:35 - 2016-08-12 12:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-01 23:35 - 2016-08-06 11:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-01 23:35 - 2016-08-06 11:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-01 23:35 - 2016-08-06 11:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-01 23:35 - 2016-08-06 11:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-01 23:35 - 2016-08-06 11:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-01 23:35 - 2016-08-06 11:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-01 23:35 - 2016-08-06 11:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-01 23:35 - 2016-08-06 11:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-01 23:35 - 2016-08-06 11:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-01 23:35 - 2016-08-06 11:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-01 23:35 - 2016-08-06 11:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-01 23:35 - 2016-08-06 11:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-01 23:35 - 2016-08-06 11:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-01 23:35 - 2016-08-06 10:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-01 23:35 - 2016-08-06 10:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-01 23:35 - 2016-08-06 10:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-01 23:35 - 2016-06-14 13:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-01 23:35 - 2016-06-14 13:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-01 23:35 - 2016-06-14 13:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-01 23:35 - 2016-06-14 13:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-01 23:35 - 2016-06-14 11:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-01 23:35 - 2016-06-14 11:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-01 23:35 - 2016-06-14 11:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-01 23:35 - 2016-06-14 11:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-01 23:35 - 2016-06-14 11:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-01 23:35 - 2016-06-14 11:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-01 23:35 - 2016-06-14 11:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-01 23:35 - 2016-06-14 11:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-01 23:35 - 2016-06-14 11:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-01 23:35 - 2016-06-14 11:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-01 23:35 - 2016-06-14 11:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-01 23:35 - 2016-06-14 11:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-01 23:35 - 2016-06-14 11:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-01 23:35 - 2016-06-14 11:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-01 23:35 - 2016-06-14 11:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-01 23:35 - 2016-06-14 11:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-01 23:35 - 2016-06-14 11:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-01 23:35 - 2016-06-14 11:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-01 23:35 - 2016-06-14 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-01 23:35 - 2016-06-14 11:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-01 23:35 - 2016-06-14 11:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-01 23:35 - 2016-06-14 11:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-01 23:35 - 2016-06-14 11:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-01 23:35 - 2016-06-14 11:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-01 23:35 - 2016-06-14 11:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-01 23:35 - 2016-06-14 11:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-01 23:35 - 2016-06-14 11:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-01 23:35 - 2016-06-14 11:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-01 23:35 - 2016-06-14 11:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-01 23:35 - 2016-05-12 09:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-10-01 23:35 - 2016-05-12 09:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-10-01 23:35 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-10-01 10:07 - 2016-10-01 10:07 - 00000000 ____D C:\Users\********\AppData\Roaming\Media Player Classic
2016-10-01 08:21 - 2016-10-01 08:21 - 00313366 _____ C:\Users\********\Desktop\WindowsUpdateDiagnostic.diagcab
2016-10-01 05:48 - 2016-10-01 07:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-01 05:22 - 2016-10-01 05:22 - 00000000 ____D C:\SecurityCheck
2016-09-30 21:46 - 2016-09-30 21:46 - 00000000 ____D C:\Users\********\AppData\Roaming\9-lab
2016-09-30 21:45 - 2016-09-30 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2016-09-30 21:45 - 2016-09-30 21:45 - 00000000 ____D C:\ProgramData\9-lab
2016-09-30 21:45 - 2016-09-30 21:45 - 00000000 ____D C:\Program Files\9-lab
2016-09-30 06:33 - 2016-09-30 06:34 - 00000830 _____ C:\Users\********\Desktop\ZHPCleaner.lnk
2016-09-29 23:11 - 2016-09-29 23:11 - 00001746 _____ C:\Users\********\Desktop\VPN Config.txt
2016-09-25 22:43 - 2016-09-28 00:05 - 42226084 _____ C:\Users\********\Desktop\Song Idea 38 (Alternate RG 2) (2016-09-25).wav
2016-09-25 07:53 - 2016-10-03 12:27 - 00269822 _____ C:\Windows\ZAM.krnl.trace
2016-09-25 07:53 - 2016-10-03 12:27 - 00040562 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-09-25 07:53 - 2016-09-25 07:53 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-09-25 07:52 - 2016-09-25 07:53 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-09-25 07:52 - 2016-09-25 07:52 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-09-25 07:52 - 2016-09-25 07:52 - 00001152 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-09-25 07:52 - 2016-09-25 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-09-24 23:46 - 2016-09-24 23:46 - 00000000 ____D C:\Users\********\AppData\Local\Zemana
2016-09-23 22:15 - 2016-09-23 22:15 - 00000857 _____ C:\Users\********\Desktop\Chili Lime Popcorn Chicken.txt
2016-09-12 18:18 - 2016-09-12 18:36 - 00000000 ____D C:\Users\********\Desktop\VW Stuff

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-03 12:27 - 2016-03-08 09:32 - 00000000 ____D C:\FRST
2016-10-03 12:26 - 2016-03-08 09:17 - 00000000 ____D C:\Users\********\Desktop\Virus Stuff
2016-10-03 12:26 - 2016-02-05 01:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-03 12:25 - 2015-08-15 11:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-02 23:09 - 2009-07-14 00:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-02 23:09 - 2009-07-14 00:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-02 23:04 - 2009-07-14 01:13 - 00799970 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-02 23:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-10-02 22:59 - 2013-07-16 23:55 - 00000000 ____D C:\Users\********
2016-10-02 22:58 - 2016-02-05 01:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-02 22:58 - 2015-09-12 00:53 - 00000000 ____D C:\ProgramData\PACE
2016-10-02 22:57 - 2013-07-16 20:31 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-02 22:57 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-02 19:38 - 2014-10-10 11:58 - 00000000 ____D C:\Users\********\AppData\Roaming\BitTorrent
2016-10-02 12:18 - 2009-07-14 00:45 - 00413000 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-02 01:18 - 2011-04-12 04:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-10-02 01:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-02 01:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-01 23:56 - 2013-07-16 16:13 - 00792092 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-10-01 23:49 - 2013-07-16 21:44 - 00000000 ____D C:\Windows\system32\MRT
2016-10-01 23:43 - 2013-07-16 20:29 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-01 08:27 - 2013-07-18 22:49 - 00000000 ____D C:\Users\********\AppData\Local\ElevatedDiagnostics
2016-10-01 07:24 - 2013-07-17 10:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-01 05:54 - 2013-07-18 22:29 - 00000000 ____D C:\Users\********\AppData\Roaming\Skype
2016-10-01 05:53 - 2016-03-25 10:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-01 05:53 - 2013-07-18 22:29 - 00000000 ____D C:\ProgramData\Skype
2016-09-30 06:22 - 2016-03-08 11:25 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-09-29 23:18 - 2014-02-17 11:29 - 00000000 ____D C:\AdwCleaner
2016-09-28 00:17 - 2015-03-09 18:39 - 00000000 ____D C:\Users\********\AppData\Roaming\Audacity
2016-09-27 05:57 - 2016-05-11 19:38 - 00000000 ____D C:\Users\********\Desktop\Royalty Free Samples
2016-09-24 23:58 - 2016-03-08 09:35 - 00000000 ____D C:\zoek_backup
2016-09-24 23:42 - 2013-07-16 19:24 - 00109296 _____ C:\Users\********\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-24 23:29 - 2014-08-15 02:21 - 00000000 ____D C:\Windows\Minidump
2016-09-24 23:24 - 2014-02-15 01:36 - 00000000 ____D C:\Program Files (x86)\Panda Security
2016-09-24 23:22 - 2016-04-02 20:38 - 00000000 ____D C:\Program Files\VcXsrv
2016-09-24 23:19 - 2015-10-03 18:11 - 00000000 ____D C:\Users\********\AppData\Local\Dropbox
2016-09-24 23:19 - 2015-04-08 10:07 - 00000000 ____D C:\Users\********\AppData\Roaming\Dropbox
2016-09-24 23:15 - 2016-03-04 17:04 - 00000000 ____D C:\ProgramData\Panda Security
2016-09-24 21:08 - 2014-01-19 04:26 - 00001732 _____ C:\Users\********\Desktop\Fire Pic XIF data.txt
2016-09-16 18:11 - 2016-02-05 01:26 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-14 19:11 - 2015-08-15 11:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-14 19:11 - 2013-07-17 18:30 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-14 19:11 - 2013-07-17 18:30 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-14 19:11 - 2013-07-17 18:30 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-14 19:11 - 2013-07-17 18:30 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-13 23:55 - 2015-08-16 12:25 - 00000600 _____ C:\Users\********\AppData\Local\PUTTY.RND
2016-09-12 18:31 - 2013-10-08 18:48 - 00000000 ____D C:\Users\********\Desktop\Pics
2016-09-12 18:26 - 2013-08-14 10:03 - 00000000 ____D C:\Users\********\AppData\Roaming\Foxit Software

==================== Files in the root of some directories =======

2014-05-25 23:28 - 2014-05-25 23:28 - 0004608 _____ () C:\Users\********\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-16 19:24 - 2013-07-16 19:24 - 0000093 _____ () C:\Users\********\AppData\Local\fusioncache.dat
2015-08-16 12:25 - 2016-09-13 23:55 - 0000600 _____ () C:\Users\********\AppData\Local\PUTTY.RND
2014-06-22 17:16 - 2014-06-22 17:16 - 0009133 _____ () C:\Users\********\AppData\Local\recently-used.xbel
2014-02-14 17:12 - 2014-02-14 17:12 - 0000040 ___SH () C:\ProgramData\.zreglib
2014-04-21 21:05 - 2014-04-21 21:05 - 0001534 _____ () C:\ProgramData\ss.ini

Some files in TEMP:
====================
C:\Users\********\AppData\Local\Temp\libeay32.dll
C:\Users\********\AppData\Local\Temp\msvcr120.dll
C:\Users\********\AppData\Local\Temp\SkypeSetup.exe
C:\Users\********\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-30 00:16

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2016
Ran by ******** (03-10-2016 12:27:47)
Running from C:\Users\********\Desktop\Virus Stuff
Windows 7 Home Premium Service Pack 1 (X64) (2013-07-17 03:55:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3113485377-2953679804-1031508582-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3113485377-2953679804-1031508582-1004 - Limited - Enabled)
Guest (S-1-5-21-3113485377-2953679804-1031508582-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3113485377-2953679804-1031508582-1002 - Limited - Enabled)
******** (S-1-5-21-3113485377-2953679804-1031508582-1000 - Administrator - Enabled) => C:\Users\********

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version: - )
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
ALLDATA Repair (HKLM-x32\...\{73090A5A-E0C0-4E0B-A320-E183877061A5}) (Version: 10.51.1000.101 - ALLDATA Corporation)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: - SlySoft)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio FREE v.1.12.0 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.12.0 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Authorizer 2.9.0d5 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.9.0d5 - Propellerhead Software AB)
Auto Clicker Typer 1.0 (HKLM-x32\...\Auto Clicker Typer_is1) (Version: - A Software Plus)
BEHRINGER USB AUDIO DRIVER (HKLM\...\USB_AUDIO_DEusb-audio.deBehringer2902) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BUFFALO NAS Navigator2 (HKLM-x32\...\UN060501) (Version: 2.76 - Buffalo Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
File Writer output plugin for WinAMP 2 v1.17(c) (remove only) (HKLM-x32\...\File Writer output plugin) (Version: - )
FNC 11 Installer (x32 Version: 11.06.0000 - Acresso Software) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.8.1124 - Foxit Software Inc.)
GEAR driver installer for AMD64 and Intel EM64T (HKLM\...\{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}) (Version: 2.003.1 - GEAR Software, Inc.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GNS3 0.8.7 (HKLM-x32\...\GNS3) (Version: 0.8.7 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.1.879 - Paramount Software (UK) Ltd.) Hidden
Media Player Classic - Home Cinema 1.6.1.4235 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.1.4235 - MPC-HC Team)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft GIF Animator (HKLM-x32\...\GIF Animator) (Version: - )
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.6.8 - )
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
PACE License Support Win64 (Version: 2.4.7.0852 - PACE Anti-Piracy, Inc.) Hidden
Password Safe (HKLM-x32\...\Password Safe) (Version: - )
Python 2.7.10 (64-bit) (HKLM\...\{E2B51919-207A-43EB-AE78-733F9C6797C3}) (Version: 2.7.10150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6823 - Realtek Semiconductor Corp.)
Reason 5.0 (HKLM-x32\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
Reason 8 8.3.2d7 (HKLM\...\Reason8.0Stable_64_is1) (Version: 8.3.2d7 - Propellerhead Software AB)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
Tag&Rename 3.7 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.7 - Softpointer Inc)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Winamp (remove only) (HKLM-x32\...\Winamp) (Version: - )
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.50.67 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0130F891-3294-4032-A95E-2551D0785764} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-05] (Google Inc.)
Task: {10F79057-2BA5-4EF2-9C33-C6803BF2343F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-05] (Google Inc.)
Task: {17A3A26B-8904-4FC0-8EA4-1FA5F34B0499} - System32\Tasks\{ED9CE805-6CA7-49AD-96BA-8214E14EB2A8} => pcalua.exe -a C:\Users\********\Desktop\WinAmp\Nulsoft_WMA_Input_Plugin.exe -d C:\Users\********\Desktop\WinAmp
Task: {48E8C69E-3232-4C58-8D50-89E05A199CA5} - System32\Tasks\{10E18378-6BD7-4004-8E1E-01EFE3AF895E} => pcalua.exe -a C:\Users\********\Desktop\WinAmp\Monkey_Audio_Winamp_Plugin.exe -d C:\Users\********\Desktop\WinAmp
Task: {7768EB24-B97D-494E-AEA2-7BC990DE5602} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-14] (Adobe Systems Incorporated)
Task: {A0D703AA-157D-4B49-87F0-1F44E9BCB6BC} - System32\Tasks\{6096C1D6-5EF7-43E1-96F5-CA2E7F43B324} => pcalua.exe -a "C:\Users\********\Desktop\New folder\irfanview_plugins_430_setup.exe" -d "C:\Users\********\Desktop\New folder"
Task: {D25D2FF5-6CAA-49BA-B31C-5F14CE31FC4C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {D2D672C5-BE14-408F-84C4-0FCA6CF64C9B} - System32\Tasks\{4AE2B404-0A18-4C78-9A08-066ED4826374} => pcalua.exe -a "C:\Users\********\Desktop\WinAmp\WinAmp 2.91\Flac_Plugin_for_WA2.exe" -d "C:\Users\********\Desktop\WinAmp\WinAmp 2.91"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\VNC® Viewer for Google Chrome™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=iabmpiboiopbgfabjmgeedhcmjenhbla

==================== Loaded Modules (Whitelisted) ==============

2015-03-07 17:15 - 2015-02-03 22:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-07-17 10:39 - 2005-06-07 12:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2009-11-24 19:36 - 2009-11-24 19:36 - 00125440 _____ () C:\Program Files (x86)\Notepad++\NppShell_01.dll
2016-09-25 07:53 - 2016-09-25 07:53 - 00123760 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2003-03-23 04:35 - 2003-03-23 04:35 - 00054272 _____ () C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
2013-07-23 18:55 - 2013-07-23 18:55 - 00093184 _____ () C:\Program Files (x86)\Winamp\Plugins\in_CDReader.dll
2003-05-05 19:37 - 2003-05-05 19:37 - 00096768 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
2003-04-15 17:03 - 2003-04-15 17:03 - 00141312 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
2013-07-23 18:55 - 2005-09-05 06:27 - 00077824 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mpc.dll
2002-08-31 20:10 - 2002-08-31 20:10 - 00031232 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
2002-01-14 19:01 - 2002-01-14 19:01 - 00102400 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
2013-07-23 18:55 - 2003-11-25 20:03 - 00110592 _____ () C:\Program Files (x86)\Winamp\Plugins\in_zm4a.dll
2002-10-17 18:42 - 2002-10-17 18:42 - 00040960 _____ () C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
2003-08-20 09:44 - 2003-08-20 09:44 - 00372736 _____ () C:\Program Files (x86)\Winamp\Plugins\out_filewrite.dll
2013-07-23 18:54 - 2013-07-23 18:54 - 00129024 _____ () C:\Program Files (x86)\Winamp\lame_enc.dll
2002-10-06 19:00 - 2002-10-06 19:00 - 00013824 _____ () C:\Program Files (x86)\Winamp\Plugins\out_wave.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:73C67ABEEE751B55 [50]
AlternateDataStreams: C:\ProgramData\PACE:BAE58937CBFFCB07 [217]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-07-24 10:57 - 2016-03-08 09:37 - 00000841 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\Control Panel\Desktop\\Wallpaper -> Ïöu
DNS Servers: 75.114.81.1 - 75.114.81.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{AD67C483-AC60-41BB-AA6A-6F29AFB8D06A}D:\lotro 1\lotroclient.exe] => (Allow) D:\lotro 1\lotroclient.exe
FirewallRules: [UDP Query User{C02AF7DB-64DC-464A-A265-114A4DE86935}D:\lotro 1\lotroclient.exe] => (Allow) D:\lotro 1\lotroclient.exe
FirewallRules: [{1F3499E8-655E-432D-8E46-DB2E4C4AF239}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{E20751D3-ACF2-479E-92E5-F3A406C8CF05}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{1EC0EB4B-4D08-4925-8D6F-EFEF41310536}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{9CD06F24-04E1-472B-ACDA-0C09F54A0522}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{15CD3CE9-7F17-4BC3-8ED9-1B0225B4C65C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6AD4480E-521E-4E89-B5CE-9AD3DE4D8B93}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F43A05E1-63E1-4A1A-910C-182232020BDE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{34CE8CF7-68C3-49BC-ACD3-EE8F8ECAE765}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{A1EA805D-A3B5-4079-B33A-FD26FEBAB8D4}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{37F3B9E2-EB1E-4AE1-BE6B-CEF37EC496E7}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{2EE99B42-3919-4534-B710-EB69610D46AB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{032587B6-A885-462D-B804-927DA9D1AD55}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{077FACB6-55AC-4832-9097-C85A5D7D026C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{4F5B9F22-C33A-4D83-9053-5482949DD1E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{51B26A99-E019-494B-95B0-1500FED4E4EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A7408BE0-4307-42A0-8356-93EAE9B2CCBE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{44466AEE-8566-4572-BDEF-DE303D8AE807}D:\lotro 1\lotroclient.exe] => (Allow) D:\lotro 1\lotroclient.exe
FirewallRules: [UDP Query User{DCD31EE1-4676-4A86-8ABB-39D2EDB735E1}D:\lotro 1\lotroclient.exe] => (Allow) D:\lotro 1\lotroclient.exe
FirewallRules: [TCP Query User{113F6EB5-3276-4474-861E-6E442A9A1347}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{EFA9DFE5-0481-4F1F-9A7D-A49258143EA7}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [{2E973914-B053-4AE4-9C96-6F5982475618}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{7E4431AB-1944-4EF8-B85A-D6A0946732F9}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{9DD1246B-EB22-44D9-9D35-898337EC5652}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{0BA1CC7C-C7AF-446B-9F55-422DBFBBA7CD}] => (Allow) C:\Users\********\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A7895A56-09CD-459C-8A11-0CF1BFAAAC94}] => (Allow) C:\Users\********\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{A5268866-D16A-4EC6-9440-D886DD5182E8}C:\program files\gns3\dynamips.exe] => (Allow) C:\program files\gns3\dynamips.exe
FirewallRules: [UDP Query User{18A19F28-115E-47B2-A1C9-28C16A276AEA}C:\program files\gns3\dynamips.exe] => (Allow) C:\program files\gns3\dynamips.exe
FirewallRules: [{83C19C54-7633-4BDB-99BC-BF5545CD7B49}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DF1B2D19-10C9-40B6-97A7-3941A6B4E33C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{AA1814B4-675B-4A51-B85A-3409C5F0E60F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{95C89ED3-AB41-4B3B-BA3B-FDDFEB705E13}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{AA1DB257-7E9F-4A58-AD69-209215D58549}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{70B7B4D9-1F62-4550-B771-B1C8D0150210}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A2830A0B-6DF1-48E6-A6ED-26392C03B918}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BD29FCFC-559D-46E8-865E-99677278F812}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

29-09-2016 12:05:17 Windows Update
29-09-2016 23:23:03 JRT Pre-Junkware Removal
01-10-2016 05:44:45 Removed Java 8 Update 31
01-10-2016 10:00:09 Windows Update
01-10-2016 23:40:11 Windows Update

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/02/2016 10:59:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/02/2016 10:58:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3958, time stamp: 0x54256c7d
Faulting module name: igfxCUIService.exe, version: 6.15.10.3958, time stamp: 0x54256c7d
Exception code: 0xc0000005
Fault offset: 0x000000000001133c
Faulting process id: 0x478
Faulting application start time: 0x01d21d21f07503ea
Faulting application path: C:\Windows\system32\igfxCUIService.exe
Faulting module path: C:\Windows\system32\igfxCUIService.exe
Report Id: 4310d9b5-8915-11e6-a6e1-d43d7eb196c8

Error: (10/02/2016 12:19:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3958, time stamp: 0x54256c7d
Faulting module name: igfxCUIService.exe, version: 6.15.10.3958, time stamp: 0x54256c7d
Exception code: 0xc0000005
Fault offset: 0x000000000000ee28
Faulting process id: 0x4cc
Faulting application start time: 0x01d21cc8aea87343
Faulting application path: C:\Windows\system32\igfxCUIService.exe
Faulting module path: C:\Windows\system32\igfxCUIService.exe
Report Id: fb61f72f-88bb-11e6-a560-d43d7eb196c8

Error: (10/02/2016 12:19:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/01/2016 10:03:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/01/2016 10:02:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3958, time stamp: 0x54256c7d
Faulting module name: igfxCUIService.exe, version: 6.15.10.3958, time stamp: 0x54256c7d
Exception code: 0xc0000005
Fault offset: 0x000000000001133c
Faulting process id: 0x478
Faulting application start time: 0x01d21bec5397079d
Faulting application path: C:\Windows\system32\igfxCUIService.exe
Faulting module path: C:\Windows\system32\igfxCUIService.exe
Report Id: a84039d5-87df-11e6-b2ac-d43d7eb196c8

Error: (10/01/2016 07:26:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/01/2016 07:24:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3958, time stamp: 0x54256c7d
Faulting module name: igfxCUIService.exe, version: 6.15.10.3958, time stamp: 0x54256c7d
Exception code: 0xc0000005
Fault offset: 0x000000000001133c
Faulting process id: 0x4dc
Faulting application start time: 0x01d21bd661474027
Faulting application path: C:\Windows\system32\igfxCUIService.exe
Faulting module path: C:\Windows\system32\igfxCUIService.exe
Report Id: adf09776-87c9-11e6-afb6-d43d7eb196c8

Error: (09/29/2016 11:21:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/29/2016 11:20:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3958, time stamp: 0x54256c7d
Faulting module name: igfxCUIService.exe, version: 6.15.10.3958, time stamp: 0x54256c7d
Exception code: 0xc0000005
Fault offset: 0x000000000000ee28
Faulting process id: 0x43c
Faulting application start time: 0x01d21ac98825c9f4
Faulting application path: C:\Windows\system32\igfxCUIService.exe
Faulting module path: C:\Windows\system32\igfxCUIService.exe
Report Id: d0ae8c64-86bc-11e6-a20d-d43d7eb196c8


System errors:
=============
Error: (10/02/2016 11:03:46 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (10/02/2016 10:58:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error:
Unspecified error

Error: (10/02/2016 12:23:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (10/02/2016 12:19:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error:
Unspecified error

Error: (10/01/2016 10:02:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error:
Unspecified error

Error: (10/01/2016 10:00:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB3156017).

Error: (10/01/2016 10:00:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB3185911).

Error: (10/01/2016 10:00:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB3156016).

Error: (10/01/2016 10:00:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB3184122).

Error: (10/01/2016 10:00:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB3155178).


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 23%
Total physical RAM: 8122.92 MB
Available physical RAM: 6238.04 MB
Total Virtual: 16244.02 MB
Available Virtual: 14389.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:206.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5390540C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,389
551
I would like to see one more scan before I make a fix with FRST. :)

Scan & Clean With Ads Fix



  • Disable Windows Defender & Antivirus Prior To Running This Tool!!
  • Save Ads Fix to your desktop.
  • Right Click & Run As Administrator.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
  • Click Options then select Unlock the deletion.
  • Then click on clean.
  • Post the log created.
 

Fla_Panther

PCHF Member
PCHF Member
Sep 19, 2016
38
4
44
Eh, I think I may have messed something up. When it loaded I read it saying something about allowing a certificate, and I thought I had understood it well enough but when I moved forward either something was unclear or I'd forgotten a detail. I should've written down a note. Anyway, when I tried to close out of that the program started scanning anyway, then threw an error, presumably because it was expecting something I should've done on the previous step. I looked in Add/Remove Programs but there was nothing there to uninstall so I tried running the program again. This time it seemed to run just fine but when it closed it never opened a log. I got lucky and found this on C:\

Also weird .... I couldn't paste this log until I went into "edit BB code" mode.

---------- | AdsFix | [email protected]@n | 3_04.10.2016.1

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 19:11:19 - 04/10/2016

update on : 04/10/2016 | 03.05 by [email protected]@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\********\Desktop\Virus Stuff\adsfix_3_04.10.2016.1.exe
Boot: Normal boot
[******** (Administrator)] - [********-PC] - (USA [0409])
SID = S-1-5-21-3113485377-2953679804-1031508582-1000 || [5374657665205e5e]
PC : MSI - B75MA-E33 (MS-7808) - To be filled by O.E.M.
Processor : X64 - 3192 - Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Bios : American Megatrends Inc. - 01/21/2013 - V.V1.4
CoreTemp : 29.8 C

CPU #1 value:0 %
CPU #2 value:0 %
CPU #3 value:0 %
CPU #4 value:0 %
Total Overall CPU Usage value:0 %

System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
RAM memory = Total (MB) : 8318 | Free (MB) : 6057
Pagefile = Total (MB) : 16634 | Free (MB) : 14370
Virtual = Total (MB) : 4194 | Free (MB) : 4008

C:\ -> [Fixed] | [] | Total : 465.66 Go | Free : 212.84 Go -> NTFS [SATA]

Registry saved, to restore : Click on Options & Restore the register (C:\AdsFix\Save\Registry [04.10.2016 @ 19_11_16]) or an element
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"

---------- | Windows Updates

Last detection : 2016-10-04 18:11:29
Last downloaded : 2016-10-04 22:21:25
Last installation : 2016-10-04 22:22:29
Next search : 2016-10-05 15:33:06

---------- | Browsers

IE : 11.0.9600.18450 (© Microsoft Corporation. All rights reserved.)
FF : 47.0.1.6018 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 53.0.2785.143 (Copyright 2016 Google Inc. All rights reserved.)

---------- | Security (atcav : 0)

AV :
AS : Windows Defender Disabled
FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Order
AS: Windows Defender [Auto(2)] = Order
FW: Windows FireWall Service [Auto(2)] = Started
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started

---------- | FlashPlayer

ActiveX : 23.0.0.162
Plugin : 23.0.0.162

---------- | Killed processes

804 | [Owner : SYSTEM |Parent : 616(services.exe)] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 341.44.) - (8.17.13.4144) = C:\Windows\System32\nvvsvc.exe
828 | [Owner : SYSTEM |Parent : 616(services.exe)] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - (7.17.13.4144) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1384 | [Owner : SYSTEM |Parent : 616(services.exe)] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe
1528 | [Owner : SYSTEM |Parent : 616(services.exe)] - (.Apple Inc. - MobileDeviceService.) - (17.96.2.2) = C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1568 | [Owner : SYSTEM |Parent : 616(services.exe)] - (.Apple Inc. - Bonjour Service.) - (3.0.0.10) = C:\Program Files\Bonjour\mDNSResponder.exe
1656 | [Owner : SYSTEM |Parent : 616(services.exe)] - (.Aladdin Knowledge Systems Ltd. - Aladdin HASP License Manager Service.) - (12.47.1.11911) = C:\Windows\System32\hasplms.exe
1848 | [Owner : SYSTEM |Parent : 616(services.exe)] - (.Microsoft Corporation - Machine Debug Manager.) - (7.10.3077.0) = C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
1888 | [Owner : SYSTEM |Parent : 616(services.exe)] - (.BUFFALO INC. - NAS Power Management Service.) - (1.0.9.1121) = C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
1972 | [Owner : SYSTEM |Parent : 616(services.exe)] - (.NVIDIA Corporation - NVIDIA Network Service.) - (1.0.8.24) = C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
1996 | [Owner : SYSTEM |Parent : 616(services.exe)] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (3.1.100.0) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
2024 | [Owner : SYSTEM |Parent : 616(services.exe)] - (.PACE Anti-Piracy, Inc. - PACE License Service.) - (2.4.7.852) = C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
1268 | [Owner : SYSTEM |Parent : 616(services.exe)] - (.Paramount Software UK Ltd - Reflect Service - Enables mounting of images.) - (6.1.865.0) = C:\Program Files\Macrium\Reflect\ReflectService.exe
2168 | [Owner : SYSTEM |Parent : 616(services.exe)] - (.Zemana Ltd. - ZAM.) - (0.0.0.0) = C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
2888 | [Owner : SYSTEM |Parent : 804()] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.4144) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
2896 | [Owner : SYSTEM |Parent : 804()] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 341.44.) - (8.17.13.4144) = C:\Windows\System32\nvvsvc.exe
2672 | [Owner : SYSTEM |Parent : 2684()] - (.Google Inc. - Google Crash Handler.) - (1.3.31.5) = C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
2620 | [Owner : SYSTEM |Parent : 2684()] - (.Google Inc. - Google Crash Handler.) - (1.3.31.5) = C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
2860 | [Owner : NETWORK SERVICE |Parent : 616(services.exe)] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
2120 | [Owner : ******** |Parent : 616(services.exe)] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe
2584 | [Owner : SYSTEM |Parent : 1996()] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (3.1.100.0) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
2884 | [Owner : ******** |Parent : 1200()] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) - (15.3.33.0) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
3132 | [Owner : ******** |Parent : 2592(explorer.exe)] - (.Realtek Semiconductor - Realtek HD Audio Manager.) - (1.0.0.244) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
3188 | [Owner : ******** |Parent : 2592(explorer.exe)] - (.Acresso Corporation - Acresso Software Manager.) - (11.60.100.22284) = C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
3608 | [Owner : ******** |Parent : 2888()] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.4144) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
3520 | [Owner : ******** |Parent : 2592(explorer.exe)] - (.Google Inc. - Google Chrome.) - (53.0.2785.143) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
4144 | [Owner : ******** |Parent : 3520(chrome.exe)] - (.Google Inc. - Google Chrome.) - (53.0.2785.143) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
3476 | [Owner : ******** |Parent : 3520(chrome.exe)] - (.Google Inc. - Google Chrome.) - (53.0.2785.143) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
2020 | [Owner : ******** |Parent : 3520(chrome.exe)] - (.Google Inc. - Google Chrome.) - (53.0.2785.143) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
4680 | [Owner : SYSTEM |Parent : 400(svchost.exe)] - (.Microsoft Corporation - Task Scheduler Engine.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe
---------- | AdsFix | [email protected]@n | 3_04.10.2016.1

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 19:12:44 - 04/10/2016

update on : 04/10/2016 | 03.05 by [email protected]@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\********\Desktop\Virus Stuff\adsfix_3_04.10.2016.1.exe
Boot: Normal boot
[******** (Administrator)] - [********-PC] - (USA [0409])
SID = S-1-5-21-3113485377-2953679804-1031508582-1000 || [5374657665205e5e]
PC : MSI - B75MA-E33 (MS-7808) - To be filled by O.E.M.
Processor : X64 - 3192 - Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Bios : American Megatrends Inc. - 01/21/2013 - V.V1.4
CoreTemp : 29.8 C

CPU #1 value:0 %
CPU #2 value:0 %
CPU #3 value:0 %
CPU #4 value:0 %
Total Overall CPU Usage value:0 %

System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
RAM memory = Total (MB) : 8318 | Free (MB) : 6555
Pagefile = Total (MB) : 16634 | Free (MB) : 14929
Virtual = Total (MB) : 4194 | Free (MB) : 4008

C:\ -> [Fixed] | [] | Total : 465.66 Go | Free : 212.72 Go -> NTFS [SATA]

Registry saved, to restore : Click on Options & Restore the register (C:\AdsFix\Save\Registry [04.10.2016 @ 19_12_41]) or an element
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"

---------- | Windows Updates

Last detection : 2016-10-04 18:11:29
Last downloaded : 2016-10-04 22:21:25
Last installation : 2016-10-04 22:22:29
Next search : 2016-10-05 15:33:06

---------- | Browsers

IE : 11.0.9600.18450 (© Microsoft Corporation. All rights reserved.)
FF : 47.0.1.6018 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 53.0.2785.143 (Copyright 2016 Google Inc. All rights reserved.)

---------- | Security (atcav : 0)

AV :
AS : Windows Defender Disabled
FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Order
AS: Windows Defender [Auto(2)] = Order
FW: Windows FireWall Service [Auto(2)] = Started
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started

---------- | FlashPlayer

ActiveX : 23.0.0.162
Plugin : 23.0.0.162

---------- | Killed processes

4468 | [Owner : SYSTEM |Parent : 616(services.exe)] - (.PACE Anti-Piracy, Inc. - PACE License Service.) - (2.4.7.852) = C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
3352 | [Owner : NETWORK SERVICE |Parent : 616(services.exe)] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
3952 | [Owner : SYSTEM |Parent : 616(services.exe)] - (.Apple Inc. - MobileDeviceService.) - (17.96.2.2) = C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2424 | [Owner : SYSTEM |Parent : 616(services.exe)] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe

---------- | Tasks



---------- | Services


---------- | AppCertDlls | AppInit_DLLs


---------- | DNSapi.dll

C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts

---------- | Hosts


---------- | SafeBoot


---------- | Winsock


---------- | DNS


---------- | Register

Deleted successfully : HKLM64\SOFTWARE\Classes\MSProject.(1033==1071).9 :
Deleted successfully : HKLM64\SOFTWARE\Classes\SaveAsWeb.VisSaveAsWeb : VisSaveAsWeb Class
Deleted successfully : HKLM64\SOFTWARE\Classes\SaveAsWeb.VisSaveAsWeb.1 : VisSaveAsWeb Class
Deleted successfully : HKLM64\SOFTWARE\Classes\AppID\SoftwareUpdate.exe : #
Deleted successfully : HKLM64\SOFTWARE\Classes\AppID\{6A070EEA-E3F8-411E-9D3A-F3814ED6D1A8} : SoftwareUpdateApp #
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\SaveAsWeb.VisWebDispProxy : VisWebDispProxy Class
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\SaveAsWeb.VisWebDispProxy.1 : VisWebDispProxy Class
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\AppID\SoftwareUpdateAdmin.DLL : #
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,389
551
Just letting you know that you will need to edit back your user name into the FRST fix in order for it to work... ")

Update all of your programs that are out of date with Patch My PC After programs are updated; post a new Security Check log for me please.
https://patchmypc.net/
Clean The Event Viewer Logs.



  • Download the attached Batch File below.
  • Save it to your desktop.
  • Right Click and Run as Administrator.



Click ME!! Clean Event Viewer Log. To Execute Right Click and Run As Administrator Reboot Your Machine After..bat


FRST Fix.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.



When all steps above are completed, please post a new Security Check log along with the FRST fix log. Also, let me know how things are running and if you are having any issues. :)
 

Attachments

Fla_Panther

PCHF Member
PCHF Member
Sep 19, 2016
38
4
44
Hey, I've done the first two steps and I was looking at the fixlist.txt before I run FRST. I wanted to check with you on what it's going to do because it looks like it might get rid of things I need/want/use and I want to confirm whether or not these are infected or if you're just getting rid of them because you think they have vulnerabilities.

For example, I've intentionally set up that proxy server config and entered manual DNS entries on FF because I had built a CentOS box and was testing squid, which I've mentioned here in this thread. I have intentionally not updated past WinAmp 2.91 because I don't want all the bloatware that came with later versions. It looks like your proposed fix will remove some of my plugins. I'm not aware of PUTTY.RND being a problem file (unless it's infected)? Etc.

I ask all this because a previous fix done in this thread removed the power saving feature client for my Buffalo TeraStation, which made it a real PITA to access my NAS for a bit (and scared the crap out of me for a moment) until I figured out what happened and turned off the power saving feature. Unless there's a vulnerability with that feature you know about I would've preferred to leave that. Etc.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,389
551
Nothing really needs to go, so long as you setup the proxy then I am just removing redundant files.... Are you having any issues?

You can edit everything out of the fix except these and run it.

Code:
AlternateDataStreams: C:\Windows:73C67ABEEE751B55 [50]
AlternateDataStreams: C:\ProgramData\PACE:BAE58937CBFFCB07 [217]
 

Fla_Panther

PCHF Member
PCHF Member
Sep 19, 2016
38
4
44
Okay, after reading your last comment I went back and looked, and realized the Winamp references were pointing to a folder that doesn't exist anymore, not to my actual installation. The only issue I've had was that this process removed a file from my PC that interacts with my Buffalo NAS. When I start my PC it tells the NAS to power up and when I shut down my PC it tells the NAS to go to sleep. For the moment I've not reinstalled it because it's not clear if that was truly compromised or if it was a false positive. For now I'm just leaving my NAS on 24/7. Other than that no issues to report.

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 01.10.2016 05:22:49
Path starting: C:\Users\********\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: ********
VersionXML: 3.39is-26.09.2016
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x64) HomePremium Lang: English(0409)
Installation date OS: 17.07.2013 03:55:10
LicenseStatus: Windows(R) 7, HomePremium edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [465.7 Gb] Used: [249.2 Gb] Free: [216.5 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18282 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
Notify before download
Date install updates: 2016-05-06 07:01:03
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2007 v.12.0.4518.1014
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
-------------------------- [ SecurityUtilities ] --------------------------
Zemana AntiMalware v.2.50.67
--------------------------- [ OtherUtilities ] ----------------------------
Foxit Reader v.7.2.8.1124 Warning! Download Update
WinRAR archiver
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.21 v.7.21.100 Warning! Download Update
^Optional update.^
--------------------------------- [ P2P ] ---------------------------------
BitTorrent v.7.9.6.42095 Warning! P2P-client.
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 31 v.8.0.310 Warning! Download Update
Uninstall old version and install new one (jre-8u102-windows-i586.exe).
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.0.0.10 Warning! Download Update
^Please use Apple Software Update tool.^
iTunes v.11.0.4.4 Warning! Download Update
^Please use Apple Software Update tool.^
QuickTime v.7.69.80.9 Warning! This software is no longer supported. Please uninstall it and use another software.
Bonjour Service (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 23 ActiveX v.23.0.0.162
Adobe Flash Player 23 NPAPI v.23.0.0.162
------------------------------- [ Browser ] -------------------------------
Google Chrome v.53.0.2785.116
Mozilla Firefox 47.0 (x86 en-US) v.47.0 Warning! Download Update
------------------ [ AntivirusFirewallProcessServices ] -------------------
Windows Defender (WinDefend) - The service is running
ZAM Controller Service (ZAMSvc) - The service has stopped
----------------------------- [ End of Log ] ------------------------------

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-10-2016
Ran by ******** (11-10-2016 06:40:05) Run:1
Running from C:\Users\********\Desktop\Virus Stuff
Loaded Profiles: ******** (Available Profiles: ********)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3113485377-2953679804-1031508582-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\********\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
C:\Users\********\AppData\Roaming\BitTorrent
2014-05-25 23:28 - 2014-05-25 23:28 - 0004608 _____ () C:\Users\********\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-16 19:24 - 2013-07-16 19:24 - 0000093 _____ () C:\Users\********\AppData\Local\fusioncache.dat
2015-08-16 12:25 - 2016-09-13 23:55 - 0000600 _____ () C:\Users\********\AppData\Local\PUTTY.RND
2014-06-22 17:16 - 2014-06-22 17:16 - 0009133 _____ () C:\Users\********\AppData\Local\recently-used.xbel
2014-02-14 17:12 - 2014-02-14 17:12 - 0000040 ___SH () C:\ProgramData\.zreglib
2014-04-21 21:05 - 2014-04-21 21:05 - 0001534 _____ () C:\ProgramData\ss.ini
Task: {0130F891-3294-4032-A95E-2551D0785764} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-05] (Google Inc.)
Task: {10F79057-2BA5-4EF2-9C33-C6803BF2343F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-05] (Google Inc.)
Task: {17A3A26B-8904-4FC0-8EA4-1FA5F34B0499} - System32\Tasks\{ED9CE805-6CA7-49AD-96BA-8214E14EB2A8} => pcalua.exe -a C:\Users\********\Desktop\WinAmp\Nulsoft_WMA_Input_Plugin.exe -d C:\Users\********\Desktop\WinAmp
Task: {48E8C69E-3232-4C58-8D50-89E05A199CA5} - System32\Tasks\{10E18378-6BD7-4004-8E1E-01EFE3AF895E} => pcalua.exe -a C:\Users\********\Desktop\WinAmp\Monkey_Audio_Winamp_Plugin.exe -d C:\Users\********\Desktop\WinAmp
Task: {A0D703AA-157D-4B49-87F0-1F44E9BCB6BC} - System32\Tasks\{6096C1D6-5EF7-43E1-96F5-CA2E7F43B324} => pcalua.exe -a "C:\Users\********\Desktop\New folder\irfanview_plugins_430_setup.exe" -d "C:\Users\********\Desktop\New folder"
Task: {D25D2FF5-6CAA-49BA-B31C-5F14CE31FC4C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {D2D672C5-BE14-408F-84C4-0FCA6CF64C9B} - System32\Tasks\{4AE2B404-0A18-4C78-9A08-066ED4826374} => pcalua.exe -a "C:\Users\********\Desktop\WinAmp\WinAmp 2.91\Flac_Plugin_for_WA2.exe" -d "C:\Users\********\Desktop\WinAmp\WinAmp 2.91"
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
ShortcutWithArgument: C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\VNC® Viewer for Google Chrome™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=iabmpiboiopbgfabjmgeedhcmjenhbla
AlternateDataStreams: C:\Windows:73C67ABEEE751B55 [50]
AlternateDataStreams: C:\ProgramData\PACE:BAE58937CBFFCB07 [217]
RemoveProxy:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
reboot:
end

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1"" => key removed successfully
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2"" => key removed successfully
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3"" => key removed successfully
HKCR\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4"" => key removed successfully
HKCR\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5"" => key removed successfully
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6"" => key removed successfully
HKCR\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7"" => key removed successfully
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8"" => key removed successfully
HKCR\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => not found.
"HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0" => key removed successfully
C:\Users\********\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => not found.
C:\Users\********\AppData\Roaming\BitTorrent => moved successfully
C:\Users\********\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\********\AppData\Local\fusioncache.dat => moved successfully
C:\Users\********\AppData\Local\PUTTY.RND => moved successfully
C:\Users\********\AppData\Local\recently-used.xbel => moved successfully
C:\ProgramData\.zreglib => moved successfully
C:\ProgramData\ss.ini => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0130F891-3294-4032-A95E-2551D0785764}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0130F891-3294-4032-A95E-2551D0785764}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10F79057-2BA5-4EF2-9C33-C6803BF2343F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10F79057-2BA5-4EF2-9C33-C6803BF2343F}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17A3A26B-8904-4FC0-8EA4-1FA5F34B0499}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17A3A26B-8904-4FC0-8EA4-1FA5F34B0499}" => key removed successfully
C:\Windows\System32\Tasks\{ED9CE805-6CA7-49AD-96BA-8214E14EB2A8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{ED9CE805-6CA7-49AD-96BA-8214E14EB2A8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48E8C69E-3232-4C58-8D50-89E05A199CA5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48E8C69E-3232-4C58-8D50-89E05A199CA5}" => key removed successfully
C:\Windows\System32\Tasks\{10E18378-6BD7-4004-8E1E-01EFE3AF895E} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{10E18378-6BD7-4004-8E1E-01EFE3AF895E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0D703AA-157D-4B49-87F0-1F44E9BCB6BC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0D703AA-157D-4B49-87F0-1F44E9BCB6BC}" => key removed successfully
C:\Windows\System32\Tasks\{6096C1D6-5EF7-43E1-96F5-CA2E7F43B324} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6096C1D6-5EF7-43E1-96F5-CA2E7F43B324}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D25D2FF5-6CAA-49BA-B31C-5F14CE31FC4C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D25D2FF5-6CAA-49BA-B31C-5F14CE31FC4C}" => key removed successfully
C:\Windows\System32\Tasks\CCleanerSkipUAC => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2D672C5-BE14-408F-84C4-0FCA6CF64C9B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2D672C5-BE14-408F-84C4-0FCA6CF64C9B}" => key removed successfully
C:\Windows\System32\Tasks\{4AE2B404-0A18-4C78-9A08-066ED4826374} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4AE2B404-0A18-4C78-9A08-066ED4826374}" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\VNC® Viewer for Google Chrome™.lnk => Shortcut argument removed successfully.
C:\Windows => ":73C67ABEEE751B55" ADS removed successfully.
C:\ProgramData\PACE => ":BAE58937CBFFCB07" ADS removed successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21827746 B
Java, Flash, Steam htmlcache => 1536 B
Windows/system/drivers => 16648 B
Edge => 0 B
Chrome => 913479491 B
Firefox => 35597106 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33253 B
systemprofile32 => 39125 B
LocalService => 33125 B
NetworkService => 60691 B
******** => 272018144 B
UpdatusUser => 0 B

RecycleBin => 271949826 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 06:41:07 ====
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,389
551
1.4 gigs of temp files is a bit large, IK suggest that you run this tool.

The only issue I've had was that this process removed a file from my PC that interacts with my Buffalo NAS. When I start my PC it tells the NAS to power up and when I shut down my PC it tells the NAS to go to sleep. For the moment I've not reinstalled it because it's not clear if that was truly compromised or if it was a false positive.

You can safely reinstall. I doubt that it has malware, sometimes malware tools will remove legit programs; it happens. Also, make sure and update your java etc...

suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.




Also, keep your browsing private with these tools:



Self Destructing Cookies.
Self Destructing Cookies Chrome.






Some items to keep you safe on the internet.



VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck
To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.







Now Lets Clean up the tools we used and remove old restore points.







Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt
 
  • Like
Reactions: jmarket
Status
Not open for further replies.